Ich glaub ich hab ein virus oder Trojaner

brill_e · 05.07.2017, 13:16

Hallo ich glaub ich hab ein virus oder trojaner oder so.
Hab Windows 10 drauf und den Avast.
Wenn ich mit Avast ein scan durchführ bleibt er bei 14% stehen und mit diesem FRST bleibt er beim scannen von Restore Points hängen.
Es ist auch so das zum Beispiel bei windows suche kein Geräte-Manager zu finden ist und
zeitweise hängt sich auch der Windows Explorer auf.
Oder zeitweise wenn ich auf Windows Suche gehe zeigt er mir nur ein leeres graues Kästchen an.

Ich bedanke mich schon mal für Tips und Ratschläge.

M-K-D-B · 05.07.2017, 20:10

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

brill_e · 05.07.2017, 23:07

TDSKiller:

Code:

ATTFilter

23:44:21.0635 0x53e8  TDSS rootkit removing tool 3.1.0.15 Apr 18 2017 11:34:02
23:44:26.0298 0x53e8  ============================================================
23:44:26.0298 0x53e8  Current date / time: 2017/07/05 23:44:26.0298
23:44:26.0298 0x53e8  SystemInfo:
23:44:26.0301 0x53e8  
23:44:26.0301 0x53e8  OS Version: 10.0.15063 ServicePack: 0.0
23:44:26.0301 0x53e8  Product type: Workstation
23:44:26.0301 0x53e8  ComputerName: DESKTOP-E48G4LQ
23:44:26.0301 0x53e8  UserName: chris
23:44:26.0301 0x53e8  Windows directory: C:\WINDOWS
23:44:26.0301 0x53e8  System windows directory: C:\WINDOWS
23:44:26.0301 0x53e8  Running under WOW64
23:44:26.0301 0x53e8  Processor architecture: Intel x64
23:44:26.0301 0x53e8  Number of processors: 8
23:44:26.0301 0x53e8  Page size: 0x1000
23:44:26.0301 0x53e8  Boot type: Normal boot
23:44:26.0301 0x53e8  CodeIntegrityOptions = 0x00000001
23:44:26.0301 0x53e8  ============================================================
23:44:26.0326 0x53e8  KLMD registered as C:\WINDOWS\system32\drivers\26360697.sys
23:44:26.0326 0x53e8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 15063.0, osProperties = 0x19
23:44:26.0370 0x53e8  System UUID: {10867098-9CD3-5F98-C96C-8581802A8D4D}
23:44:26.0635 0x53e8  Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
23:44:26.0635 0x53e8  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:45:03.0336 0x53e8  Drive \Device\Harddisk2\DR2 - Size: 0x0 ( 0.00 Gb ), SectorSize: 0x200, Cylinders: 0x0, SectorsPerTrack: 0x0, TracksPerCylinder: 0x0, Type 'W'
23:45:03.0338 0x53e8  ============================================================
23:45:03.0338 0x53e8  \Device\Harddisk1\DR1:
23:45:03.0341 0x53e8  MBR partitions:
23:45:03.0341 0x53e8  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000
23:45:03.0341 0x53e8  \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xFA800, BlocksNum 0xDCD7000
23:45:03.0341 0x53e8  \Device\Harddisk0\DR0:
23:45:03.0343 0x53e8  MBR partitions:
23:45:03.0343 0x53e8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x574FBDE6
23:45:03.0343 0x53e8  ============================================================
23:45:03.0345 0x53e8  C: <-> \Device\Harddisk1\DR1\Partition2
23:45:03.0372 0x53e8  D: <-> \Device\Harddisk0\DR0\Partition1
23:45:03.0374 0x53e8  E: <-> \Device\Harddisk1\DR1\Partition1
23:45:03.0374 0x53e8  ============================================================
23:45:03.0374 0x53e8  Initialize success
23:45:03.0374 0x53e8  ============================================================
23:46:36.0256 0x650c  ============================================================
23:46:36.0256 0x650c  Scan started
23:46:36.0256 0x650c  Mode: Manual; SigCheck; TDLFS; 
23:46:36.0256 0x650c  ============================================================
23:46:36.0256 0x650c  KSN ping started
23:46:36.0308 0x650c  KSN ping finished: true
23:46:36.0971 0x650c  ================ Scan system memory ========================
23:46:36.0971 0x650c  System memory - ok
23:46:36.0972 0x650c  ================ Scan services =============================
23:46:37.0038 0x650c  1394ohci - ok
23:46:37.0042 0x650c  3ware - ok
23:46:37.0045 0x650c  ACPI - ok
23:46:37.0048 0x650c  AcpiDev - ok
23:46:37.0052 0x650c  acpiex - ok
23:46:37.0055 0x650c  acpipagr - ok
23:46:37.0058 0x650c  AcpiPmi - ok
23:46:37.0061 0x650c  acpitime - ok
23:46:37.0083 0x650c  [ FBD29CBBD4F3FD3D03E66BBEB22F6A0D, 5F4D7682C8D1E423591260BD22CFE18DD602B658B289AE8EBF89060F8A328530 ] AcrSch2Svc      C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
23:46:37.0127 0x650c  AcrSch2Svc - ok
23:46:37.0141 0x650c  [ 8D6BA8E7676038A27FD4ECF12CC744B0, F5D59B764DCB4A06A51939533DC7B2391FD68E3979C48939C023A60DCE0D2101 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:46:37.0150 0x650c  AdobeARMservice - ok
23:46:37.0192 0x650c  [ 7DE8B8AC559E16AEB388E7D098E7C288, 37F24B6182E3DE39BDE568304E5ED97CDE9CB45B6BF5C7A4096A09138C1D0B89 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:46:37.0207 0x650c  AdobeFlashPlayerUpdateSvc - ok
23:46:37.0212 0x650c  ADP80XX - ok
23:46:37.0218 0x650c  AFD - ok
23:46:37.0222 0x650c  ahcache - ok
23:46:37.0225 0x650c  AJRouter - ok
23:46:37.0228 0x650c  ALG - ok
23:46:37.0232 0x650c  AmdK8 - ok
23:46:37.0235 0x650c  AmdPPM - ok
23:46:37.0239 0x650c  amdsata - ok
23:46:37.0241 0x650c  amdsbs - ok
23:46:37.0245 0x650c  amdxata - ok
23:46:37.0248 0x650c  AppID - ok
23:46:37.0253 0x650c  AppIDSvc - ok
23:46:37.0257 0x650c  Appinfo - ok
23:46:37.0261 0x650c  applockerfltr - ok
23:46:37.0264 0x650c  AppReadiness - ok
23:46:37.0270 0x650c  AppXSvc - ok
23:46:37.0273 0x650c  arcsas - ok
23:46:37.0421 0x650c  [ A760C2AFBA1A71E0F7310A6E900CB0E4, 3827C8D4DFC3FC850E9BD049E1B127BD1076DDEFDA19BBA9445FF201F6AE99F8 ] aswbIDSAgent    C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
23:46:37.0582 0x650c  aswbIDSAgent - ok
23:46:37.0599 0x650c  [ 0C19C91ED99964925FF8B05C23743AB1, BF513CCC0E5D2D2CE7D06F17ABC34CD3A55B59588267A5868ADFB723454AF6EB ] aswbidsdriver   C:\WINDOWS\system32\drivers\aswbidsdrivera.sys
23:46:37.0612 0x650c  aswbidsdriver - ok
23:46:37.0620 0x650c  [ 670839F4BA6D82F3035AADFE8274F02E, E4E8B1F3B9138CB2600158CC8507CBA31637E48BBA4D67398E05970B2CECA671 ] aswbidsh        C:\WINDOWS\system32\drivers\aswbidsha.sys
23:46:37.0630 0x650c  aswbidsh - ok
23:46:37.0640 0x650c  [ 5C561968CF601D76A98692DCC8CF74ED, 26D0F34CE4485A813200032CE6889575A13196E79A4B124DD19E4584B0C102DC ] aswblog         C:\WINDOWS\system32\drivers\aswbloga.sys
23:46:37.0653 0x650c  aswblog - ok
23:46:37.0658 0x650c  [ 335E5F19E7397A283B7ED20FE7B369EB, 6A31ABA0BA671EA796E8920EBD64DB28D3D7EB65C4FF68C3EB1DEF4FFC002163 ] aswbuniv        C:\WINDOWS\system32\drivers\aswbuniva.sys
23:46:37.0666 0x650c  aswbuniv - ok
23:46:37.0670 0x650c  [ BA02CA77D989710F79FD662019C4DF94, 2E989847BEE92EB8DE7492DE7AB9B4658CEFC38E678346B7548E6ECB528300D6 ] aswHwid         C:\WINDOWS\system32\drivers\aswHwid.sys
23:46:37.0678 0x650c  aswHwid - ok
23:46:37.0682 0x650c  [ 5E6FD2CB74138C6AF591779D2619BD6C, 7410384AE4280156451EB1EAC5CBA9E44834C49BD5A31049339895D5994AEF4E ] aswKbd          C:\WINDOWS\system32\drivers\aswKbd.sys
23:46:37.0690 0x650c  aswKbd - ok
23:46:37.0695 0x650c  [ 2B1490F2F1CC76C9C9B61CE63D6E7973, BFD456C598E74974B81453805ADD0792BD9636BF8213306F40029560B20DE036 ] aswMonFlt       C:\WINDOWS\system32\drivers\aswMonFlt.sys
23:46:37.0705 0x650c  aswMonFlt - ok
23:46:37.0710 0x650c  [ F26D1F761E14789743275FA5D258EAB8, D532AD4DFFC73BE8A889B75BB50D33FFF674B5AB31F05AA75D9E0667363057F1 ] aswRdr          C:\WINDOWS\system32\drivers\aswRdr2.sys
23:46:37.0718 0x650c  aswRdr - ok
23:46:37.0723 0x650c  [ C1007774450CFAB19D784D50C3410FC7, 2752FD77412D54D78A81DED9F05F094E589BCA5E360ECD420E28ECC844D35921 ] aswRvrt         C:\WINDOWS\system32\drivers\aswRvrt.sys
23:46:37.0731 0x650c  aswRvrt - ok
23:46:37.0753 0x650c  [ EB1991686949400C51B8C21CE013621E, 248545BDD5E8D1BD2D752AF7D3B77E8F1EA6453FD3B007851A04E9B634966448 ] aswSnx          C:\WINDOWS\system32\drivers\aswSnx.sys
23:46:37.0779 0x650c  aswSnx - ok
23:46:37.0795 0x650c  [ 7A17BD26C74F5329CB1DF029AE4DD357, 31F98B74F6BC2D75BDC83E3E2E60C9541D57912B6DF2C8A9241F3CFB17E0ACBB ] aswSP           C:\WINDOWS\system32\drivers\aswSP.sys
23:46:37.0813 0x650c  aswSP - ok
23:46:37.0821 0x650c  [ 92C9C3DE35E27B234AE2F6DEB2B5A2BC, 2CDFC638E42EFDBFC4789144F272F95AF0C8D963CB7936563215DC58C32F4E17 ] aswStm          C:\WINDOWS\system32\drivers\aswStm.sys
23:46:37.0831 0x650c  aswStm - ok
23:46:37.0841 0x650c  [ E76C21203E29F2DCC489EF585E0B1A38, F64B8F5F2EFA10ADD64DE0574ADDE05DF1DFDEACF0E72879C9DD6DEB037E01A3 ] aswVmm          C:\WINDOWS\system32\drivers\aswVmm.sys
23:46:37.0854 0x650c  aswVmm - ok
23:46:37.0858 0x650c  AsyncMac - ok
23:46:37.0861 0x650c  atapi - ok
23:46:37.0864 0x650c  AudioEndpointBuilder - ok
23:46:37.0870 0x650c  Audiosrv - ok
23:46:37.0877 0x650c  [ D961A7C05A76302E782B1B0CF6546BA7, DAE7481B4FFC0746944213D10EF59C21BBA9937138D660E72E63F43BCDC1F799 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
23:46:37.0889 0x650c  avast! Antivirus - ok
23:46:37.0893 0x650c  AxInstSV - ok
23:46:37.0897 0x650c  b06bdrv - ok
23:46:37.0900 0x650c  BasicDisplay - ok
23:46:37.0903 0x650c  BasicRender - ok
23:46:37.0908 0x650c  bcmfn2 - ok
23:46:37.0911 0x650c  BDESVC - ok
23:46:37.0914 0x650c  Beep - ok
23:46:37.0920 0x650c  BFE - ok
23:46:37.0923 0x650c  BITS - ok
23:46:37.0926 0x650c  bowser - ok
23:46:37.0929 0x650c  BrokerInfrastructure - ok
23:46:37.0932 0x650c  Browser - ok
23:46:37.0948 0x650c  [ C7391ABC9792BD782A987D4A8DBDAA40, 74776E43EA6BBE9BD02EFE86206416D8E482EF52833202DA11DCC52C11D21FE0 ] BstHdAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Service.exe
23:46:37.0965 0x650c  BstHdAndroidSvc - ok
23:46:37.0972 0x650c  [ 8E0F0908F20033040FA09A682E65E9B2, 36909F32B41BB2E710B3ECEC707DB7E68149964B4712A2958C864BEF00851402 ] BstHdDrv        C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys
23:46:37.0981 0x650c  BstHdDrv - ok
23:46:37.0991 0x650c  [ 98814E435AF3ECD147164274AB949D39, 0F4073C7F80BFA8585D27198BCC7C352167CA44988657FE523A35DAFD329C9CA ] BstHdLogRotatorSvc C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
23:46:38.0006 0x650c  BstHdLogRotatorSvc - ok
23:46:38.0018 0x650c  [ 05D59D9291446CC85613A19DEB43C30A, 5CF95DEFB1079B23BF6FAD57603DCAF886354B2ED452AFFD7C0B99B96E6881DD ] BstHdPlusAndroidSvc C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
23:46:38.0033 0x650c  BstHdPlusAndroidSvc - ok
23:46:38.0041 0x650c  [ 7DB8EE09821A6D81A19A6591C9B8AA3A, 0A9A826560884F95D64BDC8A2076AE33FB718A3A59C0BBEC48E48A5FB907ACA4 ] BstkDrv         C:\Program Files (x86)\BlueStacks\BstkDrv.sys
23:46:38.0052 0x650c  BstkDrv - ok
23:46:38.0057 0x650c  BthA2DP - ok
23:46:38.0060 0x650c  BthAvrcpTg - ok
23:46:38.0064 0x650c  BthEnum - ok
23:46:38.0067 0x650c  BthHFAud - ok
23:46:38.0071 0x650c  BthHFEnum - ok
23:46:38.0074 0x650c  bthhfhid - ok
23:46:38.0077 0x650c  BthHFSrv - ok
23:46:38.0081 0x650c  BthLEEnum - ok
23:46:38.0087 0x650c  BTHMODEM - ok
23:46:38.0089 0x650c  BthPan - ok
23:46:38.0092 0x650c  BTHPORT - ok
23:46:38.0095 0x650c  bthserv - ok
23:46:38.0099 0x650c  BTHUSB - ok
23:46:38.0102 0x650c  buttonconverter - ok
23:46:38.0105 0x650c  CAD - ok
23:46:38.0108 0x650c  CapImg - ok
23:46:38.0111 0x650c  cdfs - ok
23:46:38.0114 0x650c  CDPSvc - ok
23:46:38.0120 0x650c  CDPUserSvc - ok
23:46:38.0125 0x650c  cdrom - ok
23:46:38.0128 0x650c  CertPropSvc - ok
23:46:38.0131 0x650c  cht4iscsi - ok
23:46:38.0134 0x650c  cht4vbd - ok
23:46:38.0136 0x650c  circlass - ok
23:46:38.0140 0x650c  CldFlt - ok
23:46:38.0143 0x650c  CLFS - ok
23:46:38.0146 0x650c  ClipSVC - ok
23:46:38.0151 0x650c  clreg - ok
23:46:38.0160 0x650c  CmBatt - ok
23:46:38.0214 0x650c  [ 12145BABD827F3B68B27A4F73B7284CD, 29F539A3CE770D9B719FCDF055FCCD46353FC2A3752DCAE95F3C171CB40D1A44 ] cmudaxp         C:\WINDOWS\system32\drivers\cmudaxp.sys
23:46:38.0308 0x650c  cmudaxp - ok
23:46:38.0316 0x650c  CNG - ok
23:46:38.0319 0x650c  cnghwassist - ok
23:46:38.0342 0x650c  CompositeBus - ok
23:46:38.0345 0x650c  COMSysApp - ok
23:46:38.0349 0x650c  condrv - ok
23:46:38.0352 0x650c  CoreMessagingRegistrar - ok
23:46:38.0358 0x650c  CryptSvc - ok
23:46:38.0360 0x650c  dam - ok
23:46:38.0365 0x650c  DcomLaunch - ok
23:46:38.0368 0x650c  defragsvc - ok
23:46:38.0371 0x650c  DeviceAssociationService - ok
23:46:38.0374 0x650c  DeviceInstall - ok
23:46:38.0378 0x650c  DevicesFlowUserSvc - ok
23:46:38.0382 0x650c  DevQueryBroker - ok
23:46:38.0386 0x650c  Dfsc - ok
23:46:38.0389 0x650c  Dhcp - ok
23:46:38.0393 0x650c  diagnosticshub.standardcollector.service - ok
23:46:38.0396 0x650c  DiagTrack - ok
23:46:38.0399 0x650c  Disk - ok
23:46:38.0403 0x650c  DmEnrollmentSvc - ok
23:46:38.0406 0x650c  dmvsc - ok
23:46:38.0409 0x650c  dmwappushservice - ok
23:46:38.0412 0x650c  Dnscache - ok
23:46:38.0418 0x650c  dot3svc - ok
23:46:38.0421 0x650c  DPS - ok
23:46:38.0425 0x650c  [ 8D204535D6E0727DF89AF6D962A36359, 8EB84D4AAB280D46EDDD2FF0306FA6F341BF812F913A4964155514EF330D63B5 ] DRHARD64        C:\Windows\system32\drivers\DRHARD64.sys
23:46:38.0434 0x650c  DRHARD64 - ok
23:46:38.0438 0x650c  [ 5F8D4D82CB212774980F15258825F8E1, 67F6274B4632163197E7BB026E3EB00B75937DA8F98A566FAA3586E04DA54D1F ] DRHMSR64        C:\Windows\system32\drivers\DRHMSR64.sys
23:46:38.0445 0x650c  DRHMSR64 - ok
23:46:38.0449 0x650c  drmkaud - ok
23:46:38.0452 0x650c  DsmSvc - ok
23:46:38.0455 0x650c  DsSvc - ok
23:46:38.0458 0x650c  DusmSvc - ok
23:46:38.0461 0x650c  DXGKrnl - ok
23:46:38.0464 0x650c  EapHost - ok
23:46:38.0466 0x650c  EasyAntiCheat - ok
23:46:38.0469 0x650c  ebdrv - ok
23:46:38.0472 0x650c  EFS - ok
23:46:38.0475 0x650c  EhStorClass - ok
23:46:38.0478 0x650c  EhStorTcgDrv - ok
23:46:38.0482 0x650c  embeddedmode - ok
23:46:38.0485 0x650c  EntAppSvc - ok
23:46:38.0488 0x650c  ErrDev - ok
23:46:38.0494 0x650c  EventSystem - ok
23:46:38.0496 0x650c  exfat - ok
23:46:38.0502 0x650c  fastfat - ok
23:46:38.0505 0x650c  Fax - ok
23:46:38.0508 0x650c  fdc - ok
23:46:38.0511 0x650c  fdPHost - ok
23:46:38.0514 0x650c  FDResPub - ok
23:46:38.0517 0x650c  fhsvc - ok
23:46:38.0520 0x650c  FileCrypt - ok
23:46:38.0523 0x650c  FileInfo - ok
23:46:38.0526 0x650c  Filetrace - ok
23:46:38.0530 0x650c  flpydisk - ok
23:46:38.0535 0x650c  FltMgr - ok
23:46:38.0538 0x650c  FontCache - ok
23:46:38.0542 0x650c  FontCache3.0.0.0 - ok
23:46:38.0545 0x650c  FrameServer - ok
23:46:38.0551 0x650c  FsDepends - ok
23:46:38.0554 0x650c  Fs_Rec - ok
23:46:38.0566 0x650c  [ 4FE59CCAC4916CEF02DAFA58B6A7E10E, 27B7AA6108F175A4636E4E8455C5FFC17D98872517335A89D3DA2BD4A9A8E7C8 ] Futuremark SystemInfo Service C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe
23:46:38.0582 0x650c  Futuremark SystemInfo Service - ok
23:46:38.0585 0x650c  fvevol - ok
23:46:38.0588 0x650c  gencounter - ok
23:46:38.0591 0x650c  genericusbfn - ok
23:46:38.0594 0x650c  GPIOClx0101 - ok
23:46:38.0597 0x650c  gpsvc - ok
23:46:38.0602 0x650c  GpuEnergyDrv - ok
23:46:38.0608 0x650c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:46:38.0617 0x650c  gupdate - ok
23:46:38.0622 0x650c  [ 88FBBB1C601A6BC42054E57C2897FA45, 928C5BAB515035DE659C4255C209D33C407716DA325798951B2E8DA9BB230A9F ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:46:38.0630 0x650c  gupdatem - ok
23:46:38.0634 0x650c  HDAudBus - ok
23:46:38.0637 0x650c  HidBatt - ok
23:46:38.0640 0x650c  HidBth - ok
23:46:38.0643 0x650c  hidi2c - ok
23:46:38.0646 0x650c  hidinterrupt - ok
23:46:38.0651 0x650c  HidIr - ok
23:46:38.0655 0x650c  hidserv - ok
23:46:38.0658 0x650c  HidUsb - ok
23:46:38.0661 0x650c  HomeGroupListener - ok
23:46:38.0664 0x650c  HomeGroupProvider - ok
23:46:38.0667 0x650c  HpSAMD - ok
23:46:38.0670 0x650c  HTTP - ok
23:46:38.0673 0x650c  HvHost - ok
23:46:38.0677 0x650c  hvservice - ok
23:46:38.0680 0x650c  hwpolicy - ok
23:46:38.0686 0x650c  hyperkbd - ok
23:46:38.0691 0x650c  i8042prt - ok
23:46:38.0694 0x650c  iagpio - ok
23:46:38.0697 0x650c  iai2c - ok
23:46:38.0701 0x650c  iaLPSS2i_GPIO2 - ok
23:46:38.0705 0x650c  iaLPSS2i_GPIO2_BXT_P - ok
23:46:38.0708 0x650c  iaLPSS2i_I2C - ok
23:46:38.0711 0x650c  iaLPSS2i_I2C_BXT_P - ok
23:46:38.0714 0x650c  iaLPSSi_GPIO - ok
23:46:38.0717 0x650c  iaLPSSi_I2C - ok
23:46:38.0720 0x650c  iaStorAV - ok
23:46:38.0723 0x650c  iaStorV - ok
23:46:38.0726 0x650c  ibbus - ok
23:46:38.0729 0x650c  icssvc - ok
23:46:38.0735 0x650c  IKEEXT - ok
23:46:38.0738 0x650c  IndirectKmd - ok
23:46:38.0742 0x650c  intelide - ok
23:46:38.0746 0x650c  intelpep - ok
23:46:38.0749 0x650c  intelppm - ok
23:46:38.0752 0x650c  iorate - ok
23:46:38.0755 0x650c  IpFilterDriver - ok
23:46:38.0758 0x650c  iphlpsvc - ok
23:46:38.0763 0x650c  IPMIDRV - ok
23:46:38.0765 0x650c  IPNAT - ok
23:46:38.0769 0x650c  IpxlatCfgSvc - ok
23:46:38.0795 0x650c  [ 351ECBD83AC88E56D4E93B8FA36DF30D, A6905EFD7EC0EEF3FDCF7A828A82BED469660C5022A167D4A56E73EE605CAD8A ] iRacingService  C:\Program Files (x86)\iRacing\iRacingService64.exe
23:46:38.0827 0x650c  iRacingService - ok
23:46:38.0832 0x650c  irda - ok
23:46:38.0835 0x650c  IRENUM - ok
23:46:38.0838 0x650c  irmon - ok
23:46:38.0841 0x650c  isapnp - ok
23:46:38.0844 0x650c  iScsiPrt - ok
23:46:38.0847 0x650c  kbdclass - ok
23:46:38.0853 0x650c  kbdhid - ok
23:46:38.0856 0x650c  kdnic - ok
23:46:38.0859 0x650c  KeyIso - ok
23:46:38.0862 0x650c  KSecDD - ok
23:46:38.0865 0x650c  KSecPkg - ok
23:46:38.0869 0x650c  ksthunk - ok
23:46:38.0872 0x650c  KtmRm - ok
23:46:38.0875 0x650c  LanmanServer - ok
23:46:38.0878 0x650c  LanmanWorkstation - ok
23:46:38.0885 0x650c  lfsvc - ok
23:46:38.0887 0x650c  LicenseManager - ok
23:46:38.0890 0x650c  lltdio - ok
23:46:38.0893 0x650c  lltdsvc - ok
23:46:38.0897 0x650c  lmhosts - ok
23:46:38.0901 0x650c  LSI_SAS - ok
23:46:38.0904 0x650c  LSI_SAS2i - ok
23:46:38.0907 0x650c  LSI_SAS3i - ok
23:46:38.0911 0x650c  LSI_SSS - ok
23:46:38.0913 0x650c  LSM - ok
23:46:38.0920 0x650c  luafv - ok
23:46:38.0923 0x650c  MapsBroker - ok
23:46:38.0933 0x650c  [ 63FCDCD7E95BD71D0EF201671090DF31, 546189E2C22101963206987BA0B3420202274B956D5E1E4545BF495CF680B826 ] Marvell Storage Management C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
23:46:38.0945 0x650c  Marvell Storage Management - ok
23:46:38.0949 0x650c  mausbhost - ok
23:46:38.0952 0x650c  mausbip - ok
23:46:38.0955 0x650c  megasas - ok
23:46:38.0958 0x650c  megasas2i - ok
23:46:38.0961 0x650c  megasr - ok
23:46:38.0965 0x650c  MessagingService - ok
23:46:38.0968 0x650c  mlx4_bus - ok
23:46:38.0971 0x650c  MMCSS - ok
23:46:38.0974 0x650c  Modem - ok
23:46:38.0977 0x650c  monitor - ok
23:46:38.0981 0x650c  mouclass - ok
23:46:38.0984 0x650c  mouhid - ok
23:46:38.0987 0x650c  mountmgr - ok
23:46:38.0990 0x650c  mpsdrv - ok
23:46:38.0993 0x650c  MpsSvc - ok
23:46:38.0997 0x650c  MRxDAV - ok
23:46:39.0002 0x650c  mrxsmb - ok
23:46:39.0005 0x650c  mrxsmb10 - ok
23:46:39.0008 0x650c  mrxsmb20 - ok
23:46:39.0010 0x650c  MsBridge - ok
23:46:39.0014 0x650c  MSDTC - ok
23:46:39.0019 0x650c  Msfs - ok
23:46:39.0023 0x650c  msgpiowin32 - ok
23:46:39.0026 0x650c  mshidkmdf - ok
23:46:39.0029 0x650c  mshidumdf - ok
23:46:39.0035 0x650c  msisadrv - ok
23:46:39.0038 0x650c  MSiSCSI - ok
23:46:39.0041 0x650c  msiserver - ok
23:46:39.0044 0x650c  MSKSSRV - ok
23:46:39.0047 0x650c  MsLldp - ok
23:46:39.0050 0x650c  MSPCLOCK - ok
23:46:39.0053 0x650c  MSPQM - ok
23:46:39.0056 0x650c  MsRPC - ok
23:46:39.0061 0x650c  mssmbios - ok
23:46:39.0064 0x650c  MSTEE - ok
23:46:39.0070 0x650c  [ 5334D3450B55FC929D50143F530597F0, A0A8CE97BA5CEA8BC9CEC3DC4A590C1D0ED5787CD8F798659238BC0F5B59CBEA ] MSUWebService   C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
23:46:39.0076 0x650c  MSUWebService - detected UnsignedFile.Multi.Generic ( 1 )
23:46:39.0138 0x650c  Detect skipped due to KSN trusted
23:46:39.0138 0x650c  MSUWebService - ok
23:46:39.0143 0x650c  MTConfig - ok
23:46:39.0145 0x650c  Mup - ok
23:46:39.0149 0x650c  [ E53D9AB63917338D7FFE12E85310A636, 92BC83F8FC67D332A10B98361D0D1C4E7D324F15740A48E6DE1B8FACE957A818 ] mv91cons        C:\WINDOWS\system32\drivers\mv91cons.sys
23:46:39.0155 0x650c  mv91cons - ok
23:46:39.0165 0x650c  [ 38B4C95E821528FB91DF16A78E04450F, 8ADDF63088293923B497E1AFF86C189669B973F43153FEE2370EA32860D71AD7 ] mv91xx          C:\WINDOWS\system32\drivers\mv91xx.sys
23:46:39.0177 0x650c  mv91xx - ok
23:46:39.0181 0x650c  mvumis - ok
23:46:39.0186 0x650c  NativeWifiP - ok
23:46:39.0189 0x650c  NaturalAuthentication - ok
23:46:39.0191 0x650c  NcaSvc - ok
23:46:39.0194 0x650c  NcbService - ok
23:46:39.0197 0x650c  NcdAutoSetup - ok
23:46:39.0201 0x650c  ndfltr - ok
23:46:39.0205 0x650c  NDIS - ok
23:46:39.0207 0x650c  NdisCap - ok
23:46:39.0210 0x650c  NdisImPlatform - ok
23:46:39.0214 0x650c  NdisTapi - ok
23:46:39.0217 0x650c  Ndisuio - ok
23:46:39.0220 0x650c  NdisVirtualBus - ok
23:46:39.0223 0x650c  NdisWan - ok
23:46:39.0226 0x650c  ndiswanlegacy - ok
23:46:39.0229 0x650c  ndproxy - ok
23:46:39.0235 0x650c  Ndu - ok
23:46:39.0238 0x650c  NetAdapterCx - ok
23:46:39.0241 0x650c  NetBIOS - ok
23:46:39.0245 0x650c  NetBT - ok
23:46:39.0248 0x650c  Netlogon - ok
23:46:39.0252 0x650c  Netman - ok
23:46:39.0255 0x650c  netprofm - ok
23:46:39.0258 0x650c  NetSetupSvc - ok
23:46:39.0266 0x650c  NetTcpPortSharing - ok
23:46:39.0269 0x650c  netvsc - ok
23:46:39.0273 0x650c  NgcCtnrSvc - ok
23:46:39.0276 0x650c  NgcSvc - ok
23:46:39.0279 0x650c  NlaSvc - ok
23:46:39.0282 0x650c  Npfs - ok
23:46:39.0285 0x650c  npsvctrig - ok
23:46:39.0288 0x650c  nsi - ok
23:46:39.0291 0x650c  nsiproxy - ok
23:46:39.0296 0x650c  NTFS - ok
23:46:39.0302 0x650c  Null - ok
23:46:39.0315 0x650c  [ FEECA8AA2B7326D22A8B54E576008FB8, BF8E0D9C7E743F5F9C6E7017B05F20D4AF72883DED886E5FCCCA6EF2EE5C7A9E ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
23:46:39.0333 0x650c  NvContainerLocalSystem - ok
23:46:39.0345 0x650c  [ FEECA8AA2B7326D22A8B54E576008FB8, BF8E0D9C7E743F5F9C6E7017B05F20D4AF72883DED886E5FCCCA6EF2EE5C7A9E ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
23:46:39.0361 0x650c  NvContainerNetworkService - ok
23:46:39.0365 0x650c  nvdimmn - ok
23:46:39.0374 0x650c  [ C27427C9D79DE00A01B9987B68485F60, D385AFADECC3B1ECD62211D5501050A66F6A334AE3799DDA8F8CA4C231CFB075 ] NVHDA           C:\WINDOWS\system32\drivers\nvhda64v.sys
23:46:39.0386 0x650c  NVHDA - ok
23:46:39.0679 0x650c  [ 444B969DABB3F2D2176EF0BFAB42364F, 34468CC7A124D29130FE373BB987CB705C8767CD60F5B30CAD541F4B3F85BB55 ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys
23:46:39.0976 0x650c  nvlddmkm - ok
23:46:39.0995 0x650c  nvraid - ok
23:46:39.0998 0x650c  nvstor - ok
23:46:40.0011 0x650c  [ 16006A9892E8AB4BFD4D555740E97CE1, 336364C97687380CC15B12EDDA0FD467084E8157AFA1B62A61F28AF37E923F76 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
23:46:40.0025 0x650c  NvTelemetryContainer - ok
23:46:40.0030 0x650c  [ 8F63502E8A6AA47A3291866411ACF779, E0708F737C3398FBF535205211621955B9E4F14FE2DAA445D80B2DC4393B6165 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
23:46:40.0039 0x650c  nvvad_WaveExtensible - ok
23:46:40.0043 0x650c  OneSyncSvc - ok
23:46:40.0047 0x650c  p2pimsvc - ok
23:46:40.0054 0x650c  p2psvc - ok
23:46:40.0057 0x650c  Parport - ok
23:46:40.0060 0x650c  partmgr - ok
23:46:40.0063 0x650c  PcaSvc - ok
23:46:40.0065 0x650c  pci - ok
23:46:40.0068 0x650c  pciide - ok
23:46:40.0071 0x650c  pcmcia - ok
23:46:40.0074 0x650c  pcw - ok
23:46:40.0077 0x650c  pdc - ok
23:46:40.0081 0x650c  PEAUTH - ok
23:46:40.0086 0x650c  percsas2i - ok
23:46:40.0089 0x650c  percsas3i - ok
23:46:40.0124 0x650c  PerfHost - ok
23:46:40.0131 0x650c  PhoneSvc - ok
23:46:40.0136 0x650c  PimIndexMaintenanceSvc - ok
23:46:40.0140 0x650c  pla - ok
23:46:40.0143 0x650c  PlugPlay - ok
23:46:40.0146 0x650c  pmem - ok
23:46:40.0149 0x650c  PNRPAutoReg - ok
23:46:40.0151 0x650c  PNRPsvc - ok
23:46:40.0156 0x650c  PolicyAgent - ok
23:46:40.0161 0x650c  Power - ok
23:46:40.0164 0x650c  PptpMiniport - ok
23:46:40.0237 0x650c  [ 5404E7A968A26DF03793B6F68536594D, BE5A85581E87EFE4DB43AD17B8D42D3F7F32364AEEC1416DBB94279C4A203FF2 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
23:46:40.0347 0x650c  PrintNotify - ok
23:46:40.0355 0x650c  Processor - ok
23:46:40.0357 0x650c  ProfSvc - ok
23:46:40.0360 0x650c  Psched - ok
23:46:40.0369 0x650c  [ 8B3159CCD9F177D1668AC6E7F3EB55B8, FC6C080D7DC1C106EA5B6BFEC6DB93EC4326C6342298C29FFDA0AEAF158801F4 ] qcusbser        C:\WINDOWS\system32\DRIVERS\qcusbser.sys
23:46:40.0386 0x650c  qcusbser - ok
23:46:40.0390 0x650c  QWAVE - ok
23:46:40.0393 0x650c  QWAVEdrv - ok
23:46:40.0396 0x650c  RasAcd - ok
23:46:40.0399 0x650c  RasAgileVpn - ok
23:46:40.0403 0x650c  RasAuto - ok
23:46:40.0406 0x650c  Rasl2tp - ok
23:46:40.0409 0x650c  RasMan - ok
23:46:40.0411 0x650c  RasPppoe - ok
23:46:40.0415 0x650c  RasSstp - ok
23:46:40.0418 0x650c  rdbss - ok
23:46:40.0423 0x650c  rdpbus - ok
23:46:40.0426 0x650c  RDPDR - ok
23:46:40.0431 0x650c  RdpVideoMiniport - ok
23:46:40.0436 0x650c  rdyboost - ok
23:46:40.0439 0x650c  ReFS - ok
23:46:40.0442 0x650c  ReFSv1 - ok
23:46:40.0445 0x650c  RemoteAccess - ok
23:46:40.0448 0x650c  RemoteRegistry - ok
23:46:40.0451 0x650c  RetailDemo - ok
23:46:40.0455 0x650c  RFCOMM - ok
23:46:40.0458 0x650c  [ 8D5E629E39FD2A36ADF963BBAECC15D2, 63C857DEC2A28D94519392412CAD1DFAA84FA5BE84AB8EA4862872CA8EE55A92 ] rimvndis        C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys
23:46:40.0465 0x650c  rimvndis - detected UnsignedFile.Multi.Generic ( 1 )
23:46:40.0525 0x650c  Detect skipped due to KSN trusted
23:46:40.0525 0x650c  rimvndis - ok
23:46:40.0530 0x650c  [ 344604E6913BD6E4EAEC34AF2E0943D7, 4ADFE13AFECD0F263A27F647FC6BA1AB47B2A28F9D70FCAC90F23D0A2FB8C493 ] RimVSerPort     C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys
23:46:40.0549 0x650c  RimVSerPort - ok
23:46:40.0552 0x650c  RmSvc - ok
23:46:40.0555 0x650c  RpcEptMapper - ok
23:46:40.0559 0x650c  RpcLocator - ok
23:46:40.0562 0x650c  RpcSs - ok
23:46:40.0568 0x650c  rspndr - ok
23:46:40.0572 0x650c  rt640x64 - ok
23:46:40.0585 0x650c  [ 52AF831207F28D05676503828BA7946B, A780BBC63D586C96D8CDC00DDB7DC39AF8C2440D76ED06B3C787082832D0B456 ] RzWizardService C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
23:46:40.0599 0x650c  RzWizardService - ok
23:46:40.0603 0x650c  s3cap - ok
23:46:40.0605 0x650c  SamSs - ok
23:46:40.0609 0x650c  sbp2port - ok
23:46:40.0612 0x650c  SCardSvr - ok
23:46:40.0615 0x650c  ScDeviceEnum - ok
23:46:40.0619 0x650c  scfilter - ok
23:46:40.0622 0x650c  Schedule - ok
23:46:40.0625 0x650c  scmbus - ok
23:46:40.0627 0x650c  SCPolicySvc - ok
23:46:40.0630 0x650c  sdbus - ok
23:46:40.0634 0x650c  SDFRd - ok
23:46:40.0637 0x650c  SDRSVC - ok
23:46:40.0640 0x650c  sdstor - ok
23:46:40.0643 0x650c  seclogon - ok
23:46:40.0646 0x650c  SecurityHealthService - ok
23:46:40.0651 0x650c  SEMgrSvc - ok
23:46:40.0655 0x650c  SENS - ok
23:46:40.0659 0x650c  SensorDataService - ok
23:46:40.0662 0x650c  SensorService - ok
23:46:40.0665 0x650c  SensrSvc - ok
23:46:40.0668 0x650c  SerCx - ok
23:46:40.0670 0x650c  SerCx2 - ok
23:46:40.0673 0x650c  Serenum - ok
23:46:40.0676 0x650c  Serial - ok
23:46:40.0679 0x650c  sermouse - ok
23:46:40.0689 0x650c  SessionEnv - ok
23:46:40.0692 0x650c  sfloppy - ok
23:46:40.0695 0x650c  SharedAccess - ok
23:46:40.0699 0x650c  ShellHWDetection - ok
23:46:40.0703 0x650c  shpamsvc - ok
23:46:40.0706 0x650c  SiSRaid2 - ok
23:46:40.0709 0x650c  SiSRaid4 - ok
23:46:40.0712 0x650c  smphost - ok
23:46:40.0715 0x650c  SmsRouter - ok
23:46:40.0722 0x650c  SNMPTRAP - ok
23:46:40.0725 0x650c  spaceport - ok
23:46:40.0728 0x650c  SpatialGraphFilter - ok
23:46:40.0731 0x650c  SpbCx - ok
23:46:40.0735 0x650c  spectrum - ok
23:46:40.0768 0x650c  [ 0FFE35F0B0CD5A324BBE22F02569AE3B, F4EE803EEFDB4EAEEDB3024C3516F1F9A202C77F4870D6B74356BBDE32B3B560 ] speedfan        C:\Windows\SysWOW64\speedfan.sys
23:46:40.0783 0x650c  speedfan - ok
23:46:40.0787 0x650c  Spooler - ok
23:46:40.0790 0x650c  sppsvc - ok
23:46:40.0792 0x650c  srv - ok
23:46:40.0796 0x650c  srv2 - ok
23:46:40.0802 0x650c  srvnet - ok
23:46:40.0806 0x650c  [ AFC159BDB8CD5A804D015D8A3624ECC6, 863150170D7F84D793C7CECD40439A5B46D337A8B904183ED8C53FDA9FB71091 ] ssdevfactory    C:\WINDOWS\System32\drivers\ssdevfactory.sys
23:46:40.0814 0x650c  ssdevfactory - ok
23:46:40.0819 0x650c  SSDPSRV - ok
23:46:40.0822 0x650c  SstpSvc - ok
23:46:40.0825 0x650c  StateRepository - ok
23:46:40.0858 0x650c  [ C8DC0C34715627ABF7A265ED27D1F75A, 5B8B9AC65D7458A8C6C868107E0BE3F9B1A1A5117FC69FDC260BAA9F1BDD0008 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:46:40.0895 0x650c  Steam Client Service - ok
23:46:40.0902 0x650c  stexstor - ok
23:46:40.0906 0x650c  stisvc - ok
23:46:40.0909 0x650c  storahci - ok
23:46:40.0912 0x650c  storflt - ok
23:46:40.0919 0x650c  stornvme - ok
23:46:40.0922 0x650c  storqosflt - ok
23:46:40.0925 0x650c  StorSvc - ok
23:46:40.0928 0x650c  storufs - ok
23:46:40.0931 0x650c  storvsc - ok
23:46:40.0935 0x650c  svsvc - ok
23:46:40.0938 0x650c  swenum - ok
23:46:40.0941 0x650c  swprv - ok
23:46:40.0944 0x650c  Synth3dVsc - ok
23:46:40.0948 0x650c  SysMain - ok
23:46:40.0951 0x650c  SystemEventsBroker - ok
23:46:40.0954 0x650c  TabletInputService - ok
23:46:40.0958 0x650c  TapiSrv - ok
23:46:40.0961 0x650c  Tcpip - ok
23:46:40.0964 0x650c  Tcpip6 - ok
23:46:40.0969 0x650c  tcpipreg - ok
23:46:40.0974 0x650c  tdx - ok
23:46:40.0977 0x650c  terminpt - ok
23:46:40.0980 0x650c  TermService - ok
23:46:40.0985 0x650c  Themes - ok
23:46:40.0989 0x650c  TieringEngineService - ok
23:46:40.0991 0x650c  tiledatamodelsvc - ok
23:46:40.0995 0x650c  TimeBrokerSvc - ok
23:46:40.0998 0x650c  TokenBroker - ok
23:46:41.0001 0x650c  TPM - ok
23:46:41.0004 0x650c  TrkWks - ok
23:46:41.0007 0x650c  TrustedInstaller - ok
23:46:41.0011 0x650c  TsUsbFlt - ok
23:46:41.0015 0x650c  TsUsbGD - ok
23:46:41.0020 0x650c  tunnel - ok
23:46:41.0024 0x650c  tzautoupdate - ok
23:46:41.0027 0x650c  UASPStor - ok
23:46:41.0030 0x650c  UcmCx0101 - ok
23:46:41.0037 0x650c  UcmTcpciCx0101 - ok
23:46:41.0040 0x650c  UcmUcsi - ok
23:46:41.0043 0x650c  Ucx01000 - ok
23:46:41.0046 0x650c  UdeCx - ok
23:46:41.0049 0x650c  udfs - ok
23:46:41.0052 0x650c  UEFI - ok
23:46:41.0055 0x650c  Ufx01000 - ok
23:46:41.0059 0x650c  UfxChipidea - ok
23:46:41.0062 0x650c  ufxsynopsys - ok
23:46:41.0070 0x650c  UI0Detect - ok
23:46:41.0073 0x650c  umbus - ok
23:46:41.0076 0x650c  UmPass - ok
23:46:41.0080 0x650c  UmRdpService - ok
23:46:41.0083 0x650c  UnistoreSvc - ok
23:46:41.0088 0x650c  upnphost - ok
23:46:41.0090 0x650c  UrsChipidea - ok
23:46:41.0094 0x650c  UrsCx01000 - ok
23:46:41.0097 0x650c  UrsSynopsys - ok
23:46:41.0101 0x650c  usbccgp - ok
23:46:41.0105 0x650c  usbcir - ok
23:46:41.0108 0x650c  usbehci - ok
23:46:41.0110 0x650c  usbhub - ok
23:46:41.0114 0x650c  USBHUB3 - ok
23:46:41.0117 0x650c  usbohci - ok
23:46:41.0120 0x650c  usbprint - ok
23:46:41.0124 0x650c  [ 96B48485A7CC2C0A63C196A16403C5F3, 4E364DE1FE19D14D5BA4F4360563BB49F4DEC90430771C12376C0B1BB70CFD37 ] usbscan         C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:46:41.0139 0x650c  usbscan - ok
23:46:41.0143 0x650c  usbser - ok
23:46:41.0146 0x650c  USBSTOR - ok
23:46:41.0151 0x650c  usbuhci - ok
23:46:41.0154 0x650c  USBXHCI - ok
23:46:41.0158 0x650c  UserDataSvc - ok
23:46:41.0162 0x650c  UserManager - ok
23:46:41.0166 0x650c  UsoSvc - ok
23:46:41.0170 0x650c  VaultSvc - ok
23:46:41.0173 0x650c  vdrvroot - ok
23:46:41.0176 0x650c  vds - ok
23:46:41.0180 0x650c  VerifierExt - ok
23:46:41.0183 0x650c  vhdmp - ok
23:46:41.0186 0x650c  vhf - ok
23:46:41.0190 0x650c  vmbus - ok
23:46:41.0191 0x650c  VMBusHID - ok
23:46:41.0195 0x650c  vmgid - ok
23:46:41.0199 0x650c  vmicguestinterface - ok
23:46:41.0202 0x650c  vmicheartbeat - ok
23:46:41.0205 0x650c  vmickvpexchange - ok
23:46:41.0208 0x650c  vmicrdv - ok
23:46:41.0210 0x650c  vmicshutdown - ok
23:46:41.0214 0x650c  vmictimesync - ok
23:46:41.0219 0x650c  vmicvmsession - ok
23:46:41.0222 0x650c  vmicvss - ok
23:46:41.0226 0x650c  volmgr - ok
23:46:41.0229 0x650c  volmgrx - ok
23:46:41.0232 0x650c  volsnap - ok
23:46:41.0235 0x650c  volume - ok
23:46:41.0239 0x650c  vpci - ok
23:46:41.0242 0x650c  vsmraid - ok
23:46:41.0245 0x650c  VSS - ok
23:46:41.0249 0x650c  VSTXRAID - ok
23:46:41.0252 0x650c  vwifibus - ok
23:46:41.0255 0x650c  vwififlt - ok
23:46:41.0259 0x650c  W32Time - ok
23:46:41.0262 0x650c  WacomPen - ok
23:46:41.0266 0x650c  WalletService - ok
23:46:41.0269 0x650c  wanarp - ok
23:46:41.0273 0x650c  wanarpv6 - ok
23:46:41.0276 0x650c  wbengine - ok
23:46:41.0280 0x650c  WbioSrvc - ok
23:46:41.0283 0x650c  wcifs - ok
23:46:41.0287 0x650c  Wcmsvc - ok
23:46:41.0290 0x650c  wcncsvc - ok
23:46:41.0292 0x650c  wcnfs - ok
23:46:41.0296 0x650c  WdBoot - ok
23:46:41.0299 0x650c  Wdf01000 - ok
23:46:41.0302 0x650c  WdFilter - ok
23:46:41.0306 0x650c  WdiServiceHost - ok
23:46:41.0309 0x650c  WdiSystemHost - ok
23:46:41.0311 0x650c  wdiwifi - ok
23:46:41.0318 0x650c  [ 9955F303C20C4F58DB6645C6248DE1C8, 1A04B5C0EF2FE0CDBA054104727C54A02072B829BEAF4F3E4D16E581B50593F1 ] wdm_usb         C:\WINDOWS\system32\DRIVERS\usb2ser.sys
23:46:41.0336 0x650c  wdm_usb - ok
23:46:41.0339 0x650c  WdNisDrv - ok
23:46:41.0342 0x650c  WdNisSvc - ok
23:46:41.0346 0x650c  WebClient - ok
23:46:41.0349 0x650c  Wecsvc - ok
23:46:41.0352 0x650c  WEPHOSTSVC - ok
23:46:41.0356 0x650c  wercplsupport - ok
23:46:41.0359 0x650c  WerSvc - ok
23:46:41.0362 0x650c  WFDSConMgrSvc - ok
23:46:41.0365 0x650c  WFPLWFS - ok
23:46:41.0369 0x650c  WiaRpc - ok
23:46:41.0372 0x650c  WIMMount - ok
23:46:41.0374 0x650c  WinDefend - ok
23:46:41.0382 0x650c  WindowsTrustedRT - ok
23:46:41.0386 0x650c  WindowsTrustedRTProxy - ok
23:46:41.0390 0x650c  WinHttpAutoProxySvc - ok
23:46:41.0393 0x650c  WinMad - ok
23:46:41.0402 0x650c  Winmgmt - ok
23:46:41.0405 0x650c  WinNat - ok
23:46:41.0409 0x650c  WinRM - ok
23:46:41.0414 0x650c  WINUSB - ok
23:46:41.0419 0x650c  WinVerbs - ok
23:46:41.0423 0x650c  wisvc - ok
23:46:41.0426 0x650c  WlanSvc - ok
23:46:41.0429 0x650c  wlidsvc - ok
23:46:41.0433 0x650c  wlpasvc - ok
23:46:41.0437 0x650c  [ 680A7846370000D20D7E74917D5B7936, 55B77B358039672845D361CA4205F3482D1F30A4654B610FD785A1337EFDC316 ] WmBEnum         C:\WINDOWS\system32\drivers\WmBEnum.sys
23:46:41.0444 0x650c  WmBEnum - ok
23:46:41.0448 0x650c  [ 14C35BA8189C6F65D839163AA285E954, 8981AA488320C75E26E1ABDF884B721A4065F5D28F54782598B03F21B8CDC020 ] WmFilter        C:\WINDOWS\system32\drivers\WmFilter.sys
23:46:41.0455 0x650c  WmFilter - ok
23:46:41.0459 0x650c  [ AC4331AF118A720F13C9C5CABBFE27BD, 2C5F453996B00078F3E8E731F6B3DD4529831BDA2146EAFC66727C9460E85112 ] WmHidLo         C:\WINDOWS\system32\drivers\WmHidLo.sys
23:46:41.0466 0x650c  WmHidLo - ok
23:46:41.0469 0x650c  WmiAcpi - ok
23:46:41.0474 0x650c  wmiApSrv - ok
23:46:41.0477 0x650c  WMPNetworkSvc - ok
23:46:41.0481 0x650c  [ 8488DD91A3EE54A8E29F02AD7BB8201E, D428ED991D9E4A8765C240B21884A262854278698D60862117AC5949713231F9 ] WmVirHid        C:\WINDOWS\system32\drivers\WmVirHid.sys
23:46:41.0488 0x650c  WmVirHid - ok
23:46:41.0492 0x650c  [ 14802B3A30AA849C97CB968CCC813BF3, 330AD828ABD040ECDBF58F7162978CD61BFC093CAD404FD2BCAC74E3F2EC542A ] WmXlCore        C:\WINDOWS\system32\drivers\WmXlCore.sys
23:46:41.0500 0x650c  WmXlCore - ok
23:46:41.0507 0x650c  [ 1AE1076034392218EE89D2744EC2A071, 695C28E2697B12BBD919687176CE082E94887A5D8B6229F163A26F6EDF401C4C ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
23:46:41.0524 0x650c  Wof - ok
23:46:41.0529 0x650c  workfolderssvc - ok
23:46:41.0533 0x650c  WPDBusEnum - ok
23:46:41.0536 0x650c  WpdUpFltr - ok
23:46:41.0539 0x650c  WpnService - ok
23:46:41.0543 0x650c  WpnUserService - ok
23:46:41.0547 0x650c  ws2ifsl - ok
23:46:41.0553 0x650c  wscsvc - ok
23:46:41.0556 0x650c  WSearch - ok
23:46:41.0561 0x650c  wuauserv - ok
23:46:41.0565 0x650c  WudfPf - ok
23:46:41.0568 0x650c  WUDFRd - ok
23:46:41.0572 0x650c  wudfsvc - ok
23:46:41.0575 0x650c  WUDFWpdFs - ok
23:46:41.0578 0x650c  WwanSvc - ok
23:46:41.0582 0x650c  xbgm - ok
23:46:41.0586 0x650c  XblAuthManager - ok
23:46:41.0589 0x650c  XblGameSave - ok
23:46:41.0591 0x650c  xboxgip - ok
23:46:41.0595 0x650c  XboxGipSvc - ok
23:46:41.0602 0x650c  XboxNetApiSvc - ok
23:46:41.0605 0x650c  xinputhid - ok
23:46:41.0613 0x650c  [ E18D808B3BCDFE689A4C95665F45959F, 8B245B1EC2CEA1BE3EDA92BA3CC175A4AE196C4C1EF07081E3B5FA4DB69B4D95 ] {687703DE-DC6D-4649-892B-B8497854A6AB} C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl
23:46:41.0620 0x650c  {687703DE-DC6D-4649-892B-B8497854A6AB} - ok
23:46:41.0620 0x650c  ================ Scan global ===============================
23:46:41.0632 0x650c  [ Global ] - ok
23:46:41.0633 0x650c  ================ Scan MBR ==================================
23:46:41.0635 0x650c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
23:46:41.0690 0x650c  \Device\Harddisk1\DR1 - ok
23:46:41.0710 0x650c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:46:41.0920 0x650c  \Device\Harddisk0\DR0 - ok
23:46:41.0921 0x650c  ================ Scan VBR ==================================
23:46:41.0923 0x650c  [ B970AE4014A21BF4BD0477984B9E766A ] \Device\Harddisk1\DR1\Partition1
23:46:41.0924 0x650c  \Device\Harddisk1\DR1\Partition1 - ok
23:46:41.0926 0x650c  [ 607F5896FB483DFBC011CBCA6806CA58 ] \Device\Harddisk1\DR1\Partition2
23:46:41.0927 0x650c  \Device\Harddisk1\DR1\Partition2 - ok
23:46:41.0930 0x650c  [ 867D6BAA987382CA2F52E3EE6E83D378 ] \Device\Harddisk0\DR0\Partition1
23:46:41.0931 0x650c  \Device\Harddisk0\DR0\Partition1 - ok
23:46:41.0932 0x650c  ================ Scan generic autorun ======================
23:46:41.0933 0x650c  SecurityHealth - ok
23:46:41.0933 0x650c  WindowsDefender - ok
23:46:41.0968 0x650c  Cmaudio8788 - ok
23:46:41.0974 0x650c  [ 0740D338A42F7778760F2B0CB6DA5830, C6D275B4993502A155F85D8DE26B119866DEE106C98CF29CDAACBAF11484C94A ] C:\Windows\syswow64\HsMgr.exe
23:46:41.0989 0x650c  Cmaudio8788GX - detected UnsignedFile.Multi.Generic ( 1 )
23:46:42.0050 0x650c  Detect skipped due to KSN trusted
23:46:42.0050 0x650c  Cmaudio8788GX - ok
23:46:42.0059 0x650c  [ BEF1B23AD0BBF805F02FAA01EAE0AF4E, 65CCFEC1F61E475A1F6759ECCA8DE1844A26AB7F827BC1F63339A0DFF554B039 ] C:\Windows\system\HsMgr64.exe
23:46:42.0075 0x650c  Cmaudio8788GX64 - detected UnsignedFile.Multi.Generic ( 1 )
23:46:42.0137 0x650c  Detect skipped due to KSN trusted
23:46:42.0137 0x650c  Cmaudio8788GX64 - ok
23:46:42.0150 0x650c  [ C6C73025BE29E0B1B5B695A58F51F977, 2F5610DE28757CF31EAA96FA700E122006A2FA387C43E07CFB5B52840B6EF138 ] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
23:46:42.0164 0x650c  Acronis Scheduler2 Service - ok
23:46:42.0174 0x650c  [ 8DD6F98101EBBA3FC92C8092333A6B32, 80FE7E4433731614B92F8C0256EA5440508C535EBDA45188D1225BFEDA6F0F67 ] C:\Program Files\AVAST Software\Avast\AvLaunch.exe
23:46:42.0186 0x650c  AvastUI.exe - ok
23:46:42.0193 0x650c  [ 0104F4CA73154C23FFB449501F6D2D53, 0610AC01C06CC15D67F11C0EE00097A4D0A56B9EED16489FD3306EC2E1E6F301 ] C:\Program Files\Logitech\Gaming Software\LWEMon.exe
23:46:42.0203 0x650c  Start WingMan Profiler - ok
23:46:42.0211 0x650c  [ A613ECAD4E6C99B6DAD2CDFEAA134695, 9F67C28589863B388456BAF9C42AEB64E5FD17F8BDE57DA785CC6046CD426055 ] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
23:46:42.0222 0x650c  RzWizard - ok
23:46:42.0243 0x650c  [ 4108DD8643CBFA723AD384B5B86F824F, 854CFAB742D727036254EE0E45706BB5F1F00581172294BC00E42DA88F3E622F ] C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
23:46:42.0271 0x650c  PowerDVD15Agent - ok
23:46:42.0282 0x650c  [ DD6C3CB7198F194202AB190D52236B95, 92E443F0720BEE589EC5C31B34A43FCD3EEB7613C7DF134DBB58ADA53C8FECCB ] C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
23:46:42.0298 0x650c  adm_tray.exe - ok
23:46:42.0325 0x650c  [ 95BCE007607F409FE1C7AFE947D74AC2, D5CD93C14C6AAB7FE9DF4CF5540A1A550D300D1574B88B3AAD80A0C8BD0A3DB3 ] C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
23:46:42.0355 0x650c  MSUTray - ok
23:46:42.0370 0x650c  [ A443A7C05ABF0FCD16E89593F63B633B, 3F579132A39AEC2513CD286AB9A43534DC05F9502FD1A369126236F69EF76282 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:46:42.0388 0x650c  SunJavaUpdateSched - ok
23:46:42.0391 0x650c  OneDriveSetup - ok
23:46:42.0392 0x650c  OneDriveSetup - ok
23:46:42.0428 0x650c  [ C5D30E88C97825CF0652B60C42F103AD, D605DC9021021714BDA36EF48C335F85C77F85474A21B6E5258270E1703B8DC8 ] C:\Users\chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe
23:46:42.0470 0x650c  OneDrive - ok
23:46:42.0478 0x650c  [ 6C67923835039DCBCCB02AB54B5A1A33, 253B0A6116408ED1551EC1B3027CC6203A2D87E4BCBDBDBD06089974E7C88656 ] C:\Program Files\YoloMouse\YoloMouse.exe
23:46:42.0491 0x650c  YoloMouse - detected UnsignedFile.Multi.Generic ( 1 )
23:46:42.0607 0x650c  YoloMouse ( UnsignedFile.Multi.Generic ) - warning
23:46:42.0732 0x650c  [ 102F5E1FBE80E7F988E9856BA8091907, 152359E0605A8B28B846A90FCB7A3358CD8E3D2575AF4A21FA1BFDA77902DEB7 ] C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
23:46:42.0773 0x650c  Spotify Web Helper - ok
23:46:42.0911 0x650c  [ 5930DEA18B7DF0CD7990FD6FDE57F366, EA3818A682874A23CE0FCDB9CD8D4194E0A5D5AED14F6077DE3CA9E5C0E409E4 ] C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe
23:46:43.0072 0x650c  Spotify - ok
23:46:43.0141 0x650c  [ 3F218819210022E0D585957FB155D4A3, A2F27FCB349BAE82B4A4475F3C26E5D57D0EC07C22228F35CFFE3ABBFBA2EEF8 ] C:\Program Files (x86)\Steam\steam.exe
23:46:43.0212 0x650c  Steam - ok
23:46:43.0225 0x650c  [ F45112E65525EB2692DD172E02F5D763, E7BB9633080D28054C7096AF31F403C2CDEDA0CE7B76E100607D046AEEBEEA73 ] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
23:46:43.0235 0x650c  BlueStacks Agent - ok
23:46:43.0236 0x650c  Waiting for KSN requests completion. In queue: 41
23:46:44.0249 0x650c  AV detected via SS2: Avast Antivirus, C:\Program Files\AVAST Software\Avast\wsc_proxy.exe ( 17.4.3482.0 ), 0x42000 ( disabled : updated )
23:46:44.0254 0x650c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.11.15063.332 ), 0x60100 ( disabled : updated )
23:46:44.0258 0x650c  Win FW state via NFP2: enabled ( trusted )
23:46:44.0336 0x650c  ============================================================
23:46:44.0336 0x650c  Scan finished
23:46:44.0336 0x650c  ============================================================
23:46:44.0345 0x61a0  Detected object count: 1
23:46:44.0345 0x61a0  Actual detected object count: 1
23:48:06.0111 0x61a0  YoloMouse ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:06.0111 0x61a0  YoloMouse ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:48:23.0047 0x50b4  Deinitialize success

brill_e · 05.07.2017, 23:08

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by chris (administrator) on DESKTOP-E48G4LQ (05-07-2017 23:18:38)
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available Profiles: chris)
Platform: Windows 10 Home Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService64.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\System\HsMgr64.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
() C:\Program Files\YoloMouse\YoloMouse.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(Nick Thissen) C:\Program Files (x86)\iRacing Setup Sync\bin\iRacingSetupSync.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\HxTsr.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe
(Bluestack System Inc. ) C:\Program Files (x86)\BlueStacks\BstkSVC.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2016-01-15] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2016-01-15] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-26] (AVAST Software)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-23] (Razer Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2016-02-23] (CyberLink Corp.)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1199144 2010-11-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [YoloMouse] => C:\Program Files\YoloMouse\YoloMouse.exe [179200 2016-03-25] ()
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Spotify Web Helper] => C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-25] (Spotify Ltd)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Spotify] => C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-25] (Spotify Ltd)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk [2017-05-08]
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files (x86)\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{86758696-4300-4565-9f89-421c20bd886a}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://at.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_02&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByBtA0EyCtCtA0DyDyC0AtN0D0Tzu0StCzztAzztN1L2XzutAtFtByDtFtCtFtCtDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0FyCtAtB0E0CtGyD0F0DyEtG0FyCyD0EtGyC0DyD0CtGtB0ByC0ByCzzzyyE0C0BtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyBtBtByByE0DtGtByBtA0BtGyE0C0B0BtG0BzztCtDtGyD0ByByDzztC0B0FyDtAyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyDyBtC%26cr%3D1621586885%26a%3Dwbf_kngo_17_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByBtA0EyCtCtA0DyDyC0AtN0D0Tzu0StCzztAzztN1L2XzutAtFtByDtFtCtFtCtDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0FyCtAtB0E0CtGyD0F0DyEtG0FyCyD0EtGyC0DyD0CtGtB0ByC0ByCzzzyyE0C0BtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyBtBtByByE0DtGtByBtA0BtGyE0C0B0BtG0BzztCtDtGyD0ByByDzztC0B0FyDtAyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyDyBtC%26cr%3D1621586885%26a%3Dwbf_kngo_17_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM-x32 -> {26080cad-4adc-49ac-8c63-eda16e595cbd} URL = hxxps://at.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_kngo_17_02&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dat%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtByBtA0EyCtCtA0DyDyC0AtN0D0Tzu0StCzztAzztN1L2XzutAtFtByDtFtCtFtCtDyDtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2SyE0C0FyCtAtB0E0CtGyD0F0DyEtG0FyCyD0EtGyC0DyD0CtGtB0ByC0ByCzzzyyE0C0BtC0E2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzyyBtBtByByE0DtGtByBtA0BtGyE0C0B0BtG0BzztCtDtGyD0ByByDzztC0B0FyDtAyEzz2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtCyDyBtC%26cr%3D1621586885%26a%3Dwbf_kngo_17_02%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 [2017-05-26]
FF NewTab: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> search.yahoo.com
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> Avast Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> search.yahoo.com
FF Homepage: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> hxxps://at.search.yahoo.com/yhs/web?hspart=arh&hsimp=yhs-001&type=zxy_ad725cc5911bd0d183&param1=ArFaIWVoNqArQGMVInobADAevXFbMnMqQGMVBCJoNqAdBHFaISoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmE9ISIXvFE9IWYUNVQ9JGYVNVM9JCIVwVNdISoVvFNdJCILNVJdESk8NUM9J6k3vFI4J6ILNFdbDSk8wVU9ImIXvFI9ImIWwVA4ISoVwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGwVI9JaYYvFFdISIXNVU9JmISvFQ4JmoXvFQ9IaYYNVBdICoVwVw9J6IYNVE4ICISwVM9J6oUNVQ4J6IXNVRdJmoUvFE4Jmk4NoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoM9JCk4vFQ9JmIXvFQ4IGYVwVw9JmoXwVVdJmISvFFdJaYXNVQ9IaYXvmk9J6IVwVw4IWYXvFQ4ISk3wVNdJqYTvFI9JCoUvmlbFCILNVVdGSk8vFFoNqAqxrFaIWVaNqp8MGJdMqFoNqAsQGMVvDIlC6MuNGwuNWEuyDorQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVdMWBaMaF5Mt%3D%3D
FF Keyword.URL: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> user_pref("keyword.URL", true);
FF Extension: (Avast SafePrice) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\sp@avast.com.xpi [2017-05-26]
FF Extension: (Avast Online Security) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\wrc@avast.com.xpi [2017-05-26]
FF Extension: (Video DownloadHelper) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-07]
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\searchplugins\avast-search.xml [2017-01-13]
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\searchplugins\search.yahoo.com.xml [2017-01-30]
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\searchplugins\yahoo! powered.xml [2017-01-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://members.iracing.com/membersite/member/Home.do"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2017-07-05]
CHR Extension: (Google Präsentationen) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-16]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-16]
CHR Extension: (uTab) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp [2017-07-05]
CHR Extension: (Google-Suche) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21]
CHR Extension: (Search Manager) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej [2017-06-25]
CHR Extension: (Google Mail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-26] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
R3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
R3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-05] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService64.exe [1127664 2017-06-23] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2010-09-02] (Apache Software Foundation) [File not signed]
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-02] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-23] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-26] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-26] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-26] (AVAST Software)
R2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158888 2017-07-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-26] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
R3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-12-19] (C-Media Inc)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-05-02] (NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-03] (SteelSeries ApS)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-02-22] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-06 05:12 - 2021-11-06 05:12 - 00207872 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\MVTrim.dll
2017-07-05 23:18 - 2017-07-05 23:18 - 00024511 _____ C:\Users\chris\Desktop\FRST.txt
2017-07-05 23:15 - 2017-07-05 23:14 - 02436608 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
2017-07-05 19:23 - 2017-07-05 19:23 - 00001081 _____ C:\Users\chris\Desktop\KaraFun Player 2.lnk
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\ProgramData\Recisio
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun Player 2
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\Program Files (x86)\KaraFun Player 2
2017-07-05 13:37 - 2017-07-05 23:18 - 00000000 ____D C:\FRST
2017-07-05 12:32 - 2017-07-05 12:32 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-07-02 20:56 - 2017-07-04 17:34 - 00000000 ____D C:\Users\chris\AppData\Roaming\MuseScore
2017-07-02 20:56 - 2017-07-02 20:56 - 00001126 _____ C:\Users\chris\Desktop\MuseScore 2.lnk
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\OneDrive\Dokumente\MuseScore2
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\AppData\Local\MuseScore
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2017-07-01 20:25 - 2017-07-01 20:51 - 00000000 ____D C:\Users\chris\Desktop\Karaoke
2017-07-01 19:50 - 2017-07-01 19:50 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-07-01 18:52 - 2017-07-01 20:52 - 00000000 ____D C:\Users\chris\AppData\Roaming\audacity
2017-07-01 18:52 - 2017-07-01 18:52 - 00000000 ____D C:\Users\chris\AppData\Local\Audacity
2017-07-01 18:51 - 2017-07-01 18:52 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-07-01 18:51 - 2017-07-01 18:51 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-07-01 18:51 - 2017-07-01 18:51 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00001648 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00001648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-07-01 14:18 - 2017-05-24 08:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-07-01 13:48 - 2017-07-05 17:25 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-07-01 13:47 - 2017-07-01 14:18 - 00000000 ____D C:\Users\chris\AppData\Local\Bluestacks
2017-06-29 16:32 - 2017-06-20 08:15 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-29 16:32 - 2017-06-20 08:15 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-29 16:32 - 2017-06-20 08:11 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-29 16:32 - 2017-06-20 08:11 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-29 16:32 - 2017-06-20 08:09 - 02969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-29 16:32 - 2017-06-20 08:08 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-29 16:32 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-29 16:32 - 2017-06-20 08:03 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-29 16:32 - 2017-06-20 08:03 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-29 16:32 - 2017-06-20 08:03 - 02444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-29 16:32 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-29 16:32 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-29 16:32 - 2017-06-20 08:01 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-29 16:32 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-29 16:32 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-29 16:32 - 2017-06-20 07:59 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-29 16:32 - 2017-06-20 07:58 - 21352184 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-29 16:32 - 2017-06-20 07:58 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-29 16:32 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-29 16:32 - 2017-06-20 07:28 - 23675904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-29 16:32 - 2017-06-20 07:17 - 03670528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-29 16:32 - 2017-06-20 07:15 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-29 16:32 - 2017-06-20 07:14 - 17364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-29 16:32 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-29 16:32 - 2017-06-20 07:13 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-29 16:32 - 2017-06-20 07:12 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-29 16:32 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-29 16:32 - 2017-06-20 07:11 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-29 16:32 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-29 16:32 - 2017-06-20 07:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-29 16:32 - 2017-06-20 07:09 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-29 16:32 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-29 16:32 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 12786688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 01517536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-29 16:32 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 08243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 20372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 06763648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-29 16:32 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-29 16:32 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 01802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-29 16:32 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-29 16:32 - 2017-06-20 06:50 - 02957312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-29 16:32 - 2017-06-20 06:49 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-29 16:32 - 2017-06-20 06:45 - 20505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-29 16:32 - 2017-06-20 06:44 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-29 16:32 - 2017-06-20 06:40 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-29 16:32 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-29 16:32 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-29 16:32 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-29 16:32 - 2017-06-20 06:37 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-29 16:32 - 2017-06-20 06:37 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-29 16:32 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-29 16:32 - 2017-06-20 06:36 - 06291456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-29 16:32 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-29 16:32 - 2017-06-20 06:36 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-29 16:32 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-29 16:31 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-29 16:31 - 2017-06-20 08:18 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-06-29 16:31 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-29 16:31 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-29 16:31 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-29 16:31 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-29 16:31 - 2017-06-20 08:15 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-06-29 16:31 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-29 16:31 - 2017-06-20 08:14 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-29 16:31 - 2017-06-20 08:14 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-29 16:31 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-29 16:31 - 2017-06-20 08:11 - 01186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-29 16:31 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-29 16:31 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-29 16:31 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-29 16:31 - 2017-06-20 08:10 - 00119392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-06-29 16:31 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-29 16:31 - 2017-06-20 08:06 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-06-29 16:31 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-29 16:31 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-29 16:31 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-29 16:31 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-29 16:31 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-29 16:31 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-29 16:31 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-29 16:31 - 2017-06-20 08:01 - 00553888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-06-29 16:31 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-29 16:31 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 01337344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-29 16:31 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-29 16:31 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-29 16:31 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-29 16:31 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 00096136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-06-29 16:31 - 2017-06-20 07:14 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-29 16:31 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-29 16:31 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-29 16:31 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-29 16:31 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-29 16:31 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-29 16:31 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-29 16:31 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-29 16:31 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-29 16:31 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-29 16:31 - 2017-06-20 07:07 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-29 16:31 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-29 16:31 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-29 16:31 - 2017-06-20 07:04 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-29 16:31 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 01194696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-29 16:31 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-29 16:31 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-29 16:31 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-29 16:31 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-29 16:31 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-29 16:31 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-29 16:31 - 2017-06-20 06:47 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-29 16:31 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-29 16:31 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-29 16:31 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-29 16:31 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-29 16:31 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-29 16:31 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-29 16:31 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 01494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-29 16:31 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-29 16:31 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-29 16:31 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-29 16:31 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-29 16:31 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-25 17:25 - 2017-06-25 17:25 - 00003272 _____ C:\WINDOWS\System32\Tasks\D3DGearRawFrameCaptureTask
2017-06-15 05:11 - 2017-06-15 05:11 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-15 00:04 - 2017-06-03 08:32 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-15 00:04 - 2017-06-03 08:32 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-14 18:27 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:27 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:27 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:27 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:27 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:27 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:27 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:27 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:27 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:27 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:27 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:27 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:27 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:27 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:27 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:27 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:27 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:27 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:27 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:27 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:27 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:27 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:27 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:27 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:27 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:26 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:26 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:26 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:26 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:26 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:26 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:26 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:26 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:26 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:26 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:26 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:26 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:26 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:26 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:26 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:26 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:26 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:26 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:26 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:26 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:26 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:26 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:26 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:26 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-05 23:18 - 2016-06-07 19:32 - 00000784 _____ C:\WINDOWS\SysWOW64\za_mv_raid.ev
2017-07-05 23:07 - 2017-05-24 23:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-05 23:05 - 2017-05-24 23:35 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E025AA66-1D98-4F3E-A00F-4D7B7E842DE2}
2017-07-05 19:16 - 2017-02-05 21:16 - 00000000 ____D C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}
2017-07-05 17:26 - 2017-05-25 08:56 - 00956770 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-05 17:26 - 2017-05-25 08:56 - 00210692 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-05 17:26 - 2017-05-24 23:38 - 02161984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-05 17:23 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 16:03 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-05 16:03 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 15:12 - 2017-01-12 17:12 - 00000000 ____D C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}
2017-07-05 12:43 - 2016-01-14 19:43 - 00158888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-07-05 12:37 - 2017-05-15 21:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-05 12:37 - 2017-02-18 18:47 - 00000000 ____D C:\Users\chris\AppData\Local\Spotify
2017-07-05 12:37 - 2017-02-18 18:46 - 00000000 ____D C:\Users\chris\AppData\Roaming\Spotify
2017-07-05 12:36 - 2017-01-12 17:13 - 00000000 ____D C:\Users\chris\AppData\Roaming\UpdateTask
2017-07-05 12:35 - 2017-05-24 23:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-05 12:35 - 2017-05-24 23:29 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-05 12:32 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-05 12:31 - 2017-05-24 23:29 - 00000000 ____D C:\Users\chris
2017-07-04 18:34 - 2017-05-07 17:23 - 00000000 ____D C:\Program Files (x86)\iRacing
2017-07-04 17:41 - 2017-05-07 18:10 - 00555048 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-07-01 14:30 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-01 14:18 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-29 20:40 - 2016-11-20 20:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-29 18:07 - 2017-05-24 23:28 - 00217144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-29 16:35 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-27 16:56 - 2016-01-14 19:46 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 16:56 - 2016-01-14 19:46 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 18:37 - 2017-05-24 12:04 - 00000000 ____D C:\Users\chris\AppData\Local\ElevatedDiagnostics
2017-06-20 19:53 - 2016-01-14 18:34 - 00002387 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 19:53 - 2016-01-14 18:34 - 00000000 ___RD C:\Users\chris\OneDrive
2017-06-18 02:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 02:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 22:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 00:02 - 2017-03-19 04:30 - 00000000 ____D C:\WINDOWS\OCR
2017-06-14 22:45 - 2016-01-16 20:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 22:43 - 2016-01-16 20:02 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 19:53 - 2017-05-24 23:35 - 00004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-11 22:20 - 2017-05-08 20:24 - 00000000 ____D C:\Users\chris\AppData\Local\NickThissen
2017-06-06 18:44 - 2017-05-07 18:09 - 00000000 ____D C:\Users\chris\OneDrive\Dokumente\iRacing

==================== Files in the root of some directories =======

2016-12-24 13:27 - 2016-12-24 13:27 - 0000000 _____ () C:\Program Files (x86)\GUT9348.tmp
2016-12-24 13:26 - 2016-12-24 13:26 - 0000000 _____ () C:\Program Files (x86)\GUTF4FF.tmp
2016-05-30 19:21 - 2016-05-30 19:37 - 0000115 _____ () C:\Users\chris\AppData\Roaming\LogFile.txt
2017-01-14 23:48 - 2017-04-11 18:32 - 0000321 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
2017-01-12 17:13 - 2017-01-12 17:44 - 0000177 _____ () C:\Users\chris\AppData\Local\uts.ini
2016-01-29 21:55 - 2016-01-29 21:55 - 0000000 _____ () C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99}
2017-05-08 20:24 - 2017-05-08 20:24 - 0000109 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2017-07-01 13:52 - 2017-05-24 08:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\chris\AppData\Local\Temp\HD-Common.dll
2017-07-01 13:52 - 2017-05-24 08:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\chris\AppData\Local\Temp\HD-InstallerUtils.dll
2017-07-01 13:52 - 2017-05-24 08:54 - 0187416 _____ (BlueStack Systems) C:\Users\chris\AppData\Local\Temp\HD-LibraryHandler.dll
2017-07-01 13:52 - 2017-05-24 08:53 - 0246808 _____ (BlueStack Systems) C:\Users\chris\AppData\Local\Temp\HD-Logger-Native.dll
2017-07-01 13:52 - 2017-05-24 08:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\chris\AppData\Local\Temp\HD-Uninstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-30 17:38

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

brill_e · 05.07.2017, 23:09

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by chris (05-07-2017 23:19:13)
Running from C:\Users\chris\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-25 06:33:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1245378809-2198360341-2726498664-500 - Administrator - Disabled)
chris (S-1-5-21-1245378809-2198360341-2726498664-1001 - Administrator - Enabled) => C:\Users\chris
DefaultAccount (S-1-5-21-1245378809-2198360341-2726498664-503 - Limited - Disabled)
Guest (S-1-5-21-1245378809-2198360341-2726498664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon.com Fire_Devices (HKLM\...\Fire_Devices Drivers) (Version: 2 - Amazon.com)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS Xonar DGX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version:  - Treyarch)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.03 - Canon Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2623.58 - CyberLink Corp.)
Dr. Hardware 2016 16.0d (HKLM-x32\...\Dr. Hardware 2016_is1) (Version:  - Peter A. Gebhard)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iRacing Setup Sync version 3.0 (HKLM-x32\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 2.23.0030 - iRacing.com Motorsport Simulations)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.4.1.0 - Recisio)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.1909 - Marvell)
Microsoft OneDrive (HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 8.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.8.0 - Moritz Bunkus)
mp4UI (HKLM-x32\...\mp4UI) (Version:  - )
MTK USB All 1.01 (HKLM-x32\...\MTK USB All 1.01) (Version: 1.01 - MTK2000)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NVIDIA Update 24.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 24.0.0.0 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.8.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
RC Desk Pilot 0.1.3 (HKLM\...\{DFFD7D4F-6C61-402D-8D16-72B8AC33FE5A}_is1) (Version:  - rcdeskpilot.com)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
SRS-Root (HKLM-x32\...\{24EAD272-D05D-4950-BD59-F88AB7B4C8C7}_is1) (Version:  - 123Unlock GSM Service)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows-Treiberpaket - Amazon.com (WinUSB) FireDevicesUsbDeviceClass  (10/27/2014 1.4.0000.00000) (HKLM\...\34134A59F616767F2CEC57DC0849834538166E22) (Version: 10/27/2014 1.4.0000.00000 - Amazon.com)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Yahoo! Powered (HKLM-x32\...\{3F55D795-6FD5-0615-DE55-76950ED5A515}) (Version:  - ) <==== ATTENTION
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A086FC-80B6-457C-8B89-C11A6BB10B2A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {140D9A57-B9D4-4EB0-A02C-E2E7FE46B304} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-02] (NVIDIA Corporation)
Task: {2BF4AB66-82E3-4835-9DE2-928E6F7497C7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-02] (NVIDIA Corporation)
Task: {3F86AE47-08F9-4BB8-AA79-F9A142FB014D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {51410BEC-8141-442F-8D90-40B8E6BDD655} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-02] (NVIDIA Corporation)
Task: {897212FD-7C02-4598-A42C-50C5BF97EE08} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)
Task: {92540330-11FB-41BC-A53C-F99FAD3366DD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-02] (NVIDIA Corporation)
Task: {959744BB-6A6F-48D5-B464-FB6C6670CB54} - System32\Tasks\Yahoo! Powered nodor => Wscript.exe "C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\tote.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b45323832323745312d363843302d414432372d454530362d3333363537343434423841427d5c6669636f6c69" "433a5c50726f6772616d446174615c7b45323832323745312d363843302d414432372d454530 (the data entry has 78 more characters). <==== ATTENTION
Task: {AC9114D4-512F-4E03-AA0F-F36E8F274FAB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-02] (NVIDIA Corporation)
Task: {ACE2A8D4-A7B6-444B-8A6F-A6C8392595AF} - System32\Tasks\SafeZone scheduled Autoupdate 1464624296 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {B2020B7A-95AB-49FF-B918-74658DD51760} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-26] (AVAST Software)
Task: {BEAED543-6F1F-4F38-AB06-526E9DB577AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {CC79A40A-C87C-4E05-9016-98427355B483} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\Program Files (x86)\iRacing\d3dGear.exe [2017-06-06] (D3DGear Technologies.)
Task: {DFED4FCC-BA09-40DF-B6E6-31A5C4A2F38B} - System32\Tasks\Bing Search Engine nodor => Wscript.exe "C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\tote.txt" "687474703a2f2f77617662736c792e636f6d" "433a5c50726f6772616d446174615c7b30353241433034392d384636382d344138462d303941452d4434434439334543354630337d5c6669636f6c69" "433a5c50726f6772616d446174615c7b30353241433034392d384636382d344138462d30 (the data entry has 82 more characters). <==== ATTENTION
Task: {F7B3AED5-B41D-4773-857A-DAA17F650A68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Bing Search Engine nodor.job => Wscript.exe  C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\tote.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\Yahoo! Powered nodor.job => Wscript.exe  C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\tote.txt <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\chris\Desktop\Start iRacing Service (background task).lnk -> C:\Program Files (x86)\iRacing\Start_iRacingService.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-01-17 03:30 - 2017-01-17 03:30 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-25 17:31 - 2017-06-25 17:31 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-01-14 20:22 - 2016-01-15 18:53 - 00200704 _____ () C:\Windows\SysWOW64\HsMgr.exe
2016-01-14 20:22 - 2016-01-15 18:53 - 00282112 _____ () C:\Windows\System\HsMgr64.exe
2016-03-25 20:09 - 2016-03-25 20:09 - 00179200 _____ () C:\Program Files\YoloMouse\YoloMouse.exe
2010-11-19 09:58 - 2010-11-19 09:58 - 01199144 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2017-06-27 16:56 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 16:56 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-05-25 09:06 - 2017-05-25 09:06 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-25 17:32 - 2017-06-25 17:32 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-25 17:32 - 2017-06-25 17:32 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-06-02 17:42 - 2017-06-02 17:43 - 30965760 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Music.UI.exe
2017-06-02 17:42 - 2017-06-02 17:43 - 09016320 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\EntCommon.dll
2017-05-26 18:16 - 2017-05-26 18:17 - 03140520 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.17042.14111.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-25 17:32 - 2017-06-25 17:33 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-25 17:32 - 2017-06-25 17:33 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41125.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-03-18 22:59 - 2017-03-19 04:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2008-01-17 19:17 - 2008-01-17 19:17 - 00073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2016-01-14 20:22 - 2015-12-19 22:25 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-18 18:47 - 2017-06-25 17:25 - 00189040 _____ () C:\Users\chris\AppData\Roaming\Spotify\SpotifyWinRT.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2011-02-24 18:41 - 2011-02-24 18:41 - 00635392 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\x_adm_driver.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00018272 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\log_trace.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2017-01-13 19:33 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\chris\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SteelSeries World of Warcraft MMO Gaming Mouse"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{134516E2-D25C-4137-9DA6-623263C56F7D}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7200FB71-0304-445A-A756-C2098551F371}C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base39951\heroesofthestorm_x64.exe
FirewallRules: [{8CE8DADE-9E60-449E-95DB-BAD284DD2EEE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5562EBBC-A486-47B9-8682-EF8E57C69EFA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AEDB43A9-E3F2-4E8F-B095-EF4860E3515B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{FDF33CD0-18C1-4F74-A5F7-EEB69627257E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{65028E15-53D1-4994-A2CD-3726E32F8AB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [TCP Query User{E8D194F4-E47D-4515-A3BC-4DE11D26DCFF}C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{AABDEE99-47D4-4F48-A289-E0E84C70389A}C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base40431\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{BF310C60-EAE1-411D-BA41-5E6A8A4D882E}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{5F9FABC0-6FAC-43B6-A8FE-79B5F8B0C094}C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base40697\heroesofthestorm_x64.exe
FirewallRules: [{C5349BA8-DCE9-443F-9D80-5806CB7EC36B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{D9C8FF64-8387-425E-AB89-A782071E0CC7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{23F920E9-5C4D-4600-BDEF-7EF427FBFC50}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{7F08A028-1925-44F2-A9F7-DABD9A99ED1E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{E7136379-7387-4A19-BB22-EA09D81EC153}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [TCP Query User{C5FA65F1-B521-461A-824C-B0D48F995862}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{1F851B05-96CC-416F-BE71-DD0CA2B74D0D}C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base42958\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0D2A2CD9-7E9F-4EAC-BD14-B6A48F65BCBD}C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{219BEAA0-771C-4347-AD6F-7FF5140B22EF}C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base43170\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{6D8A8BFA-147F-42B2-9F5B-DEC725B760B7}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{421D4BF7-C97C-4D55-9625-AB8D23245FBF}C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base43259\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{73D2D6C2-223A-4F0C-8BF9-FF339DBB4DF0}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [UDP Query User{FDECE195-C53A-4B41-BC61-2E8626097C46}C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe] => (Allow) C:\program files (x86)\marvell\storage\apache2\bin\httpd.exe
FirewallRules: [TCP Query User{F807DAC1-B216-4F82-B083-E16A83AB53AE}C:\program files (x86)\phoenixrc\phoenixrc.exe] => (Allow) C:\program files (x86)\phoenixrc\phoenixrc.exe
FirewallRules: [UDP Query User{940B0F2F-3CAF-431B-8701-184FFAD2123D}C:\program files (x86)\phoenixrc\phoenixrc.exe] => (Allow) C:\program files (x86)\phoenixrc\phoenixrc.exe
FirewallRules: [TCP Query User{DE1346D0-9016-42B7-B77F-9D8F04B5889E}C:\program files (x86)\phoenixrc\simulator.exe] => (Allow) C:\program files (x86)\phoenixrc\simulator.exe
FirewallRules: [UDP Query User{36CDD09A-1061-4963-88BC-9D6CD80D6061}C:\program files (x86)\phoenixrc\simulator.exe] => (Allow) C:\program files (x86)\phoenixrc\simulator.exe
FirewallRules: [TCP Query User{6A7BC6AA-88A8-4F47-8DD5-4DA4336710D2}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{87B780D4-2347-4E2F-ABE4-D77CB2F41D51}C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43571\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{0FA3E347-A1FE-44B6-97BF-6D7FFD33921C}C:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{901EF0B1-C561-4C6F-862D-7AED4A8E9C02}C:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base43905\heroesofthestorm_x64.exe
FirewallRules: [{651275FF-3885-4D6B-B9B2-54B2F4B16B8E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A163FC6D-06AA-4C57-804D-53E347CC965C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BEE5C79D-876D-4AD4-B82F-EA71355D5CE1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{BA1B3875-64A3-4F2B-A5EE-3F48D25EB9B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6mp.exe
FirewallRules: [{AA34F886-251D-4FE8-987A-99D2B281A60F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{932F6E5B-992E-4A2A-B3CF-0C95C0121B68}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C1E75CF5-2EE9-4FEA-A9BE-508CF09343CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{5FDE8C6B-D426-4983-A7E5-373FFDD0BC3B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Call of Duty Black Ops II\t6sp.exe
FirewallRules: [{F208D0F7-1AFF-4B71-AB52-33F2706EE246}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CB47EB42-482B-42B2-8DB3-0198AEE81FCC}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{E03B12ED-87D5-4A7E-ACB9-3D32DF6343D8}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{952EB9C4-89ED-490E-889E-ECABAF0355A6}C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base49907\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B74705EB-D976-43E7-AF99-E8AE737F008D}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{025E4730-095A-47EA-9345-ACB1A454C845}C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base50286\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{E5FADA18-3B97-44D3-AA96-A3CABA5781F3}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98D41DB3-D91A-4BB7-BB8B-D631340AE61B}C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base50441\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{7A163E44-27C8-44F0-90CF-81049B8C5417}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{6D6B2CA0-107E-41B7-90F5-F93B54C1EC0C}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{68213CF2-D95B-4640-8C5D-4A472DC57490}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{022CB77A-D622-4D9F-B902-F3736DECA12C}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A2C4D88F-91EE-491E-AEF2-FEE5BA4041AB}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{B8054224-7312-4D77-9577-C67674F5C727}C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base52124\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{B6686947-0AD3-4736-BC2D-E13A51DDBB15}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{CD70FB60-89F5-4029-BFAE-98BD54D5BCDC}C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52351\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{A0D21EDA-0C43-4363-8301-B96B4A743244}C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{98A53C31-438B-4074-9D04-C1DF17D2F100}C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52647\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{2C40395E-BAB6-45E8-A40E-A1B250B5F5DC}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{37659E4D-45CF-4809-B29C-1E8C51A49916}C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base52860\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{14660944-C7BC-4912-99F4-60DE68F83F8D}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{66A9257F-22A2-4BCD-91FB-0AB039EF656F}C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe] => (Block) C:\program files (x86)\heroes of the storm\versions\base52986\heroesofthestorm_x64.exe
FirewallRules: [{8A305337-7789-4A73-940D-4D3A75FE37F6}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
FirewallRules: [{D22E6523-87C5-43FC-80E0-BD4532E9C96B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{54CE2DC0-2E0F-4206-805A-E134498CE74D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/05/2017 07:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/05/2017 07:23:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/05/2017 07:23:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/05/2017 05:28:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E48G4LQ)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/05/2017 05:10:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E48G4LQ)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/05/2017 04:03:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/05/2017 02:30:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E48G4LQ)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/05/2017 02:30:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E48G4LQ)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2147483638. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.

Error: (07/05/2017 01:44:05 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm SystemSettings.exe, Version 10.0.15063.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 604

Startzeit: 01d2f583ea35136b

Beendigungszeit: 4294967295

Anwendungspfad: C:\Windows\ImmersiveControlPanel\SystemSettings.exe

Berichts-ID: 5e410445-a9dc-4712-9851-b97182fb9512

Vollständiger Name des fehlerhaften Pakets: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Auf das fehlerhafte Paket bezogene Anwendungs-ID: microsoft.windows.immersivecontrolpanel

Error: (07/05/2017 01:43:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-E48G4LQ)
Description: Bei der Aktivierung der App „windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel“ ist folgender Fehler aufgetreten: -2144927142. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.


System errors:
=============
Error: (07/05/2017 11:20:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Browser" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/05/2017 11:20:26 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Browser erreicht.

Error: (07/05/2017 10:48:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/05/2017 10:48:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Adobe Flash Player Update Service erreicht.

Error: (07/05/2017 10:37:37 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "1053" in DCOM, als der Dienst "gupdate" mit den Argumenten "/comsvc" gestartet wurde, um den folgenden Server zu verwenden:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}

Error: (07/05/2017 10:37:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Dienst antwortete nicht rechtzeitig auf die Start- oder Steuerungsanforderung.

Error: (07/05/2017 10:37:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Google Update-Dienst (gupdate) erreicht.

Error: (07/05/2017 10:20:34 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (07/05/2017 08:36:35 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.

Error: (07/05/2017 08:27:31 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: Fehler "1053" in DCOM, als der Dienst "wisvc" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{3185A766-B338-11E4-A71E-12E3F512A338}


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 46%
Total physical RAM: 8190.08 MB
Available physical RAM: 4406.86 MB
Total Virtual: 10878.08 MB
Available Virtual: 6147.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.42 GB) (Free:36.81 GB) NTFS
Drive d: (Volume) (Fixed) (Total:698.49 GB) (Free:565.63 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ESD-ISO) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94AA1527)
Partition 1: (Active) - (Size=698.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C74198B7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

M-K-D-B · 06.07.2017, 21:22

Servus,

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware 3

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist.
Setze einen Haken vor Shortcut.txt und drücke auf Untersuchen.
FRST erstellt nun drei Logdateien (FRST.txt, Addition.txt und Shortcut.txt).
Poste mir alle drei Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die drei neuen Logdateien von FRST.

brill_e · 07.07.2017, 00:03

Code:

ATTFilter

# AdwCleaner v6.047 - Logfile created 07/07/2017 at 00:57:44
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-07-06.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : chris - DESKTOP-E48G4LQ
# Running from : D:\Downloads\adwcleaner_6.047.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****

[-] Folder deleted: C:\Users\chris\AppData\Roaming\ParetoLogic
[#] Folder deleted on reboot: C:\Users\chris\AppData\Roaming\PARETOLOGIC
[-] Folder deleted: C:\ProgramData\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\PARETOLOGIC
[#] Folder deleted on reboot: C:\ProgramData\Application Data\ParetoLogic
[#] Folder deleted on reboot: C:\ProgramData\Application Data\PARETOLOGIC
[-] Folder deleted: C:\Users\chris\AppData\Roaming\UpdateTask
[-] Folder deleted: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Files ] *****

[-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
[-] File deleted: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pilplloabdedfmialnfchjomjmpjcoej_0.localstorage


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****

[-] Task deleted: Bing Search Engine nodor
[-] Task deleted: Yahoo! Powered nodor


***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[-] Key deleted: HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\OCComSDK.ComSDK.1
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{B9D64D3B-BE75-4FA2-B94A-C4AE772A0146}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FA7B2795-C0C8-4A58-8672-3F8D80CC0270}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{47A1DF02-BCE4-40C3-AE47-E3EA09A65E4A}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552}
[-] Key deleted: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Software\ParetoLogic
[-] Key deleted: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Software\csastats
[#] Key deleted on reboot: HKCU\Software\ParetoLogic
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\csastats
[-] Key deleted: HKLM\SOFTWARE\ParetoLogic
[#] Key deleted on reboot: [x64] HKCU\Software\ParetoLogic
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 
[-] Key deleted: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Software\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{26080cad-4adc-49ac-8c63-eda16e595cbd}
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\solvusoft.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.solvusoft.com
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej
[-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej


***** [ Web browsers ] *****

[-] [C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: " Image File Execution Options" keys deleted
:: "Prefetch" files deleted
:: Proxy settings cleared
:: Firewall rules cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [6156 Bytes] - [07/07/2017 00:57:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [6196 Bytes] - [07/07/2017 00:56:39]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [6302 Bytes] ##########

M-K-D-B · 07.07.2017, 06:07

Gut gemacht.

Fehlen noch die Logdateien von MBAM3 und FRST.

brill_e · 07.07.2017, 17:30

Ja Sorry komm erst am Abend ran

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 07.07.17
Scan-Zeit: 18:13
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2311
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: DESKTOP-E48G4LQ\chris

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 367386
Erkannte Bedrohungen: 54
In die Quarantäne verschobene Bedrohungen: 54
Abgelaufene Zeit: 0 Min., 43 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{3F55D795-6FD5-0615-DE55-76950ED5A515}, In Quarantäne, [91], [302717],1.0.2311

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 4
PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{E28227E1-68C0-AD27-EE06-33657444B8AB}, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\USERS\CHRIS\APPDATA\LOCAL\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}, In Quarantäne, [91], [302717],1.0.2311

Datei: 49
PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{E28227E1-68C0-AD27-EE06-33657444B8AB}\TOTE.TXT, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\aowLC, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\ficoli, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\hdat1, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\hdat2, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\mLeDW, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{E28227E1-68C0-AD27-EE06-33657444B8AB}\mote, In Quarantäne, [1218], [341897],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\PROGRAMDATA\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\MESO, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\aowLC, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\ficoli, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\hdat1, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\hdat2, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo.Generic, C:\ProgramData\{052AC049-8F68-4A8F-09AE-D4CD93EC5F03}\tote.txt, In Quarantäne, [1218], [343986],1.0.2311
PUP.Optional.WinYahoo, C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O10TVWLE.DEFAULT-1453488945681\PREFS.JS, Ersetzt, [91], [388388],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_bringmesports.dl.tb.ask.com_0.localstorage, In Quarantäne, [283], [240306],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_bringmesports.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [283], [240306],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage, In Quarantäne, [283], [240306],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.tb.ask.com_0.localstorage-journal, In Quarantäne, [283], [240306],1.0.2311
PUP.Optional.WinYahoo, C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O10TVWLE.DEFAULT-1453488945681\SEARCHPLUGINS\SEARCH.YAHOO.COM.XML, In Quarantäne, [91], [388384],1.0.2311
PUP.Optional.WinYahoo, C:\USERS\CHRIS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O10TVWLE.DEFAULT-1453488945681\SEARCHPLUGINS\YAHOO! POWERED.XML, In Quarantäne, [91], [302726],1.0.2311
PUP.Optional.WinYahoo, C:\USERS\CHRIS\APPDATA\LOCAL\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HOWTOREMOVE\HOWTOREMOVE.HTML, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\chromium-min.jpg, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\control panel-min-min.JPG, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\down.png, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\ff menu.JPG, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\ff search engine-min.png, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\hp-min ff.png, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\hp-min ie.png, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\search engine.gif, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\setup pages.gif, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\sp-min.png, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\start-min.jpg, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\HowToRemove\up.png, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\bapi_chmm.dat, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\bapi_ff.dat, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\bapi_ie.dat, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\deli, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\fito, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\install.log, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\loco, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\Sqlite3.dll, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\tefi, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\uninst.dat, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\uninst.exe, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.WinYahoo, C:\Users\chris\AppData\Local\{8BC0BD9C-AF68-D124-C2F0-F4CCE6980854}\uninstp.dat, In Quarantäne, [91], [302717],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_bringmesports.dl.myway.com_0.localstorage, In Quarantäne, [283], [240305],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_bringmesports.dl.myway.com_0.localstorage-journal, In Quarantäne, [283], [240305],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage, In Quarantäne, [283], [240305],1.0.2311
PUP.Optional.MindSpark, C:\USERS\CHRIS\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\http_videodownloadconverter.dl.myway.com_0.localstorage-journal, In Quarantäne, [283], [240305],1.0.2311

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

FRST Logfile:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-07-2017
Ran by chris (administrator) on DESKTOP-E48G4LQ (07-07-2017 18:26:41)
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available Profiles: chris)
Platform: Windows 10 Home Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService64.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\YoloMouse\YoloMouse.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(Nick Thissen) C:\Program Files (x86)\iRacing Setup Sync\bin\iRacingSetupSync.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2016-01-15] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2016-01-15] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-26] (AVAST Software)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-23] (Razer Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2016-02-23] (CyberLink Corp.)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1199144 2010-11-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [YoloMouse] => C:\Program Files\YoloMouse\YoloMouse.exe [179200 2016-03-25] ()
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Spotify Web Helper] => C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-25] (Spotify Ltd)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Spotify] => C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-25] (Spotify Ltd)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk [2017-05-08]
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files (x86)\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{86758696-4300-4565-9f89-421c20bd886a}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 [2017-05-26]
FF NewTab: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> search.yahoo.com
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> Avast Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> search.yahoo.com
FF Homepage: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> hxxps://www.malwarebytes.org/restorebrowser/ad725cc5911bd0d183&param1=ArFaIWVoNqArQGMVInobADAevXFbMnMqQGMVBCJoNqAdBHFaISoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmE9ISIXvFE9IWYUNVQ9JGYVNVM9JCIVwVNdISoVvFNdJCILNVJdESk8NUM9J6k3vFI4J6ILNFdbDSk8wVU9ImIXvFI9ImIWwVA4ISoVwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGwVI9JaYYvFFdISIXNVU9JmISvFQ4JmoXvFQ9IaYYNVBdICoVwVw9J6IYNVE4ICISwVM9J6oUNVQ4J6IXNVRdJmoUvFE4Jmk4NoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoM9JCk4vFQ9JmIXvFQ4IGYVwVw9JmoXwVVdJmISvFFdJaYXNVQ9IaYXvmk9J6IVwVw4IWYXvFQ4ISk3wVNdJqYTvFI9JCoUvmlbFCILNVVdGSk8vFFoNqAqxrFaIWVaNqp8MGJdMqFoNqAsQGMVvDIlC6MuNGwuNWEuyDorQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVdMWBaMaF5Mt%3D%3D
FF Keyword.URL: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> user_pref("keyword.URL", true);
FF Extension: (Avast SafePrice) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\sp@avast.com.xpi [2017-05-26]
FF Extension: (Avast Online Security) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\wrc@avast.com.xpi [2017-05-26]
FF Extension: (Video DownloadHelper) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-07]
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\searchplugins\avast-search.xml [2017-01-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://members.iracing.com/membersite/member/Home.do"
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2017-07-07]
CHR Extension: (Google Präsentationen) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-16]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-16]
CHR Extension: (uTab) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp [2017-07-07]
CHR Extension: (Google-Suche) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21]
CHR Extension: (Google Mail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-26] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-05] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService64.exe [1127664 2017-06-23] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2010-09-02] (Apache Software Foundation) [File not signed]
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-02] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-23] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-26] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-26] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-26] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158888 2017-07-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-26] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-12-19] (C-Media Inc)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-07] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-07-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-07-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-07-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-07] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-05-02] (NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-03] (SteelSeries ApS)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-02-22] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-06 05:12 - 2021-11-06 05:12 - 00207872 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\MVTrim.dll
2017-07-07 18:26 - 2017-07-07 18:26 - 00021039 _____ C:\Users\chris\Desktop\FRST.txt
2017-07-07 18:23 - 2017-07-07 18:23 - 00009580 _____ C:\Users\chris\Desktop\mbam.txt
2017-07-07 04:04 - 2017-07-07 18:20 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-07 04:04 - 2017-07-07 18:20 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-07 04:04 - 2017-07-07 04:04 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-07 03:57 - 2017-07-07 18:20 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-07 01:10 - 2017-07-07 18:20 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-07 01:04 - 2017-07-07 01:13 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-07 01:04 - 2017-07-07 01:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-07 01:04 - 2017-07-07 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-07 01:04 - 2017-07-07 01:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-07 01:04 - 2017-07-07 01:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-07 00:53 - 2017-07-07 00:57 - 00000000 ____D C:\AdwCleaner
2017-07-06 12:55 - 2017-07-06 12:55 - 00000877 _____ C:\Users\Public\Desktop\Stagelight.lnk
2017-07-06 12:55 - 2017-07-06 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
2017-07-06 12:55 - 2017-07-06 12:55 - 00000000 ____D C:\Program Files\Stagelight
2017-07-05 23:44 - 2017-07-05 23:48 - 00086452 _____ C:\TDSSKiller.3.1.0.15_05.07.2017_23.44.21_log.txt
2017-07-05 23:42 - 2017-07-05 23:42 - 04922400 _____ (AO Kaspersky Lab) C:\Users\chris\Desktop\tdsskiller.exe
2017-07-05 23:15 - 2017-07-05 23:14 - 02436608 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
2017-07-05 19:23 - 2017-07-05 19:23 - 00001081 _____ C:\Users\chris\Desktop\KaraFun Player 2.lnk
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\ProgramData\Recisio
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun Player 2
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\Program Files (x86)\KaraFun Player 2
2017-07-05 13:37 - 2017-07-07 18:26 - 00000000 ____D C:\FRST
2017-07-05 12:32 - 2017-07-05 12:32 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-07-02 20:56 - 2017-07-04 17:34 - 00000000 ____D C:\Users\chris\AppData\Roaming\MuseScore
2017-07-02 20:56 - 2017-07-02 20:56 - 00001126 _____ C:\Users\chris\Desktop\MuseScore 2.lnk
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\OneDrive\Dokumente\MuseScore2
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\AppData\Local\MuseScore
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2017-07-01 20:25 - 2017-07-01 20:51 - 00000000 ____D C:\Users\chris\Desktop\Karaoke
2017-07-01 19:50 - 2017-07-01 19:50 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-07-01 18:52 - 2017-07-06 18:23 - 00000000 ____D C:\Users\chris\AppData\Roaming\audacity
2017-07-01 18:52 - 2017-07-01 18:52 - 00000000 ____D C:\Users\chris\AppData\Local\Audacity
2017-07-01 18:51 - 2017-07-01 18:52 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-07-01 18:51 - 2017-07-01 18:51 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-07-01 18:51 - 2017-07-01 18:51 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00001648 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00001648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-07-01 14:18 - 2017-05-24 08:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-07-01 13:48 - 2017-07-05 17:25 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-07-01 13:47 - 2017-07-01 14:18 - 00000000 ____D C:\Users\chris\AppData\Local\Bluestacks
2017-06-29 16:32 - 2017-06-20 08:15 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-29 16:32 - 2017-06-20 08:15 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-29 16:32 - 2017-06-20 08:11 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-29 16:32 - 2017-06-20 08:11 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-29 16:32 - 2017-06-20 08:09 - 02969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-29 16:32 - 2017-06-20 08:08 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-29 16:32 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-29 16:32 - 2017-06-20 08:03 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-29 16:32 - 2017-06-20 08:03 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-29 16:32 - 2017-06-20 08:03 - 02444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-29 16:32 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-29 16:32 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-29 16:32 - 2017-06-20 08:01 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-29 16:32 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-29 16:32 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-29 16:32 - 2017-06-20 07:59 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-29 16:32 - 2017-06-20 07:58 - 21352184 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-29 16:32 - 2017-06-20 07:58 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-29 16:32 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-29 16:32 - 2017-06-20 07:28 - 23675904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-29 16:32 - 2017-06-20 07:17 - 03670528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-29 16:32 - 2017-06-20 07:15 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-29 16:32 - 2017-06-20 07:14 - 17364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-29 16:32 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-29 16:32 - 2017-06-20 07:13 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-29 16:32 - 2017-06-20 07:12 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-29 16:32 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-29 16:32 - 2017-06-20 07:11 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-29 16:32 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-29 16:32 - 2017-06-20 07:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-29 16:32 - 2017-06-20 07:09 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-29 16:32 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-29 16:32 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 12786688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 01517536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-29 16:32 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 08243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 20372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 06763648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-29 16:32 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-29 16:32 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 01802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-29 16:32 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-29 16:32 - 2017-06-20 06:50 - 02957312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-29 16:32 - 2017-06-20 06:49 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-29 16:32 - 2017-06-20 06:45 - 20505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-29 16:32 - 2017-06-20 06:44 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-29 16:32 - 2017-06-20 06:40 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-29 16:32 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-29 16:32 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-29 16:32 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-29 16:32 - 2017-06-20 06:37 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-29 16:32 - 2017-06-20 06:37 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-29 16:32 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-29 16:32 - 2017-06-20 06:36 - 06291456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-29 16:32 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-29 16:32 - 2017-06-20 06:36 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-29 16:32 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-29 16:31 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-29 16:31 - 2017-06-20 08:18 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-06-29 16:31 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-29 16:31 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-29 16:31 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-29 16:31 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-29 16:31 - 2017-06-20 08:15 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-06-29 16:31 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-29 16:31 - 2017-06-20 08:14 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-29 16:31 - 2017-06-20 08:14 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-29 16:31 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-29 16:31 - 2017-06-20 08:11 - 01186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-29 16:31 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-29 16:31 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-29 16:31 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-29 16:31 - 2017-06-20 08:10 - 00119392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-06-29 16:31 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-29 16:31 - 2017-06-20 08:06 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-06-29 16:31 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-29 16:31 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-29 16:31 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-29 16:31 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-29 16:31 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-29 16:31 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-29 16:31 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-29 16:31 - 2017-06-20 08:01 - 00553888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-06-29 16:31 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-29 16:31 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 01337344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-29 16:31 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-29 16:31 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-29 16:31 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-29 16:31 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 00096136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-06-29 16:31 - 2017-06-20 07:14 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-29 16:31 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-29 16:31 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-29 16:31 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-29 16:31 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-29 16:31 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-29 16:31 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-29 16:31 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-29 16:31 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-29 16:31 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-29 16:31 - 2017-06-20 07:07 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-29 16:31 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-29 16:31 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-29 16:31 - 2017-06-20 07:04 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-29 16:31 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 01194696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-29 16:31 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-29 16:31 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-29 16:31 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-29 16:31 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-29 16:31 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-29 16:31 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-29 16:31 - 2017-06-20 06:47 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-29 16:31 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-29 16:31 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-29 16:31 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-29 16:31 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-29 16:31 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-29 16:31 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-29 16:31 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 01494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-29 16:31 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-29 16:31 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-29 16:31 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-29 16:31 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-29 16:31 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-25 17:25 - 2017-06-25 17:25 - 00003272 _____ C:\WINDOWS\System32\Tasks\D3DGearRawFrameCaptureTask
2017-06-15 05:11 - 2017-06-15 05:11 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-15 00:04 - 2017-06-03 08:32 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-15 00:04 - 2017-06-03 08:32 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-14 18:27 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:27 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:27 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:27 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:27 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:27 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:27 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:27 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:27 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:27 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:27 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:27 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:27 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:27 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:27 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:27 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:27 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:27 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:27 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:27 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:27 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:27 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:27 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:27 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:27 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:26 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:26 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:26 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:26 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:26 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:26 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:26 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:26 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:26 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:26 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:26 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:26 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:26 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:26 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:26 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:26 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:26 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:26 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:26 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:26 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:26 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:26 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:26 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:26 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-07 18:27 - 2016-06-07 19:32 - 00000784 _____ C:\WINDOWS\SysWOW64\za_mv_raid.ev
2017-07-07 18:26 - 2017-05-25 08:56 - 00983826 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-07 18:26 - 2017-05-25 08:56 - 00219064 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-07 18:26 - 2017-05-24 23:38 - 02215380 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-07 18:22 - 2017-05-24 23:35 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E025AA66-1D98-4F3E-A00F-4D7B7E842DE2}
2017-07-07 18:21 - 2017-05-15 21:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-07 18:21 - 2017-02-18 18:47 - 00000000 ____D C:\Users\chris\AppData\Local\Spotify
2017-07-07 18:21 - 2017-02-18 18:46 - 00000000 ____D C:\Users\chris\AppData\Roaming\Spotify
2017-07-07 18:20 - 2017-05-24 23:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-07 18:20 - 2017-05-24 23:29 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-07 18:16 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-07 18:07 - 2017-05-24 23:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-07 00:57 - 2017-01-12 17:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-06 14:00 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-06 14:00 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-05 17:23 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 12:43 - 2016-01-14 19:43 - 00158888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-07-05 12:31 - 2017-05-24 23:29 - 00000000 ____D C:\Users\chris
2017-07-04 18:34 - 2017-05-07 17:23 - 00000000 ____D C:\Program Files (x86)\iRacing
2017-07-04 17:41 - 2017-05-07 18:10 - 00555048 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-07-01 14:30 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-01 14:18 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-29 20:40 - 2016-11-20 20:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-29 18:07 - 2017-05-24 23:28 - 00217144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-29 16:35 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-27 16:56 - 2016-01-14 19:46 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 16:56 - 2016-01-14 19:46 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 18:37 - 2017-05-24 12:04 - 00000000 ____D C:\Users\chris\AppData\Local\ElevatedDiagnostics
2017-06-20 19:53 - 2016-01-14 18:34 - 00002387 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 19:53 - 2016-01-14 18:34 - 00000000 ___RD C:\Users\chris\OneDrive
2017-06-18 02:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 02:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 22:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 00:02 - 2017-03-19 04:30 - 00000000 ____D C:\WINDOWS\OCR
2017-06-14 22:45 - 2016-01-16 20:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 22:43 - 2016-01-16 20:02 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 19:53 - 2017-05-24 23:35 - 00004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-11 22:20 - 2017-05-08 20:24 - 00000000 ____D C:\Users\chris\AppData\Local\NickThissen

==================== Files in the root of some directories =======

2016-12-24 13:27 - 2016-12-24 13:27 - 0000000 _____ () C:\Program Files (x86)\GUT9348.tmp
2016-12-24 13:26 - 2016-12-24 13:26 - 0000000 _____ () C:\Program Files (x86)\GUTF4FF.tmp
2016-05-30 19:21 - 2016-05-30 19:37 - 0000115 _____ () C:\Users\chris\AppData\Roaming\LogFile.txt
2017-01-14 23:48 - 2017-04-11 18:32 - 0000321 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
2017-01-12 17:13 - 2017-01-12 17:44 - 0000177 _____ () C:\Users\chris\AppData\Local\uts.ini
2016-01-29 21:55 - 2016-01-29 21:55 - 0000000 _____ () C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99}
2017-05-08 20:24 - 2017-05-08 20:24 - 0000109 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
2017-07-01 13:52 - 2017-05-24 08:56 - 0785464 _____ (BlueStack Systems, Inc.) C:\Users\chris\AppData\Local\Temp\HD-Common.dll
2017-07-01 13:52 - 2017-05-24 08:57 - 0464952 _____ (BlueStack Systems, Inc.) C:\Users\chris\AppData\Local\Temp\HD-InstallerUtils.dll
2017-07-01 13:52 - 2017-05-24 08:54 - 0187416 _____ (BlueStack Systems) C:\Users\chris\AppData\Local\Temp\HD-LibraryHandler.dll
2017-07-01 13:52 - 2017-05-24 08:53 - 0246808 _____ (BlueStack Systems) C:\Users\chris\AppData\Local\Temp\HD-Logger-Native.dll
2017-07-01 13:52 - 2017-05-24 08:56 - 0385080 _____ (BlueStack Systems, Inc.) C:\Users\chris\AppData\Local\Temp\HD-Uninstaller.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-30 17:38

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

--- --- ---

[CODE]Additional
FRST Logfile:

Code:

ATTFilter

scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by chris (07-07-2017 18:27:16)
Running from C:\Users\chris\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-25 06:33:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1245378809-2198360341-2726498664-500 - Administrator - Disabled)
chris (S-1-5-21-1245378809-2198360341-2726498664-1001 - Administrator - Enabled) => C:\Users\chris
DefaultAccount (S-1-5-21-1245378809-2198360341-2726498664-503 - Limited - Disabled)
Guest (S-1-5-21-1245378809-2198360341-2726498664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon.com Fire_Devices (HKLM\...\Fire_Devices Drivers) (Version: 2 - Amazon.com)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS Xonar DGX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version:  - Treyarch)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.03 - Canon Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2623.58 - CyberLink Corp.)
Dr. Hardware 2016 16.0d (HKLM-x32\...\Dr. Hardware 2016_is1) (Version:  - Peter A. Gebhard)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iRacing Setup Sync version 3.0 (HKLM-x32\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 2.23.0030 - iRacing.com Motorsport Simulations)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.4.1.0 - Recisio)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.1909 - Marvell)
Microsoft OneDrive (HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 8.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.8.0 - Moritz Bunkus)
mp4UI (HKLM-x32\...\mp4UI) (Version:  - )
MTK USB All 1.01 (HKLM-x32\...\MTK USB All 1.01) (Version: 1.01 - MTK2000)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NVIDIA Update 24.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 24.0.0.0 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.8.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
RC Desk Pilot 0.1.3 (HKLM\...\{DFFD7D4F-6C61-402D-8D16-72B8AC33FE5A}_is1) (Version:  - rcdeskpilot.com)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
SRS-Root (HKLM-x32\...\{24EAD272-D05D-4950-BD59-F88AB7B4C8C7}_is1) (Version:  - 123Unlock GSM Service)
Stagelight (HKLM\...\Stagelight) (Version: 3.0.6.6284 - Open Labs, LLC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows-Treiberpaket - Amazon.com (WinUSB) FireDevicesUsbDeviceClass  (10/27/2014 1.4.0000.00000) (HKLM\...\34134A59F616767F2CEC57DC0849834538166E22) (Version: 10/27/2014 1.4.0000.00000 - Amazon.com)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A086FC-80B6-457C-8B89-C11A6BB10B2A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {140D9A57-B9D4-4EB0-A02C-E2E7FE46B304} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-02] (NVIDIA Corporation)
Task: {2BF4AB66-82E3-4835-9DE2-928E6F7497C7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-02] (NVIDIA Corporation)
Task: {3F86AE47-08F9-4BB8-AA79-F9A142FB014D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {51410BEC-8141-442F-8D90-40B8E6BDD655} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-02] (NVIDIA Corporation)
Task: {897212FD-7C02-4598-A42C-50C5BF97EE08} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)
Task: {92540330-11FB-41BC-A53C-F99FAD3366DD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-02] (NVIDIA Corporation)
Task: {AC9114D4-512F-4E03-AA0F-F36E8F274FAB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-02] (NVIDIA Corporation)
Task: {ACE2A8D4-A7B6-444B-8A6F-A6C8392595AF} - System32\Tasks\SafeZone scheduled Autoupdate 1464624296 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {B2020B7A-95AB-49FF-B918-74658DD51760} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-26] (AVAST Software)
Task: {BEAED543-6F1F-4F38-AB06-526E9DB577AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {CC79A40A-C87C-4E05-9016-98427355B483} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\Program Files (x86)\iRacing\d3dGear.exe [2017-06-06] (D3DGear Technologies.)
Task: {F7B3AED5-B41D-4773-857A-DAA17F650A68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\chris\Desktop\Start iRacing Service (background task).lnk -> C:\Program Files (x86)\iRacing\Start_iRacingService.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-07-07 01:04 - 2017-07-07 01:13 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-19 04:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-25 17:31 - 2017-06-25 17:31 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2016-03-25 20:09 - 2016-03-25 20:09 - 00179200 _____ () C:\Program Files\YoloMouse\YoloMouse.exe
2010-11-19 09:58 - 2010-11-19 09:58 - 01199144 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2008-01-17 19:17 - 2008-01-17 19:17 - 00073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2016-01-14 20:22 - 2015-12-19 22:25 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-18 18:47 - 2017-06-25 17:25 - 00189040 _____ () C:\Users\chris\AppData\Roaming\Spotify\SpotifyWinRT.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2011-02-24 18:41 - 2011-02-24 18:41 - 00635392 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\x_adm_driver.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00018272 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\log_trace.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2017-01-13 19:33 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\chris\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SteelSeries World of Warcraft MMO Gaming Mouse"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6F9BBA92-004A-42F1-B81F-7DE02B06B35A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{54B5A5E2-603E-4F9D-BA89-39508F54AEF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD194B0B-5FA4-4EF1-BCC0-72B9BA8AC51D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DFA9452C-C996-4BEA-82D6-A1B9A9E8982E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{C88B35CF-C639-4649-8041-241349C7117E}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{473193B5-4927-4B21-9881-22FC115FF265}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E23A47CE-CB54-455F-A673-A01692865746}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5C66269E-769C-45DE-AAA6-BBD19938682F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2017 06:21:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 06:21:36 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (07/07/2017 06:21:36 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (07/07/2017 06:21:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 06:21:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 06:21:36 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "ESENT" in der DLL "C:\WINDOWS\system32\esentprf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 06:21:35 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 06:12:52 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "WmiApRpl" in der DLL "C:\WINDOWS\system32\wbem\wmiaprpl.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/07/2017 06:12:52 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (07/07/2017 06:12:52 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.


System errors:
=============
Error: (07/07/2017 06:20:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/07/2017 06:11:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/07/2017 06:08:20 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst NgcSvc erreicht.

Error: (07/07/2017 05:06:18 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E48G4LQ)
Description: Der Server "Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 05:05:54 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E48G4LQ)
Description: Der Server "Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 05:05:34 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E48G4LQ)
Description: Der Server "Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 05:05:16 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E48G4LQ)
Description: Der Server "Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 05:04:58 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E48G4LQ)
Description: Der Server "Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 05:04:41 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-E48G4LQ)
Description: Der Server "Microsoft.MicrosoftEdge_40.15063.0.0_neutral__8wekyb3d8bbwe!ContentProcess" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/07/2017 04:32:36 PM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-E48G4LQ)
Description: Fehler "1053" in DCOM, als der Dienst "BITS" mit den Argumenten "Unavailable" gestartet wurde, um den folgenden Server zu verwenden:
{4991D34B-80A1-4291-83B6-3328366B9097}


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 29%
Total physical RAM: 8190.08 MB
Available physical RAM: 5775.12 MB
Total Virtual: 9470.08 MB
Available Virtual: 7102.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.42 GB) (Free:37.74 GB) NTFS
Drive d: (Volume) (Fixed) (Total:698.49 GB) (Free:565.4 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ESD-ISO) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:931.28 GB) (Free:901.62 GB) FAT32

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

--- --- ---

brill_e · 07.07.2017, 17:31

Code:

ATTFilter

Users shortcut scan result (x64) Version: 05-07-2017
Ran by chris (07-07-2017 18:27:37)
Running from C:\Users\chris\Desktop
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Online Documentation.lnk -> hxxp://neosmart.net/wiki/easybcd
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing\Start iRacing Service (background task).lnk -> C:\Program Files (x86)\iRacing\Start_iRacingService.bat ()
Shortcut: C:\Users\chris\Desktop\Start iRacing Service (background task).lnk -> C:\Program Files (x86)\iRacing\Start_iRacingService.bat ()


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\chris\OneDrive\Dokumente ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> D:\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\chris\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\chris\OneDrive\Bilder ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\chris\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\chris ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\MarvellTray.lnk -> C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 15.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD15\PDVDLP.exe (CyberLink Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10-Upgrade-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YoloMouse\YoloMouse.lnk -> C:\Program Files\YoloMouse\YoloMouse.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight\Stagelight.lnk -> C:\Program Files\Stagelight\Stagelight.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRSROOT\SRSRoot for Android.lnk -> C:\Program Files (x86)\SRSRoot\SRS-One-Click-Root.exe (123Unlock GSM Service)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SRSROOT\Uninstall Simlock Remote Client.lnk -> C:\Program Files (x86)\SRSRoot\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RC Desk Pilot\Aircraft Editor Manual.lnk -> C:\Program Files\RC Desk Pilot\Aircraft Editor Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RC Desk Pilot\Aircraft Editor.lnk -> C:\Program Files\RC Desk Pilot\RCDPAircraftEditor.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RC Desk Pilot\RC Desk Pilot.lnk -> C:\Program Files\RC Desk Pilot\RCDeskPilot.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RC Desk Pilot\User Manual.lnk -> C:\Program Files\RC Desk Pilot\RC Desk Pilot - Manual.pdf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision Photo Viewer.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstview.exe (NVIDIA Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++\Notepad++.lnk -> C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\EasyBCD 2.3.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies\EasyBCD\Uninstall EasyBCD.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\MKVToolNix GUI.lnk -> C:\Program Files\MKVToolNix\mkvtoolnix-gui.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\Uninstall.lnk -> C:\Program Files\MKVToolNix\uninst.exe (Moritz Bunkus)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\Website.lnk -> C:\Program Files\MKVToolNix\MKVToolNix.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\Documentation\ChangeLog - What is new.lnk -> C:\Program Files\MKVToolNix\doc\ChangeLog.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\Documentation\Command line references.lnk -> C:\Program Files\MKVToolNix\doc\command_line_references.html ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\Documentation\README.lnk -> C:\Program Files\MKVToolNix\doc\README.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell Storage Utility\MarvellTray.lnk -> C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Marvell Storage Utility\UnInstall.lnk -> C:\Program Files (x86)\Marvell\storage\uninstmsu.exe (Marvell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Launch Gaming Software Profiler.lnk -> C:\Windows\Installer\{1444D2EE-C7AD-44A8-844F-2634B49353D1}\NewShortcut1_7E69263C626D4C569CA13522D79FEB7F.exe (Acresso Software Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun Player 2\KaraFun Player 2.lnk -> C:\Program Files (x86)\KaraFun Player 2\KaraFunPlayer.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun Player 2\KaraFun Player entfernen.lnk -> C:\Program Files (x86)\KaraFun Player 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun Player 2\www.karafun.de besuchen  (Information, Hilfe , Forum...).lnk -> C:\Program Files (x86)\KaraFun Player 2\KaraFun-Homepage.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_121\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing Setup Sync\iRacing Setup Sync.lnk -> C:\Program Files (x86)\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016 entfernen.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016 Hilfe.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\hilfe\cnt.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016 im Internet.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\DRHARD.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016 Lies mich!.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\liesmich.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016 Lizenzvereinbarung.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\lizenz.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016 Neuerungen der akt. Version.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\whatsnew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dr. Hardware 2016\Dr. Hardware 2016.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\DRHARD.exe (Peter A. Gebhard Softwareentwicklung)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Scan Utility\IJ Scan Utility.lnk -> C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series\Liesmich für XPS.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon MP230 series\readme_German_xps.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP230 series\Liesmich.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon MP230 series\readme_German.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Xonar DGX Audio\Xonar DGX Audio Center.lnk -> C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe (CMedia)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Android Studio\Android Studio.lnk -> C:\Program Files\Android\Android Studio\bin\studio64.exe (Google)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis\Acronis Drive Monitor\Acronis Drive Monitor.lnk -> C:\Program Files (x86)\Acronis\DriveMonitor\adm_console.exe (Acronis)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()
Shortcut: C:\Users\chris\OneDrive\Dokumente\Heroes of the Storm\T_59136896_372@2.lnk -> C:\Users\chris\OneDrive\Dokumente\Heroes of the Storm\Accounts\101418618\2-Hero-1-7327550 ()
Shortcut: C:\Users\chris\Links\Desktop.lnk -> C:\Users\chris\Desktop ()
Shortcut: C:\Users\chris\Links\Downloads.lnk -> D:\Downloads ()
Shortcut: C:\Users\chris\Links\OneDrive.lnk -> C:\Users\chris\OneDrive ()
Shortcut: C:\Users\chris\Desktop\Dr. Hardware 2016.lnk -> C:\Program Files (x86)\Dr. Hardware 2016\DRHARD.exe (Peter A. Gebhard Softwareentwicklung)
Shortcut: C:\Users\chris\Desktop\Eclipse Java Neon.lnk -> C:\Users\chris\eclipse\java-neon\eclipse\eclipse.exe ()
Shortcut: C:\Users\chris\Desktop\flash_tool.exe - Verknüpfung.lnk -> D:\Downloads\SP_Flash_Tool_v5.1628_Win\SP_Flash_Tool_v5.1628_Win\flash_tool.exe ()
Shortcut: C:\Users\chris\Desktop\KaraFun Player 2.lnk -> C:\Program Files (x86)\KaraFun Player 2\KaraFunPlayer.exe ()
Shortcut: C:\Users\chris\Desktop\MTKdroidTools.exe - Verknüpfung.lnk -> D:\Downloads\Mtk_Droid_Tool_v2.5.3\Mtk_Droid_Tool_v2.5.3\MTKdroidTools.exe ()
Shortcut: C:\Users\chris\Desktop\MuseScore 2.lnk -> C:\Program Files (x86)\MuseScore 2\bin\MuseScore.exe ()
Shortcut: C:\Users\chris\Desktop\Notepad++.lnk -> C:\Program Files\Notepad++\notepad++.exe (Don HO don.h@free.fr)
Shortcut: C:\Users\chris\Desktop\Spotify.lnk -> C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\chris\Desktop\SRSRoot for Android.lnk -> C:\Program Files (x86)\SRSRoot\SRS-One-Click-Root.exe (123Unlock GSM Service)
Shortcut: C:\Users\chris\Desktop\Windows 10-Upgrade-Assistent.lnk -> C:\Windows10Upgrade\Windows10UpgraderApp.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\MiFlash.lnk -> C:\Program Files (x86)\Xiaomi\MiPhone\MiFlash.exe (XiaoMi Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kindle Fire HDX 7.lnk -> [LFPO :i+00.z 1YKindle Fire HDX 7\\?\usb#vid_1949&pid_000c&mi_00#6&13733548&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}G{?!&C&F+sm/$Kindle Fire HDX 7-ʫOHkF6CM+\CtY^Hg3(<mx5uIv_S1SPSU(Ly9K-::{20D04FE0-3AEA-1069-A2D8-08002B30309D}\\\?\usb#vid_1949&pid_000c&mi_00#6&13733548&0&0000#{6ac27878-a6fa-4155-ba85-f98f491d4f33}]
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\chris\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk -> C:\Windows\System32\fodhelper.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2\MuseScore 2.lnk -> C:\Program Files (x86)\MuseScore 2\bin\MuseScore.exe ()
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mp4UI\mp4UI.lnk -> C:\Program Files (x86)\mp4UI\mp4UI.exe (Markus Brenner)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mp4UI\Uninstall.lnk -> C:\Program Files (x86)\mp4UI\Uninstaller.exe ()
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Marvell\91xx driver\UnInstall.lnk -> C:\Program Files (x86)\Marvell\mv91xx\uninst-91xx.exe (Marvell)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth-Dateiübertragung.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\mp4UI.lnk -> C:\Program Files (x86)\mp4UI\mp4UI.exe (Markus Brenner)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.PurchaseDialog_cw5n1h2txyewy\Microsoft.Windows.PurchaseDialog.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Windows.ContactSupport_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneVideo_8wekyb3d8bbwe\Microsoft.ZuneVideo.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxIdentityProvider_cw5n1h2txyewy\Microsoft.XboxIdentityProvider.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxGameCallableUI_cw5n1h2txyewy\Microsoft.XboxGameCallableUI.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.XboxApp_8wekyb3d8bbwe\Microsoft.XboxApp.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsStore_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsPhone_8wekyb3d8bbwe\CompanionApp.App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsMaps_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsFeedback_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.calendar.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowslive.mail.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCamera_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsCalculator_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.WindowsAlarms_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Photos_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ParentalControls_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaUI.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.SkypeApp_kzf8qxf38zg5c\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.People_8wekyb3d8bbwe\x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Office.OneNote_8wekyb3d8bbwe\microsoft.onenoteim.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.LockApp_cw5n1h2txyewy\WindowsDefaultLockScreen.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Getstarted_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BioEnrollment_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingWeather_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingSports_8wekyb3d8bbwe\AppexSports.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingNews_8wekyb3d8bbwe\AppexNews.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.BingFinance_8wekyb3d8bbwe\AppexFinance.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.Appconnector_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AccountsControl_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\Microsoft.3DBuilder_8wekyb3d8bbwe\App.lnk -> Tile and icon assets
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\App.lnk -> CandyCrushSodaSaga
Shortcut: C:\Users\chris\AppData\Local\Microsoft\Windows\Application Shortcuts\9E2F88E3.Twitter_wgeqdkkx372wm\App.lnk -> Tile and icon assets
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Acronis Drive Monitor.lnk -> C:\Program Files (x86)\Acronis\DriveMonitor\adm_console.exe (Acronis)
Shortcut: C:\Users\Public\Desktop\Audacity.lnk -> C:\Program Files (x86)\Audacity\audacity.exe (The Audacity Team)
Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
Shortcut: C:\Users\Public\Desktop\Avast SafeZone Browser.lnk -> C:\Program Files\AVAST Software\SZBrowser\launcher.exe (Avast Software)
Shortcut: C:\Users\Public\Desktop\Battle.net.lnk -> C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\BlueStacks.lnk -> C:\Program Files (x86)\BlueStacks\BlueStacks.exe (BlueStack Systems, Inc.)
Shortcut: C:\Users\Public\Desktop\CyberLink PowerDVD 15.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD15\PDVDLP.exe (CyberLink Corp.)
Shortcut: C:\Users\Public\Desktop\EasyBCD 2.3.lnk -> C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\EasyBCD.exe (NeoSmart Technologies)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Heroes of the Storm.lnk -> C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe (Blizzard Entertainment)
Shortcut: C:\Users\Public\Desktop\iRacing Setup Sync.lnk -> C:\Program Files (x86)\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\MKVToolNix GUI.lnk -> C:\Program Files\MKVToolNix\mkvtoolnix-gui.exe ()
Shortcut: C:\Users\Public\Desktop\Stagelight.lnk -> C:\Program Files\Stagelight\Stagelight.exe ()
Shortcut: C:\Users\Public\Desktop\Steam.lnk -> C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk -> C:\Program Files (x86)\iRacing Setup Sync\iRacingSetupSyncLauncher.exe () -> /min
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\3D Vision\3D Vision preview pack 1.lnk -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvstlink.exe (NVIDIA Corporation) -> /show
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MKVToolNix\mkvinfo GUI.lnk -> C:\Program Files\MKVToolNix\mkvinfo.exe () -> -g
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_131\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\fakelocation.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.location.providerV33 -a .Main -vmname:
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Fotos.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.google.android.apps.photos -a com.google.android.apps.photos.home.HomeActivity -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Location Provider.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.location.provider -a com.location.provider.MapsActivity -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\Sing!.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.smule.singandroid -a com.smule.singandroid.StartupActivity_ -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\SoundAbout Voice Search.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.woodslink.android.wiredheadphoneroutingfix -a com.woodslink.android.wiredheadphoneroutingfix.ui.activity.AssistActivity -v Android
ShortcutWithArgument: C:\ProgramData\BlueStacks\UserData\Library\My Apps\SoundAbout.lnk -> C:\Program Files (x86)\BlueStacks\HD-RunApp.exe (BlueStack Systems, Inc.) -> -p com.woodslink.android.wiredheadphoneroutingfix -a com.woodslink.android.wiredheadphoneroutingfix.ui.activity.LicenseActivity -v Android
ShortcutWithArgument: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2\Uninstall MuseScore.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}
ShortcutWithArgument: C:\Users\chris\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\chris\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - NetworkStatus.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageNetworkStatus
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - SystemAbout.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemInfo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - PowerAndSleep.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageScreenPowerAndSleep
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - AppsAndFeatures.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsSizes
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Public\Desktop\MarvellTray.lnk -> C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe () -> /openMRU


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam Support Center.url -> URL: hxxp://support.steampowered.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RC Desk Pilot\RC Desk Pilot on the Web.url -> URL: hxxp://www.rcdeskpilot.com
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url -> URL: hxxp://docs.oracle.com/javase/8/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRacing\members.iRacing.com (race, test, stats, forums).url -> URL: hxxp://members.iRacing.com
InternetURL: C:\Users\chris\OneDrive\Dokumente\Notizbuch von Angeler.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=4277a9989771ee39&resid=4277A9989771EE39!687&type=3
InternetURL: C:\Users\chris\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\chris\Favorites\The NeoSmart Files.url -> URL: hxxp://neosmart.net/blog/feed/
InternetURL: C:\Users\chris\Desktop\China Phone.url -> URL: hxxp://mtk2000.ucoz.ru/
InternetURL: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Call of Duty Black Ops II - Multiplayer.url -> URL: steam://rungameid/202990
InternetURL: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Call of Duty Black Ops II.url -> URL: steam://rungameid/202970
InternetURL: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Counter-Strike Global Offensive.url -> URL: steam://rungameid/730
InternetURL: C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mp4UI\mp4UI.url -> URL: hxxp://mp4ui.sourceforge.net
InternetURL: C:\Users\chris\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Favorites\Playlists - Kinox.url -> URL: hxxp://91.202.61.170/Playlists.html

==================== End of Shortcut.txt =============================

Und vielen Dank schon mal.

M-K-D-B · 07.07.2017, 19:41

Servus,

wir entfernen noch ein bisschen was und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1

Kopiere den Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Folder: C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99}
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
End::

Starte nun FRST und klicke den Entfernen Button.
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von HitmanPro,
die Logdatei von ESET,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

brill_e · 07.07.2017, 19:56

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 05-07-2017
Ran by chris (07-07-2017 20:49:26) Run:1
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available Profiles: chris)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION
Folder: C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99}
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Processes closed successfully.
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <==== ATTENTION => restored successfully

========================= Folder: C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99} ========================

C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99} => File

====== End of Folder: ======


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 7364608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 33089895 B
Java, Flash, Steam htmlcache => 53194432 B
Windows/system/drivers => 3790334 B
Edge => 85839796 B
Chrome => 732602335 B
Firefox => 187207195 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 17222 B
NetworkService => 828 B
chris => 159080621 B

RecycleBin => 3715018524 B
EmptyTemp: => 4.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:51:53 ====

M-K-D-B · 07.07.2017, 20:00

Gut gemacht.

Fehlen noch die anderen Schritte.

brill_e · 07.07.2017, 22:19

Code:

ATTFilter


	Code: 

 ATTFilter

  
	HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : DESKTOP-E48G4LQ
   Windows . . . . . . . : 10.0.0.15063.X64/8
   User name . . . . . . : DESKTOP-E48G4LQ\chris
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-07-07 21:00:13
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 2s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 37

   Objects scanned . . . : 1.917.691
   Files scanned . . . . : 102.551
   Remnants scanned  . . : 626.494 files / 1.188.646 keys

Suspicious files ____________________________________________________________

   C:\Users\chris\Desktop\FRST64.exe
      Size . . . . . . . : 2.436.608 bytes
      Age  . . . . . . . : 1.9 days (2017-07-05 23:15:09)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 6175D6E957B9F51EC07594CA2F0A4FFB5107AE5EAF0C9A67503DF983A424D4D8
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.


Potential Unwanted Programs _________________________________________________

   C:\Users\chris\AppData\Roaming\mgyun\VRoot\ (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppCool.apk (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\ (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\116523_t01a2b3595fdb279415_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\163445_142248178f1_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\16950_143725eb9eb_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\197862_14394884920_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\206713_t0150bbd48f69acc2e1_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\20937_1139512cee9_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\2572_1427258e5ee_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\291215_093209d9d3e_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\3123_1430111d39c_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\321453_14381697a7e_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\473_142619ce3e7_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\475_14403823b3e_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\50861_1433225b780_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\522231_143623f2209_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\534_144119eeb2e_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\594285_1435053123e_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\602651_t01e60fba2b3b04e019_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\630002_111801b00c0_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\630003_111904cb58e_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\630005_113110a469f_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\630006_114453da5fb_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\6463_225040f5219_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\668_11423532187_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\6922_1435585415f_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppIcons\74250_14553292028_48.png (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\CleanMaster.apk (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\Download.mgy (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\globalconfig.mgy (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\kinguser.zip (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\onelocker.apk (iRoot)
   C:\Users\chris\AppData\Roaming\mgyun\VRoot\RootRes.dll (iRoot)
      Size . . . . . . . : 2.455.696 bytes
      Age  . . . . . . . : 173.3 days (2017-01-15 14:22:48)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 8EDB1E5AB638355FCE501F8C41BF9EC851C4286D37549DFEAD531C85C3DB48F1
      Product  . . . . . : Root大师
      Publisher  . . . . : 深圳信壹网络有限公司
      Description  . . . : RootRes 动态链接库
      Version  . . . . . : 1.0.9.22
      RSA Key Size . . . : 2048
      LanguageID . . . . : 2052
      Authenticode . . . : Self-signed
      Fuzzy  . . . . . . : 14.0

   HKLM\SOFTWARE\WOW6432Node\XinYi Network\VRoot\ (iRoot)
   HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Software\XinYi Network\VRoot\ (iRoot)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3be73d8f7b29ca4d904f58c1c1b0a313
# end=init
# utc_time=2017-07-07 07:07:31
# local_time=2017-07-07 09:07:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 33983
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3be73d8f7b29ca4d904f58c1c1b0a313
# end=updated
# utc_time=2017-07-07 07:14:12
# local_time=2017-07-07 09:14:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3be73d8f7b29ca4d904f58c1c1b0a313
# engine=33983
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-07-07 07:30:31
# local_time=2017-07-07 09:30:31 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avast Antivirus'
# compatibility_mode=798 16777213 66 88 12088 46666013 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 703432 51042491 0 0
# scanned=74364
# found=6
# cleaned=0
# scan_time=978
sh=DAFD3C12CE39F154489A7CD09D8B731B8C2C679E ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\fbfjggtpdtljeciyfqnjrxgeevlrohaw\Cegabocu.dat"
sh=349DE746CA1E80212B064193FC59075D3F52D44D ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.MempoDroid.A Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\getac"
sh=2585FB652784CADB0140D7AC8B768D24709C5C99 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DC Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root2a"
sh=48749219C7135A3CDE474F6B5E6CC96C12CA5BAF ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.CX Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root3"
sh=2363B4E42EAFDDAD046965436B2862F8491C7FAA ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.ET Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root3c.apk"
sh=AEC686CB1688E23085108D026C22741EC8A692E9 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.GX Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root8"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3be73d8f7b29ca4d904f58c1c1b0a313
# end=init
# utc_time=2017-07-07 07:32:38
# local_time=2017-07-07 09:32:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT 
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=53251
Update Finalize
Updated modules version: 33983
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3be73d8f7b29ca4d904f58c1c1b0a313
# end=updated
# utc_time=2017-07-07 07:32:58
# local_time=2017-07-07 09:32:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3be73d8f7b29ca4d904f58c1c1b0a313
# engine=33983
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-07-07 09:01:29
# local_time=2017-07-07 11:01:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='Avast Antivirus'
# compatibility_mode=798 16777213 66 88 17546 46671471 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 708890 51047949 0 0
# scanned=372627
# found=27
# cleaned=0
# scan_time=5310
sh=DAFD3C12CE39F154489A7CD09D8B731B8C2C679E ft=0 fh=0000000000000000 vn="VBS/Kryptik.DY Trojaner" ac=I fn="C:\AdwCleaner\quarantine\files\fbfjggtpdtljeciyfqnjrxgeevlrohaw\Cegabocu.dat"
sh=349DE746CA1E80212B064193FC59075D3F52D44D ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.MempoDroid.A Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\getac"
sh=2585FB652784CADB0140D7AC8B768D24709C5C99 ft=0 fh=0000000000000000 vn="Android/Exploit.Lotoor.DC Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root2a"
sh=48749219C7135A3CDE474F6B5E6CC96C12CA5BAF ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.CX Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root3"
sh=2363B4E42EAFDDAD046965436B2862F8491C7FAA ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.ET Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root3c.apk"
sh=AEC686CB1688E23085108D026C22741EC8A692E9 ft=0 fh=0000000000000000 vn="Variante von Android/Exploit.Lotoor.GX Trojaner" ac=I fn="C:\Program Files (x86)\SRSRoot\data\root8"
sh=A44B8CA72E13505DBD1A41FF94EF4CA900148130 ft=0 fh=0000000000000000 vn="Variante von Android/Spy.Agent.BN Trojaner" ac=I fn="C:\Users\chris\AppData\Roaming\mgyun\VRoot\AppCool.apk"
sh=327035166102D520CD52C7BB25AFA25A9FADE7E1 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Kuguo.CB eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\chris\AppData\Roaming\mgyun\VRoot\kinguser.zip"
sh=1C2B28CB93EB608E62ADAB60CC6B55BE1FF01798 ft=1 fh=23d62cec3ca9d7cd vn="Variante von Win32/DownloadGuide.D eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\7z1604-x64_CB-DL-Manager.exe"
sh=8CCEF1D89AD5A8B492D37EA96E5B6E43F28254AD ft=1 fh=eb0fee7bb0f52917 vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\GParted Live 64 Bit ISO Image - CHIP-Installer.exe"
sh=EE7E35C989728E4532E104142F25FED58E153E26 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="D:\Downloads\iRoot_160527.zip"
sh=601AD94F1B1C75FE0A706364B117E7831AA1EC31 ft=1 fh=e949da5fb7dc95b0 vn="Win32/InstallCore.Gen.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\KingoRoot.exe"
sh=122BFD1C8D552095B4D60265EF6A6FC4A39B80B7 ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.E Trojaner" ac=I fn="D:\Downloads\miracle box 2.27A (1).zip"
sh=A602F7E1256F78D6B2A28B453BF0587D3ED4DD6D ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.E Trojaner" ac=I fn="D:\Downloads\miracle box 2.27A.zip.12dbuk3.partial"
sh=917FD8C1ED5465DC93246D9334C5655F9A45B191 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Kuguo.CB eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\NewKingrootV5.0.2_C167_B381_xda_release_2017_01_13_20170113160555_105243.zip"
sh=6BACEE658526F4F1597581AE945F3B2A5150CD8E ft=1 fh=04a3da4c16b7212f vn="MSIL/AdvancedSystemProtector.D eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\pc-wizard_2014.2.13-setup.exe"
sh=B6B07D463CB5DCD34782BDB01978C3C4035D62FC ft=1 fh=ef9c0b81c367ff2f vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\PowerDVD - CHIP-Installer.exe"
sh=07468BB4E80BD37C5F3C05EDE8C7DFE39CC4CC07 ft=1 fh=31fa5db7f8638e13 vn="Variante von Win32/RegCure.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\RegCureProSetup_312F7BD8-D4F7-4ACC-BEFF-B2FF111B61B4_.exe"
sh=5F71C7A637CAA02F5D969153CE599BFD41EB465F ft=1 fh=6574d4de411479f0 vn="Variante von Win32/DownloadAssistant.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\setup (1).exe"
sh=6FB18E7D659160AA324787BC93F55E716C5EB1D1 ft=1 fh=1ac182d60cdf8d0f vn="Mehrere Bedrohungen" ac=I fn="D:\Downloads\SRSRoot-Setup.exe"
sh=70B3EFAA8AE4F90F04E8AAA80D15B79463209DC4 ft=1 fh=b98fcc63002a8f28 vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\WinSetupFromUSB - CHIP-Installer (1).exe"
sh=692C3847E22FFD3B9C02EC6BFAA8AD6142134AF4 ft=1 fh=7d348ebcabaac641 vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\WinSetupFromUSB - CHIP-Installer.exe"
sh=E1615ABE800387155B8F8792EBCFE27BBACD4E62 ft=1 fh=40f3ba5c3ce830f6 vn="Mehrere Bedrohungen" ac=I fn="D:\Downloads\iRoot_160527\iRoot_1.8.8.20465_cid1005_7337ba1e.exe"
sh=D7D50109F972F6C3B6807877A6430E14F23FFF80 ft=1 fh=c11f1b83c55944e4 vn="Variante von Win32/Packed.VMProtect.E Trojaner" ac=I fn="D:\Downloads\miracle 2.27A (dsmedia24)\miracle 2.27A [DSMEDIA24]\miracle 2.27A by STEVE\Miracle_Loader_2.27A.exe"
sh=D7D50109F972F6C3B6807877A6430E14F23FFF80 ft=1 fh=c11f1b83c55944e4 vn="Variante von Win32/Packed.VMProtect.E Trojaner" ac=I fn="D:\Downloads\miracle box 2.27A (1)\miracle 2.27A\Miracle_Loader_2.27A.exe"
sh=872A7B385446B5AD8EA62A36EAF94817A7241B86 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Kuguo.CB eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\Downloads\NewKingrootV5.0.2_C167_B381_xda_release_2017_01_13_20170113160555_105243\classes.dex"
sh=8CCEF1D89AD5A8B492D37EA96E5B6E43F28254AD ft=1 fh=eb0fee7bb0f52917 vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="D:\FileHistory\chris\DESKTOP-DJR511M\Data\F\Downloads\GParted Live 64 Bit ISO Image - CHIP-Installer (2015_12_19 18_55_13 UTC).exe"

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-07-2017
Ran by chris (administrator) on DESKTOP-E48G4LQ (07-07-2017 23:17:26)
Running from C:\Users\chris\Desktop
Loaded Profiles: chris (Available Profiles: chris)
Platform: Windows 10 Home Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files (x86)\iRacing\iRacingService64.exe
(Marvell) C:\Program Files (x86)\Marvell\storage\svc\mvraidsvc.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Apache Software Foundation) C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CMedia) C:\Program Files\ASUS Xonar DGX Audio\Customapp\AsusAudioCenter.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
() C:\Program Files\YoloMouse\YoloMouse.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Agent.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
(Nick Thissen) C:\Program Files (x86)\iRacing Setup Sync\bin\iRacingSetupSync.exe
(Acronis) C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
() C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2016-01-15] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2016-01-15] ()
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-26] (AVAST Software)
HKLM\...\Run: [Start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-23] (Razer Inc.)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2016-02-23] (CyberLink Corp.)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [466768 2011-02-24] (Acronis)
HKLM-x32\...\Run: [MSUTray] => C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe [1199144 2010-11-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [YoloMouse] => C:\Program Files\YoloMouse\YoloMouse.exe [179200 2016-03-25] ()
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Spotify Web Helper] => C:\Users\chris\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1562224 2017-06-25] (Spotify Ltd)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Spotify] => C:\Users\chris\AppData\Roaming\Spotify\Spotify.exe [7047792 2017-06-25] (Spotify Ltd)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [160824 2017-05-24] (BlueStack Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iRacingSetupSyncLauncher.lnk [2017-05-08]
ShortcutTarget: iRacingSetupSyncLauncher.lnk -> C:\Program Files (x86)\iRacing Setup Sync\iRacingSetupSyncLauncher.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{86758696-4300-4565-9f89-421c20bd886a}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1245378809-2198360341-2726498664-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-861280b6&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-12] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 [2017-07-07]
FF NewTab: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> search.yahoo.com
FF DefaultSearchUrl: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> hxxps://search.avast.com/AV772/search/web?q={searchTerms}
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> Avast Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> search.yahoo.com
FF Homepage: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> hxxps://www.malwarebytes.org/restorebrowser/ad725cc5911bd0d183&param1=ArFaIWVoNqArQGMVInobADAevXFbMnMqQGMVBCJoNqAdBHFaISoeATVoNqAqAXFaIWQBvmE4ICILNopcGWUIvmE9ISIXvFE9IWYUNVQ9JGYVNVM9JCIVwVNdISoVvFNdJCILNVJdESk8NUM9J6k3vFI4J6ILNFdbDSk8wVU9ImIXvFI9ImIWwVA4ISoVwV5cGWUWvmE9GqUNNFxcJqUDNF5bDGUNNEU3wGQGwVI9JaYYvFFdISIXNVU9JmISvFQ4JmoXvFQ9IaYYNVBdICoVwVw9J6IYNVE4ICISwVM9J6oUNVQ4J6IXNVRdJmoUvFE4Jmk4NoU9GqUMNFBcJqQzNEBcGqQANFdcFCk8NoM9JCk4vFQ9JmIXvFQ4IGYVwVw9JmoXwVVdJmISvFFdJaYXNVQ9IaYXvmk9J6IVwVw4IWYXvFQ4ISk3wVNdJqYTvFI9JCoUvmlbFCILNVVdGSk8vFFoNqAqxrFaIWVaNqp8MGJdMqFoNqAsQGMVvDIlC6MuNGwuNWEuyDorQGR7y6MuwnEbQGMVNGZfNXFbMn0aQGMVE7ofAT06xbFbJqVdQGQXHT0gAJ%3D%3D&param2=NGVdMWBaMaF5Mt%3D%3D
FF Keyword.URL: Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681 -> user_pref("keyword.URL", true);
FF Extension: (Avast SafePrice) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\sp@avast.com.xpi [2017-05-26]
FF Extension: (Avast Online Security) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\wrc@avast.com.xpi [2017-05-26]
FF Extension: (Video DownloadHelper) - C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-05-07]
FF SearchPlugin: C:\Users\chris\AppData\Roaming\Mozilla\Firefox\Profiles\o10tvwle.default-1453488945681\searchplugins\avast-search.xml [2017-01-13]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-12] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://members.iracing.com/membersite/member/Home.do"
CHR Profile: C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default [2017-07-07]
CHR Extension: (Google Präsentationen) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-14]
CHR Extension: (Google Docs) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-16]
CHR Extension: (Google Drive) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-16]
CHR Extension: (YouTube) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-16]
CHR Extension: (uTab) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpmmandcadflhnnaiclipadomfmdbjbp [2017-07-07]
CHR Extension: (Google-Suche) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-16]
CHR Extension: (Adobe Acrobat) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-04-21]
CHR Extension: (Google Docs Offline) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-03]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-21]
CHR Extension: (Google Mail) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-16]
CHR Extension: (Chrome Media Router) - C:\Users\chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-29]
CHR HKLM\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bpmmandcadflhnnaiclipadomfmdbjbp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [daanglpcpkjjlkhcbladppjphglbigam] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-26] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-26] (AVAST Software)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [387128 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [369720 2017-05-24] (BlueStack Systems, Inc.)
S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Plus-Service.exe [406584 2017-05-24] (BlueStack Systems, Inc.)
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [382504 2017-04-05] (EasyAntiCheat Ltd)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-04-13] (Futuremark)
R2 iRacingService; C:\Program Files (x86)\iRacing\iRacingService64.exe [1127664 2017-06-23] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSUWebService; C:\Program Files (x86)\Marvell\storage\Apache2\bin\httpd.exe [24645 2010-09-02] (Apache Software Foundation) [File not signed]
S3 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [494136 2017-05-02] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-02] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-23] (Razer Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\WINDOWS\system32\drivers\aswbidsdrivera.sys [311808 2017-05-26] (AVAST Software s.r.o.)
R0 aswbidsh; C:\WINDOWS\system32\drivers\aswbidsha.sys [190256 2017-05-26] (AVAST Software s.r.o.)
R0 aswblog; C:\WINDOWS\system32\drivers\aswbloga.sys [334576 2017-05-26] (AVAST Software s.r.o.)
R0 aswbuniv; C:\WINDOWS\system32\drivers\aswbuniva.sys [49016 2017-05-26] (AVAST Software s.r.o.)
S3 aswHwid; C:\WINDOWS\system32\drivers\aswHwid.sys [38296 2017-05-26] (AVAST Software)
R1 aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [32600 2017-05-26] (AVAST Software)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [128648 2017-05-26] (AVAST Software)
R1 aswRdr; C:\WINDOWS\system32\drivers\aswRdr2.sys [101152 2017-05-26] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\drivers\aswRvrt.sys [75704 2017-05-26] (AVAST Software)
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [1007160 2017-05-26] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [569192 2017-05-26] (AVAST Software)
S2 aswStm; C:\WINDOWS\system32\drivers\aswStm.sys [158888 2017-07-05] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\drivers\aswVmm.sys [339696 2017-05-26] (AVAST Software)
S3 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [152672 2017-05-24] (BlueStack Systems)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [270904 2017-05-22] (Bluestack System Inc. )
R3 cmudaxp; C:\WINDOWS\system32\drivers\cmudaxp.sys [2735616 2015-12-19] (C-Media Inc)
R2 DRHARD64; C:\Windows\system32\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHARD64; C:\Windows\SysWOW64\drivers\DRHARD64.sys [21984 2011-11-03] (Licensed for Gebhard Software)
R2 DRHMSR64; C:\Windows\system32\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R2 DRHMSR64; C:\Windows\SysWOW64\drivers\DRHMSR64.sys [13760 2013-07-21] ()
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-07-07] ()
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-07-07] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-07-07] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-07-07] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [252832 2017-07-07] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-07] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_a2b0acab06663645\nvlddmkm.sys [14456944 2017-05-02] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [49208 2017-05-02] (NVIDIA Corporation)
S3 qcusbser; C:\WINDOWS\system32\DRIVERS\qcusbser.sys [252432 2016-03-24] (QUALCOMM Incorporated)
S3 rimvndis; C:\WINDOWS\System32\Drivers\rimvndis6_AMD64.sys [18432 2015-05-26] (BlackBerry Limited) [File not signed]
S3 RimVSerPort; C:\WINDOWS\system32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [40568 2015-10-03] (SteelSeries ApS)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 wdm_usb; C:\WINDOWS\system32\DRIVERS\usb2ser.sys [159936 2016-08-16] (MBB)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-02-22] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-11-06 05:12 - 2021-11-06 05:12 - 00207872 _____ (TODO: <Company name>) C:\WINDOWS\SysWOW64\MVTrim.dll
2017-07-07 23:17 - 2017-07-07 23:17 - 00021905 _____ C:\Users\chris\Desktop\FRST.txt
2017-07-07 23:16 - 2017-07-07 23:16 - 00000000 ____D C:\Users\chris\Desktop\FRST-OlderVersion
2017-07-07 21:06 - 2017-07-07 21:05 - 02870984 _____ (ESET) C:\Users\chris\Desktop\esetsmartinstaller_deu.exe
2017-07-07 20:58 - 2017-07-07 21:03 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-07 20:55 - 2017-07-07 20:55 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-07-07 20:49 - 2017-07-07 20:51 - 00002643 _____ C:\Users\chris\Desktop\Fixlog.txt
2017-07-07 18:23 - 2017-07-07 18:23 - 00009580 _____ C:\Users\chris\Desktop\mbam.txt
2017-07-07 04:04 - 2017-07-07 22:59 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-07 04:04 - 2017-07-07 20:53 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-07 04:04 - 2017-07-07 04:04 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-07 03:57 - 2017-07-07 20:53 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-07 01:10 - 2017-07-07 20:53 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-07 01:04 - 2017-07-07 01:13 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-07 01:04 - 2017-07-07 01:04 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-07 01:04 - 2017-07-07 01:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-07 01:04 - 2017-07-07 01:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-07 01:04 - 2017-07-07 01:04 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-07 00:53 - 2017-07-07 00:57 - 00000000 ____D C:\AdwCleaner
2017-07-06 12:55 - 2017-07-06 12:55 - 00000877 _____ C:\Users\Public\Desktop\Stagelight.lnk
2017-07-06 12:55 - 2017-07-06 12:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stagelight
2017-07-06 12:55 - 2017-07-06 12:55 - 00000000 ____D C:\Program Files\Stagelight
2017-07-05 23:44 - 2017-07-05 23:48 - 00086452 _____ C:\TDSSKiller.3.1.0.15_05.07.2017_23.44.21_log.txt
2017-07-05 23:42 - 2017-07-05 23:42 - 04922400 _____ (AO Kaspersky Lab) C:\Users\chris\Desktop\tdsskiller.exe
2017-07-05 23:15 - 2017-07-07 23:16 - 02437120 _____ (Farbar) C:\Users\chris\Desktop\FRST64.exe
2017-07-05 19:23 - 2017-07-05 19:23 - 00001081 _____ C:\Users\chris\Desktop\KaraFun Player 2.lnk
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\ProgramData\Recisio
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KaraFun Player 2
2017-07-05 19:23 - 2017-07-05 19:23 - 00000000 ____D C:\Program Files (x86)\KaraFun Player 2
2017-07-05 13:37 - 2017-07-07 23:17 - 00000000 ____D C:\FRST
2017-07-05 12:32 - 2017-07-05 12:32 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-07-02 20:56 - 2017-07-04 17:34 - 00000000 ____D C:\Users\chris\AppData\Roaming\MuseScore
2017-07-02 20:56 - 2017-07-02 20:56 - 00001126 _____ C:\Users\chris\Desktop\MuseScore 2.lnk
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\OneDrive\Dokumente\MuseScore2
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MuseScore 2
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Users\chris\AppData\Local\MuseScore
2017-07-02 20:56 - 2017-07-02 20:56 - 00000000 ____D C:\Program Files (x86)\MuseScore 2
2017-07-01 20:25 - 2017-07-01 20:51 - 00000000 ____D C:\Users\chris\Desktop\Karaoke
2017-07-01 19:50 - 2017-07-01 19:50 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity
2017-07-01 18:52 - 2017-07-06 18:23 - 00000000 ____D C:\Users\chris\AppData\Roaming\audacity
2017-07-01 18:52 - 2017-07-01 18:52 - 00000000 ____D C:\Users\chris\AppData\Local\Audacity
2017-07-01 18:51 - 2017-07-01 18:52 - 00000000 ____D C:\Program Files (x86)\Audacity
2017-07-01 18:51 - 2017-07-01 18:51 - 00001092 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-07-01 18:51 - 2017-07-01 18:51 - 00001080 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00001648 _____ C:\Users\Public\Desktop\BlueStacks.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00001648 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BlueStacks.lnk
2017-07-01 14:18 - 2017-07-01 14:18 - 00000000 ____D C:\Program Files (x86)\BlueStacks
2017-07-01 14:18 - 2017-05-24 08:58 - 00000000 ____D C:\ProgramData\BlueStacks
2017-07-01 13:48 - 2017-07-05 17:25 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2017-07-01 13:47 - 2017-07-01 14:18 - 00000000 ____D C:\Users\chris\AppData\Local\Bluestacks
2017-06-29 16:32 - 2017-06-20 08:15 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-29 16:32 - 2017-06-20 08:15 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-29 16:32 - 2017-06-20 08:11 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-29 16:32 - 2017-06-20 08:11 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-29 16:32 - 2017-06-20 08:09 - 02969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-29 16:32 - 2017-06-20 08:08 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-29 16:32 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-29 16:32 - 2017-06-20 08:03 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-29 16:32 - 2017-06-20 08:03 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-29 16:32 - 2017-06-20 08:03 - 02444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-29 16:32 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-29 16:32 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-29 16:32 - 2017-06-20 08:01 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-29 16:32 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-29 16:32 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-29 16:32 - 2017-06-20 07:59 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-29 16:32 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-29 16:32 - 2017-06-20 07:58 - 21352184 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-29 16:32 - 2017-06-20 07:58 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-29 16:32 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-29 16:32 - 2017-06-20 07:28 - 23675904 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-29 16:32 - 2017-06-20 07:17 - 03670528 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-29 16:32 - 2017-06-20 07:15 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-29 16:32 - 2017-06-20 07:14 - 17364480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-29 16:32 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-29 16:32 - 2017-06-20 07:13 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-29 16:32 - 2017-06-20 07:12 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-29 16:32 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-29 16:32 - 2017-06-20 07:11 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-29 16:32 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-29 16:32 - 2017-06-20 07:11 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-29 16:32 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-29 16:32 - 2017-06-20 07:09 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-29 16:32 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-29 16:32 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-29 16:32 - 2017-06-20 07:08 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 12786688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 01517536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-06-29 16:32 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-29 16:32 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-29 16:32 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-29 16:32 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-29 16:32 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 08243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-29 16:32 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 20372896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 06763648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-29 16:32 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-29 16:32 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-29 16:32 - 2017-06-20 07:02 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-29 16:32 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-29 16:32 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-29 16:32 - 2017-06-20 07:00 - 01802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-29 16:32 - 2017-06-20 06:59 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-29 16:32 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-29 16:32 - 2017-06-20 06:50 - 02957312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-29 16:32 - 2017-06-20 06:49 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-29 16:32 - 2017-06-20 06:45 - 20505088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-29 16:32 - 2017-06-20 06:44 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-29 16:32 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-29 16:32 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-29 16:32 - 2017-06-20 06:40 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-29 16:32 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-29 16:32 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-29 16:32 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-29 16:32 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-29 16:32 - 2017-06-20 06:37 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-29 16:32 - 2017-06-20 06:37 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-29 16:32 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-29 16:32 - 2017-06-20 06:36 - 06291456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-29 16:32 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-29 16:32 - 2017-06-20 06:36 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-29 16:32 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-29 16:32 - 2017-06-20 06:34 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-29 16:32 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-29 16:31 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-06-29 16:31 - 2017-06-20 08:18 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-06-29 16:31 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-06-29 16:31 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-06-29 16:31 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-06-29 16:31 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-06-29 16:31 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-06-29 16:31 - 2017-06-20 08:15 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-06-29 16:31 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-06-29 16:31 - 2017-06-20 08:14 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-06-29 16:31 - 2017-06-20 08:14 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-06-29 16:31 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-06-29 16:31 - 2017-06-20 08:11 - 01186472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-06-29 16:31 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-06-29 16:31 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-06-29 16:31 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-06-29 16:31 - 2017-06-20 08:10 - 00119392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-06-29 16:31 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-06-29 16:31 - 2017-06-20 08:06 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-06-29 16:31 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-06-29 16:31 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-06-29 16:31 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-06-29 16:31 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-06-29 16:31 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-06-29 16:31 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-06-29 16:31 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-06-29 16:31 - 2017-06-20 08:01 - 00553888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-06-29 16:31 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-06-29 16:31 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-06-29 16:31 - 2017-06-20 07:59 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 01337344 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-29 16:31 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-06-29 16:31 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-06-29 16:31 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-06-29 16:31 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-06-29 16:31 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-06-29 16:31 - 2017-06-20 07:15 - 00096136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-06-29 16:31 - 2017-06-20 07:14 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-29 16:31 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-06-29 16:31 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-06-29 16:31 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-06-29 16:31 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-06-29 16:31 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-06-29 16:31 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-06-29 16:31 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-06-29 16:31 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-06-29 16:31 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-06-29 16:31 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-06-29 16:31 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-06-29 16:31 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-06-29 16:31 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-06-29 16:31 - 2017-06-20 07:07 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-06-29 16:31 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-06-29 16:31 - 2017-06-20 07:07 - 00129192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-06-29 16:31 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-06-29 16:31 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-06-29 16:31 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-06-29 16:31 - 2017-06-20 07:04 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-06-29 16:31 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-06-29 16:31 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-06-29 16:31 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 01194696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-29 16:31 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-06-29 16:31 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-06-29 16:31 - 2017-06-20 07:00 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-06-29 16:31 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-29 16:31 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-06-29 16:31 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-06-29 16:31 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-06-29 16:31 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-06-29 16:31 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-06-29 16:31 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-06-29 16:31 - 2017-06-20 06:47 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-29 16:31 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-06-29 16:31 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-06-29 16:31 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-06-29 16:31 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-06-29 16:31 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-06-29 16:31 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-06-29 16:31 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-06-29 16:31 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-06-29 16:31 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-06-29 16:31 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-06-29 16:31 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-06-29 16:31 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 01494528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-06-29 16:31 - 2017-06-20 06:36 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-06-29 16:31 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-06-29 16:31 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-06-29 16:31 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-06-29 16:31 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-06-29 16:31 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-06-29 16:31 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-06-25 17:25 - 2017-06-25 17:25 - 00003272 _____ C:\WINDOWS\System32\Tasks\D3DGearRawFrameCaptureTask
2017-06-15 05:11 - 2017-06-15 05:11 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-15 00:04 - 2017-06-03 08:32 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-15 00:04 - 2017-06-03 08:32 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-14 18:27 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 18:27 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 18:27 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 18:27 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 18:27 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 18:27 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 18:27 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 18:27 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 18:27 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 18:27 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 18:27 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 18:27 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 18:27 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 18:27 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 18:27 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 18:27 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:27 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 18:27 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 18:27 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 18:27 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 18:27 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 18:27 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 18:27 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 18:27 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 18:27 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 18:27 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 18:26 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 18:26 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 18:26 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 18:26 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 18:26 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 18:26 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 18:26 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 18:26 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 18:26 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 18:26 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 18:26 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 18:26 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 18:26 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 18:26 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 18:26 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 18:26 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 18:26 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 18:26 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 18:26 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 18:26 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 18:26 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 18:26 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 18:26 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 18:26 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 18:26 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 18:26 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-07 23:17 - 2016-06-07 19:32 - 00000784 _____ C:\WINDOWS\SysWOW64\za_mv_raid.ev
2017-07-07 23:09 - 2017-05-24 23:28 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-07 22:55 - 2017-05-24 23:35 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E025AA66-1D98-4F3E-A00F-4D7B7E842DE2}
2017-07-07 21:47 - 2017-02-18 18:47 - 00000000 ____D C:\Users\chris\AppData\Local\Spotify
2017-07-07 20:59 - 2017-05-25 08:56 - 00997354 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-07 20:59 - 2017-05-25 08:56 - 00223250 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-07 20:59 - 2017-05-24 23:38 - 02242078 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-07 20:59 - 2017-05-15 21:20 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-07 20:59 - 2017-02-18 18:46 - 00000000 ____D C:\Users\chris\AppData\Roaming\Spotify
2017-07-07 20:55 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-07 20:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-07 20:53 - 2017-05-24 23:35 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-07 20:53 - 2017-05-24 23:29 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-07 20:52 - 2017-03-18 13:40 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-07-07 00:57 - 2017-01-12 17:12 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-05 17:23 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-05 12:43 - 2016-01-14 19:43 - 00158888 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswstm.sys
2017-07-05 12:31 - 2017-05-24 23:29 - 00000000 ____D C:\Users\chris
2017-07-04 18:34 - 2017-05-07 17:23 - 00000000 ____D C:\Program Files (x86)\iRacing
2017-07-04 17:41 - 2017-05-07 18:10 - 00555048 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-07-01 14:30 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-01 14:18 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-29 20:40 - 2016-11-20 20:51 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-29 18:07 - 2017-05-24 23:28 - 00217144 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-29 18:06 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-06-29 16:35 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-27 16:56 - 2016-01-14 19:46 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-27 16:56 - 2016-01-14 19:46 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 18:37 - 2017-05-24 12:04 - 00000000 ____D C:\Users\chris\AppData\Local\ElevatedDiagnostics
2017-06-20 19:53 - 2016-01-14 18:34 - 00002387 _____ C:\Users\chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-20 19:53 - 2016-01-14 18:34 - 00000000 ___RD C:\Users\chris\OneDrive
2017-06-18 02:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-06-18 02:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-06-15 22:08 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-15 00:02 - 2017-03-19 04:30 - 00000000 ____D C:\WINDOWS\OCR
2017-06-14 22:45 - 2016-01-16 20:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 22:43 - 2016-01-16 20:02 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-13 19:53 - 2017-05-24 23:35 - 00004440 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2017-06-11 22:20 - 2017-05-08 20:24 - 00000000 ____D C:\Users\chris\AppData\Local\NickThissen

==================== Files in the root of some directories =======

2016-12-24 13:27 - 2016-12-24 13:27 - 0000000 _____ () C:\Program Files (x86)\GUT9348.tmp
2016-12-24 13:26 - 2016-12-24 13:26 - 0000000 _____ () C:\Program Files (x86)\GUTF4FF.tmp
2016-05-30 19:21 - 2016-05-30 19:37 - 0000115 _____ () C:\Users\chris\AppData\Roaming\LogFile.txt
2017-01-14 23:48 - 2017-04-11 18:32 - 0000321 _____ () C:\Users\chris\AppData\Roaming\WB.CFG
2017-01-12 17:13 - 2017-01-12 17:44 - 0000177 _____ () C:\Users\chris\AppData\Local\uts.ini
2016-01-29 21:55 - 2016-01-29 21:55 - 0000000 _____ () C:\Users\chris\AppData\Local\{32FB22F6-3A8D-4BAC-9716-35E126489F99}
2017-05-08 20:24 - 2017-05-08 20:24 - 0000109 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-30 17:38

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

brill_e · 07.07.2017, 23:17

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-07-2017
Ran by chris (07-07-2017 23:18:03)
Running from C:\Users\chris\Desktop
Windows 10 Home Version 1703 (X64) (2017-05-25 06:33:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1245378809-2198360341-2726498664-500 - Administrator - Disabled)
chris (S-1-5-21-1245378809-2198360341-2726498664-1001 - Administrator - Enabled) => C:\Users\chris
DefaultAccount (S-1-5-21-1245378809-2198360341-2726498664-503 - Limited - Disabled)
Guest (S-1-5-21-1245378809-2198360341-2726498664-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.131 - Adobe Systems Incorporated)
Amazon.com Fire_Devices (HKLM\...\Fire_Devices Drivers) (Version: 2 - Amazon.com)
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS Xonar DGX Audio (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392008788}) (Version:   - ASUSTeK Computer Inc.)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.7.320.8504 - BlueStack Systems, Inc.)
Call of Duty: Black Ops II - Multiplayer (HKLM\...\Steam App 202990) (Version:  - Treyarch)
Call of Duty: Black Ops II (HKLM\...\Steam App 202970) (Version:  - Treyarch)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - ‪Canon Inc.‬)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.03 - Canon Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2623.58 - CyberLink Corp.)
Dr. Hardware 2016 16.0d (HKLM-x32\...\Dr. Hardware 2016_is1) (Version:  - Peter A. Gebhard)
EasyBCD 2.3 (HKLM-x32\...\EasyBCD) (Version: 2.3 - NeoSmart Technologies)
Futuremark SystemInfo (HKLM-x32\...\{5052D282-C9AE-48CC-A9F5-17058BEEAA50}) (Version: 4.45.590.0 - Futuremark)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
iRacing Setup Sync version 3.0 (HKLM-x32\...\{C9A090AA-AA71-46EE-901E-22A63652BD91}_is1) (Version: 3.0 - Nick Thissen)
iRacing.com Race Simulation (HKLM-x32\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 2.23.0030 - iRacing.com Motorsport Simulations)
Java 8 Update 131 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Java SE Development Kit 8 Update 121 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180121}) (Version: 8.0.1210.13 - Oracle Corporation)
KaraFun Player 2 (HKLM-x32\...\KaraFun Player 2_is1) (Version: 2.4.1.0 - Recisio)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
marvell 91xx driver (HKLM-x32\...\MagniDriver) (Version: 1.0.0.1051 - Marvell)
Marvell Storage Utility V4 (HKLM-x32\...\mvMSU) (Version: 4.1.0.1909 - Marvell)
Microsoft OneDrive (HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MKVToolNix 8.8.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.8.0 - Moritz Bunkus)
mp4UI (HKLM-x32\...\mp4UI) (Version:  - )
MTK USB All 1.01 (HKLM-x32\...\MTK USB All 1.01) (Version: 1.01 - MTK2000)
MuseScore 2 (HKLM-x32\...\{DC8A2B29-D9A7-4D67-A049-BC0A659A2B57}) (Version: 2.1.0 - Werner Schweer and Others)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.3.1 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NVIDIA Update 24.0.0.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 24.0.0.0 - NVIDIA Corporation)
NvTelemetry (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NvTelemetry) (Version: 2.4.8.0 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
RC Desk Pilot 0.1.3 (HKLM\...\{DFFD7D4F-6C61-402D-8D16-72B8AC33FE5A}_is1) (Version:  - rcdeskpilot.com)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.3.5 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\...\Spotify) (Version: 1.0.57.474.gca9c9538 - Spotify AB)
SRS-Root (HKLM-x32\...\{24EAD272-D05D-4950-BD59-F88AB7B4C8C7}_is1) (Version:  - 123Unlock GSM Service)
Stagelight (HKLM\...\Stagelight) (Version: 3.0.6.6284 - Open Labs, LLC.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17387 - Microsoft Corporation)
Windows-Treiberpaket - Amazon.com (WinUSB) FireDevicesUsbDeviceClass  (10/27/2014 1.4.0000.00000) (HKLM\...\34134A59F616767F2CEC57DC0849834538166E22) (Version: 10/27/2014 1.4.0000.00000 - Amazon.com)
Windows-Treiberpaket - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
YoloMouse (HKLM\...\{084C443B-D061-4B8E-8764-7F34160BBE8B}) (Version: 0.7.0.0 - HaPpY)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers01: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files\Notepad++\NppShell_06.dll [2017-01-17] ()
ContextMenuHandlers01: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers03: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2016-10-04] (Igor Pavlov)
ContextMenuHandlers06: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-26] (AVAST Software)
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00A086FC-80B6-457C-8B89-C11A6BB10B2A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-06-18] (Adobe Systems Incorporated)
Task: {140D9A57-B9D4-4EB0-A02C-E2E7FE46B304} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-02] (NVIDIA Corporation)
Task: {2BF4AB66-82E3-4835-9DE2-928E6F7497C7} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-02] (NVIDIA Corporation)
Task: {3F86AE47-08F9-4BB8-AA79-F9A142FB014D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {51410BEC-8141-442F-8D90-40B8E6BDD655} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-02] (NVIDIA Corporation)
Task: {897212FD-7C02-4598-A42C-50C5BF97EE08} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-20] (AVAST Software)
Task: {92540330-11FB-41BC-A53C-F99FAD3366DD} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-02] (NVIDIA Corporation)
Task: {AC9114D4-512F-4E03-AA0F-F36E8F274FAB} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-02] (NVIDIA Corporation)
Task: {ACE2A8D4-A7B6-444B-8A6F-A6C8392595AF} - System32\Tasks\SafeZone scheduled Autoupdate 1464624296 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-05-17] (Avast Software)
Task: {B2020B7A-95AB-49FF-B918-74658DD51760} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-26] (AVAST Software)
Task: {BEAED543-6F1F-4F38-AB06-526E9DB577AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-14] (Google Inc.)
Task: {CC79A40A-C87C-4E05-9016-98427355B483} - System32\Tasks\D3DGearRawFrameCaptureTask => C:\Program Files (x86)\iRacing\d3dGear.exe [2017-06-06] (D3DGear Technologies.)
Task: {F7B3AED5-B41D-4773-857A-DAA17F650A68} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


Shortcut: C:\Users\chris\Desktop\Start iRacing Service (background task).lnk -> C:\Program Files (x86)\iRacing\Start_iRacingService.bat ()

==================== Loaded Modules (Whitelisted) ==============

2017-07-07 01:04 - 2017-07-07 01:13 - 02270664 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-03-18 22:59 - 2017-03-19 04:31 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-06-25 17:31 - 2017-06-25 17:31 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 43454464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-06-25 17:31 - 2017-06-25 17:31 - 02437120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.18.614.0_x64__kzf8qxf38zg5c\skypert.dll
2017-06-27 16:56 - 2017-06-23 05:21 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-27 16:56 - 2017-06-23 05:21 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2016-03-25 20:09 - 2016-03-25 20:09 - 00179200 _____ () C:\Program Files\YoloMouse\YoloMouse.exe
2010-11-19 09:58 - 2010-11-19 09:58 - 01199144 _____ () C:\Program Files (x86)\Marvell\storage\tray\MarvellTray.exe
2017-05-25 09:06 - 2017-05-25 09:06 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-25 17:32 - 2017-06-25 17:32 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-25 17:32 - 2017-06-25 17:32 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-25 17:32 - 2017-06-25 17:32 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2008-01-17 19:17 - 2008-01-17 19:17 - 00073782 _____ () C:\Program Files (x86)\Marvell\storage\Apache2\bin\zlib1.dll
2016-01-14 20:22 - 2015-12-19 22:25 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00997896 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 67717632 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00176992 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00223224 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00291824 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-05-26 18:29 - 2017-05-26 18:29 - 00684656 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2017-02-18 18:47 - 2017-06-25 17:25 - 00189040 _____ () C:\Users\chris\AppData\Roaming\Spotify\SpotifyWinRT.dll
2017-02-18 18:47 - 2017-06-25 17:25 - 67117168 _____ () C:\Users\chris\AppData\Roaming\Spotify\libcef.dll
2017-05-15 21:21 - 2017-03-10 02:13 - 00674592 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2017-05-15 21:21 - 2016-09-01 03:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2017-05-15 21:21 - 2017-04-26 01:55 - 02465056 _____ () C:\Program Files (x86)\Steam\video.dll
2017-05-15 21:21 - 2016-09-01 03:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2017-05-15 21:21 - 2016-09-01 03:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2017-05-15 21:21 - 2016-01-27 09:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2017-05-15 21:21 - 2016-01-27 09:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2017-05-15 21:21 - 2016-01-27 09:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2017-05-15 21:21 - 2016-01-27 09:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2017-05-15 21:21 - 2016-01-27 09:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2017-05-15 21:21 - 2017-04-26 01:55 - 00848672 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2017-02-18 18:47 - 2017-06-25 17:25 - 02253424 _____ () C:\Users\chris\AppData\Roaming\Spotify\libglesv2.dll
2017-02-18 18:47 - 2017-06-25 17:25 - 00086640 _____ () C:\Users\chris\AppData\Roaming\Spotify\libegl.dll
2017-05-15 21:22 - 2017-01-30 23:41 - 68875552 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2017-05-15 21:21 - 2017-04-26 01:55 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2017-01-13 19:33 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1245378809-2198360341-2726498664-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\chris\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
DNS Servers: 10.0.0.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "SteelSeries World of Warcraft MMO Gaming Mouse"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{6F9BBA92-004A-42F1-B81F-7DE02B06B35A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{54B5A5E2-603E-4F9D-BA89-39508F54AEF7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BD194B0B-5FA4-4EF1-BCC0-72B9BA8AC51D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{DFA9452C-C996-4BEA-82D6-A1B9A9E8982E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{C88B35CF-C639-4649-8041-241349C7117E}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{473193B5-4927-4B21-9881-22FC115FF265}C:\users\chris\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\chris\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{E23A47CE-CB54-455F-A673-A01692865746}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{5C66269E-769C-45DE-AAA6-BBD19938682F}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/07/2017 11:10:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:33:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:33:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:32:34 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:32:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\chris\Desktop\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:32:21 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:32:20 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:08:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:08:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\Audacity\audacity.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.

Error: (07/07/2017 09:08:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_108e4f62dfe5d999.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.15063.0_none_583b8639f462029f.manifest.


System errors:
=============
Error: (07/07/2017 09:32:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/07/2017 09:32:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\chris\AppData\Local\Temp\ehdrv.sys

Error: (07/07/2017 09:32:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/07/2017 09:32:49 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\chris\AppData\Local\Temp\ehdrv.sys

Error: (07/07/2017 09:32:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/07/2017 09:32:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\chris\AppData\Local\Temp\ehdrv.sys

Error: (07/07/2017 09:32:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/07/2017 09:32:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\chris\AppData\Local\Temp\ehdrv.sys

Error: (07/07/2017 09:32:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (07/07/2017 09:32:48 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\chris\AppData\Local\Temp\ehdrv.sys


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 42%
Total physical RAM: 8190.08 MB
Available physical RAM: 4703.32 MB
Total Virtual: 9470.08 MB
Available Virtual: 5858.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:110.42 GB) (Free:42.24 GB) NTFS
Drive d: (Volume) (Fixed) (Total:698.49 GB) (Free:574.29 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.49 GB) (Free:0.42 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (ESD-ISO) (CDROM) (Total:3.05 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 94AA1527)
Partition 1: (Active) - (Size=698.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: C74198B7)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Vielen dank für deine Hilfe, hätt da noch ne frage was empfiehlst du mir als kostenlosen virenschutz soll ich das Malwarebytes oben lassen und Avast entfernen oder solltens kaspersky oder norton sein?

es scheint so als würd da was hacken wenn ich malwarebytes öffnen will dauert das ewig

07.07.2017, 06:07	#8
M-K-D-B /// TB-Ausbilder	Ich glaub ich hab ein virus oder Trojaner Gut gemacht. Fehlen noch die Logdateien von MBAM3 und FRST.

07.07.2017, 20:00	#13
M-K-D-B /// TB-Ausbilder	Ich glaub ich hab ein virus oder Trojaner Gut gemacht. Fehlen noch die anderen Schritte.

Ich glaub ich hab ein virus oder Trojaner

Plagegeister aller Art und deren Bekämpfung: Ich glaub ich hab ein virus oder Trojaner