Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Mein Flugsimulator (Microsoft FSX) PC leidet plötzlich unter schlechten Bildwiederholungsraten (https://www.trojaner-board.de/184565-flugsimulator-microsoft-fsx-pc-leidet-ploetzlich-schlechten-bildwiederholungsraten.html)

cosinus 05.03.2017 11:59
Wir haben leider noch ne ältere Anleitung vom adwCleaner, bitte nochmal ausführen und so einstellen:

http://saved.im/mtg4nzk1egdo/malware...r-settings.png

ikarus2557 05.03.2017 13:12
hier nochmals das AdwCleaner log
Code:
# AdwCleaner v6.044 - Logfile created 05/03/2017 at 19:10:26
# Updated on 28/02/2017 by Malwarebytes
# Database : 2017-03-02.1 [Local]
# Operating System : Windows 10 Pro  (X64)
# Username : MSI_USER - DESKTOP-TUSRUQC
# Running from : C:\Users\MSI_USER\Desktop\AdwCleaner_6.044.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

No malicious folders found.


***** [ Files ] *****

No malicious files found.


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

No malicious registry entries found.


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [4397 Bytes] - [05/03/2017 09:40:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [4156 Bytes] - [05/03/2017 09:38:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [1147 Bytes] - [05/03/2017 19:10:26]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1220 Bytes] ##########

cosinus 05.03.2017 13:14
Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken

http://www.trojaner-board.de/picture...&pictureid=611

ikarus2557 05.03.2017 14:28

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 05-03-2017
Ran by MSI_USER (administrator) on DESKTOP-TUSRUQC (05-03-2017 20:14:15)
Running from C:\Users\MSI_USER\Desktop
Loaded Profiles: MSI_USER (Available Profiles: MSI_USER)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Common\MacriumService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(MSI) C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Beepa P/L) C:\Fraps\fraps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Beepa P/L) C:\Fraps\fraps64.dat
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Opera Software) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2016-01-16] (Pixart Imaging Inc)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [322472 2015-06-23] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Fast Boot] => C:\Program Files (x86)\MSI\Fast Boot\StartFastBoot.exe [759120 2015-04-22] ()
HKLM-x32\...\Run: [USB Security] => C:\Program Files (x86)\USB Disk Security\USBGuard.exe
HKLM-x32\...\Run: [CheckNDISPortF0ac7B] => C:\Program Files (x86)\Hostless Modem\Shared WiFi 3\CheckNDISPort_df.exe [417536 2013-03-02] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\Shared WiFi 3\CancelAutoPlay_df.exe [446720 2013-03-01] ()
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11340752 2016-07-19] (Micro-Star INT'L CO., LTD.)
HKLM-x32\...\Run: [ABNotify] => C:\Program Files (x86)\AOMEI Backupper\ABNotify.exe -auto
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\RunOnce: [Uninstall C:\Users\MSI_USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\MSI_USER\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\MountPoints2: {4f0748ac-bcc7-11e5-879d-806e6f6e6963} - "F:\AfmTool.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-01-17]
ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{51519eaa-519f-4a82-b642-48dbcb0c8d35}: [DhcpNameServer] 192.168.0.1 192.168.0.1
Tcpip\..\Interfaces\{9e7bd24b-3b46-4ab7-8720-2a997df0e4b8}: [DhcpNameServer] 110.78.191.20 110.78.191.21
ManualProxies:

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131330795521653461&GUID=9C8C9424-6892-407E-811E-F5F60EA9EE71
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131330795521658190&GUID=9C8C9424-6892-407E-811E-F5F60EA9EE71
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131330795521662334&GUID=9C8C9424-6892-407E-811E-F5F60EA9EE71
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF DefaultProfile: b4eo7tkp.default
FF ProfilePath: C:\Users\MSI_USER\AppData\Roaming\Mozilla\Firefox\Profiles\b4eo7tkp.default [2017-03-05]
FF Keyword.URL: Mozilla\Firefox\Profiles\b4eo7tkp.default -> user_pref("keyword.URL", true);
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_221.dll [2017-03-02] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_221.dll [2017-03-02] ()
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-01-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Search Know) - C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj [2017-03-04]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-06-23] (Intel Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [452096 2015-09-16] (Rivet Networks) [File not signed]
R2 MacriumService; C:\Program Files\Macrium\Common\MacriumService.exe [3877768 2016-12-12] (Paramount Software UK Ltd)
R2 MSI_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\FastBootService.exe [105296 2015-06-04] (MSI)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [2227152 2016-07-19] (Micro-Star INT'L CO., LTD.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-08] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-08] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-08] (NVIDIA Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-10-25] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [142904 2015-09-16] (Rivet Networks, LLC.)
S3 ElcMouLFlt; C:\WINDOWS\System32\drivers\ElcMouLFlt.sys [28648 2016-01-16] (ELECOM)
S3 ElcMouUFlt; C:\WINDOWS\System32\drivers\ElcMouUFlt.sys [27624 2016-01-16] (ELECOM)
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2016-01-16] ()
R3 KillerEth; C:\WINDOWS\System32\drivers\e22w10x64.sys [158272 2015-09-03] (Qualcomm Atheros, Inc.)
R3 NTIOLib_FastBoot; C:\Program Files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [13368 2012-10-26] (MSI)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-08] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [46016 2017-02-08] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-02-08] (NVIDIA Corporation)
S3 t_mouse.sys; C:\WINDOWS\system32\DRIVERS\t_mouse.sys [6144 2016-01-16] ()
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-01-17] (Intel Corporation)
S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 20:07 - 2017-03-05 20:08 - 00047740 _____ C:\Users\MSI_USER\Desktop\Addition.txt
2017-03-05 20:06 - 2017-03-05 20:14 - 00013191 _____ C:\Users\MSI_USER\Desktop\FRST.txt
2017-03-05 20:06 - 2017-03-05 20:06 - 00000000 ____D C:\Users\MSI_USER\Desktop\FRST-OlderVersion
2017-03-05 10:05 - 2017-03-05 10:24 - 00000000 ____D C:\ProgramData\eSellerate
2017-03-05 09:58 - 2017-03-05 09:58 - 00108383 _____ C:\Users\MSI_USER\Desktop\DiskTrix UltimateDefrag 4 - PC Aviator.html
2017-03-05 09:58 - 2017-03-05 09:58 - 00000000 ____D C:\Users\MSI_USER\Desktop\DiskTrix UltimateDefrag 4 - PC Aviator_files
2017-03-05 09:44 - 2017-03-05 09:44 - 00000872 _____ C:\Users\MSI_USER\Desktop\JRT.txt
2017-03-05 09:34 - 2017-03-05 19:10 - 00000000 ____D C:\AdwCleaner
2017-03-04 12:39 - 2017-03-04 12:39 - 00001291 _____ C:\Users\MSI_USER\Desktop\Google Chrome.lnk
2017-03-04 12:38 - 2017-03-04 12:38 - 00988928 _____ (Software Application Program ) C:\Users\MSI_USER\Downloads\adobe_flash_player.exe
2017-03-04 12:38 - 2017-03-04 12:38 - 00988928 _____ (Software Application Program ) C:\Users\MSI_USER\Downloads\adobe_flash_player (1).exe
2017-03-04 12:38 - 2017-03-04 12:38 - 00966152 _____ (Prog Internet Web ) C:\Users\MSI_USER\Downloads\FlashVideoPlayer.exe
2017-03-04 12:38 - 2017-03-04 12:38 - 00096512 _____ C:\Users\MSI_USER\Downloads\adobe_flash_player-68612565.exe
2017-03-04 12:38 - 2017-03-04 12:38 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}
2017-03-04 12:05 - 2017-03-04 13:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-04 12:05 - 2017-03-04 13:36 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-04 12:05 - 2017-03-04 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-03-04 12:05 - 2017-03-04 12:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-03-04 12:05 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-04 12:05 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-03 20:33 - 2017-03-05 20:04 - 00000000 ____D C:\Users\MSI_USER\Desktop\Trojaner-board.de.cosinus
2017-03-02 20:11 - 2017-03-02 20:11 - 00000609 _____ C:\Users\Public\Desktop\Fraps.lnk
2017-03-02 20:11 - 2017-03-02 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2017-03-02 16:46 - 2017-03-04 16:04 - 00015772 _____ C:\Users\MSI_USER\Desktop\fsx.CFG.low framerates
2017-02-28 19:51 - 2017-03-05 20:14 - 00000000 ____D C:\FRST
2017-02-28 19:48 - 2017-03-05 20:06 - 02423808 _____ (Farbar) C:\Users\MSI_USER\Desktop\FRST64.exe
2017-02-26 22:50 - 2017-02-26 22:50 - 00000000 ____D C:\Users\MSI_USER\ansel
2017-02-26 20:24 - 2017-02-26 20:24 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-26 20:24 - 2017-02-10 09:33 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-02-26 20:24 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-26 20:24 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-26 20:24 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-26 20:24 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-26 20:24 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-26 20:23 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 16871184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 13815192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00640272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00618416 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00605120 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00515648 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00483384 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00207672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00182952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00177808 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00152064 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00047664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-02-26 20:23 - 2017-02-10 09:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-02-26 20:23 - 2017-02-10 09:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-02-26 19:59 - 2017-02-26 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-02-26 19:59 - 2017-02-26 19:59 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-02-26 19:59 - 2017-02-26 19:59 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-02-26 19:59 - 2017-02-10 06:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-26 19:59 - 2017-02-08 18:57 - 01872320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01464768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 00120256 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-02-26 19:59 - 2017-02-08 17:54 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-02-26 19:58 - 2017-02-08 18:57 - 00156608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-02-26 19:58 - 2017-02-08 18:57 - 00124352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-02-26 19:58 - 2017-02-08 18:57 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-02-26 19:58 - 2017-02-08 18:57 - 00046016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-02-26 19:53 - 2017-02-26 19:56 - 78658464 _____ (NVIDIA Corporation) C:\Users\MSI_USER\Downloads\GeForce_Experience_v3.3.0.100.exe
2017-02-26 17:15 - 2017-02-26 17:15 - 02549112 _____ (Microsoft Corporation) C:\Users\MSI_USER\Downloads\DefaultPack.EXE
2017-02-26 17:15 - 2017-02-26 17:15 - 00315624 _____ (Microsoft Corporation) C:\Users\MSI_USER\Downloads\dx9websetup.exe
2017-02-26 11:15 - 2017-03-04 17:03 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\CrashDumps
2017-02-25 07:18 - 2017-02-27 19:35 - 00003210 _____ C:\WINDOWS\System32\Tasks\FRAPS
2017-02-24 19:33 - 2017-02-24 19:33 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2017-02-24 19:33 - 2017-02-24 19:33 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2017-02-19 14:57 - 2017-02-19 14:57 - 00000146 _____ C:\Users\MSI_USER\Desktop\Windows Defender - Shortcut (2).lnk
2017-02-16 21:20 - 2016-12-21 16:01 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-02-16 21:20 - 2016-12-21 16:01 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2017-02-16 21:20 - 2016-12-21 15:25 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2017-02-16 21:20 - 2016-12-21 14:18 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-02-16 21:20 - 2016-12-21 13:56 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-02-16 21:20 - 2016-12-21 12:41 - 04895744 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-02-16 21:20 - 2016-12-21 12:39 - 22373376 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-02-16 21:20 - 2016-12-21 12:15 - 07839232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-02-16 21:20 - 2016-12-21 12:06 - 03663872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-02-16 21:20 - 2016-12-21 12:03 - 18671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-02-16 21:20 - 2016-12-21 11:48 - 05658624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-02-16 21:20 - 2016-11-22 18:42 - 00384864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-02-16 21:20 - 2016-11-22 17:43 - 03692040 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-02-16 21:20 - 2016-11-22 17:36 - 00159640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2017-02-16 21:20 - 2016-11-22 17:35 - 00609056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-02-16 21:20 - 2016-11-22 17:35 - 00075448 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2017-02-16 21:20 - 2016-11-22 17:04 - 02549456 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2017-02-16 21:20 - 2016-11-22 17:03 - 01777280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-02-16 21:20 - 2016-11-22 17:02 - 01399216 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2017-02-16 21:20 - 2016-11-22 16:32 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-02-16 21:20 - 2016-11-22 16:24 - 02938408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-02-16 21:20 - 2016-11-22 16:21 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-02-16 21:20 - 2016-11-22 16:17 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2017-02-16 21:20 - 2016-11-22 16:16 - 00064072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2017-02-16 21:20 - 2016-11-22 16:13 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-02-16 21:20 - 2016-11-22 16:00 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2017-02-16 21:20 - 2016-11-22 15:59 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-02-16 21:20 - 2016-11-22 15:55 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-02-16 21:20 - 2016-11-22 15:50 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-02-16 21:20 - 2016-11-22 15:49 - 02195640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-02-16 21:20 - 2016-11-22 15:48 - 01522672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-02-16 21:20 - 2016-11-22 15:47 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2017-02-16 21:20 - 2016-11-22 15:35 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-02-16 21:20 - 2016-11-22 15:32 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-02-16 21:20 - 2016-11-22 15:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-02-16 21:20 - 2016-11-22 15:20 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2017-02-16 21:20 - 2016-11-22 15:12 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-02-16 21:20 - 2016-11-22 15:04 - 03587584 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-02-16 21:20 - 2016-11-22 14:57 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-02-16 21:20 - 2016-11-22 14:54 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2017-02-16 21:20 - 2016-11-22 14:53 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-02-16 21:20 - 2016-11-22 14:41 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-02-16 21:20 - 2016-11-22 14:38 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-02-16 21:20 - 2016-11-22 14:36 - 00766464 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-02-16 21:20 - 2016-11-22 14:26 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-02-16 21:20 - 2016-11-22 14:26 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-02-16 21:20 - 2016-11-22 14:21 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-02-16 21:20 - 2016-11-22 14:02 - 24610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-02-16 21:20 - 2016-11-22 14:01 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-02-16 21:20 - 2016-11-22 13:59 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-02-16 21:20 - 2016-11-22 13:55 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-02-16 21:20 - 2016-11-22 13:35 - 19350016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-02-16 21:20 - 2016-11-22 13:34 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-02-16 21:20 - 2016-11-02 22:12 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-02-16 21:20 - 2016-11-02 22:08 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-02-16 21:20 - 2016-11-02 21:25 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-02-16 21:20 - 2016-11-02 20:32 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-02-16 21:20 - 2016-11-02 20:31 - 00546968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-02-16 21:20 - 2016-11-02 19:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-02-16 21:20 - 2016-10-25 16:44 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-02-16 21:20 - 2016-10-25 16:44 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-02-16 21:20 - 2016-10-25 16:42 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-02-16 21:20 - 2016-10-25 16:42 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-02-16 21:20 - 2016-10-25 16:42 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-02-16 21:20 - 2016-10-25 16:42 - 01098648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 00125280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mup.sys
2017-02-16 21:20 - 2016-10-25 16:42 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2017-02-16 21:20 - 2016-10-25 16:41 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-02-16 21:20 - 2016-10-25 16:39 - 01238584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2017-02-16 21:20 - 2016-10-25 16:39 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-02-16 21:20 - 2016-10-25 16:34 - 00454496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2017-02-16 21:20 - 2016-10-25 16:26 - 00528736 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2017-02-16 21:20 - 2016-10-25 16:25 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-02-16 21:20 - 2016-10-25 16:24 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-02-16 21:20 - 2016-10-25 16:19 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2017-02-16 21:20 - 2016-10-25 16:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2017-02-16 21:20 - 2016-10-25 15:51 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2017-02-16 21:20 - 2016-10-25 15:50 - 00439136 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2017-02-16 21:20 - 2016-10-25 15:49 - 00588328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmdev.dll
2017-02-16 21:20 - 2016-10-25 15:49 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01552104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 01017024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 15:48 - 00847648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-02-16 21:20 - 2016-10-25 15:42 - 02607336 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-02-16 21:20 - 2016-10-25 15:42 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-02-16 21:20 - 2016-10-25 15:42 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-02-16 21:20 - 2016-10-25 15:39 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2017-02-16 21:20 - 2016-10-25 15:39 - 00730352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-02-16 21:20 - 2016-10-25 15:39 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2017-02-16 21:20 - 2016-10-25 15:38 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-02-16 21:20 - 2016-10-25 15:38 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-02-16 21:20 - 2016-10-25 15:38 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-02-16 21:20 - 2016-10-25 15:37 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-02-16 21:20 - 2016-10-25 15:37 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-02-16 21:20 - 2016-10-25 15:37 - 01603224 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2017-02-16 21:20 - 2016-10-25 15:37 - 01040792 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-02-16 21:20 - 2016-10-25 15:37 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2017-02-16 21:20 - 2016-10-25 15:35 - 06536248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2017-02-16 21:20 - 2016-10-25 15:34 - 01128104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2017-02-16 21:20 - 2016-10-25 15:34 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-02-16 21:20 - 2016-10-25 15:34 - 00106928 _____ (Microsoft Corporation) C:\WINDOWS\system32\phoneactivate.exe
2017-02-16 21:20 - 2016-10-25 15:33 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 01862000 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 00845568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2017-02-16 21:20 - 2016-10-25 15:32 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2017-02-16 21:20 - 2016-10-25 15:30 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-02-16 21:20 - 2016-10-25 15:30 - 00360288 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-02-16 21:20 - 2016-10-25 15:28 - 01083648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2017-02-16 21:20 - 2016-10-25 15:05 - 00712032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-02-16 21:20 - 2016-10-25 15:03 - 01988440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-02-16 21:20 - 2016-10-25 15:02 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-02-16 21:20 - 2016-10-25 15:02 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-02-16 21:20 - 2016-10-25 15:01 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-02-16 21:20 - 2016-10-25 15:01 - 00324448 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-02-16 21:20 - 2016-10-25 14:47 - 28851216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-02-16 21:20 - 2016-10-25 14:47 - 02641928 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVCORE.DLL
2017-02-16 21:20 - 2016-10-25 14:47 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2017-02-16 21:20 - 2016-10-25 14:46 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-02-16 21:20 - 2016-10-25 14:46 - 00376528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2017-02-16 21:20 - 2016-10-25 14:45 - 00503600 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2017-02-16 21:20 - 2016-10-25 14:45 - 00032096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2017-02-16 21:20 - 2016-10-25 14:40 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2017-02-16 21:20 - 2016-10-25 14:40 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-02-16 21:20 - 2016-10-25 14:39 - 00306840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 01349632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-02-16 21:20 - 2016-10-25 14:37 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-02-16 21:20 - 2016-10-25 14:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2017-02-16 21:20 - 2016-10-25 14:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2017-02-16 21:20 - 2016-10-25 14:32 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-02-16 21:20 - 2016-10-25 14:32 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfp.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 01824272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-02-16 21:20 - 2016-10-25 14:31 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-02-16 21:20 - 2016-10-25 14:30 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-02-16 21:20 - 2016-10-25 14:30 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2017-02-16 21:20 - 2016-10-25 14:30 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2017-02-16 21:20 - 2016-10-25 14:29 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-02-16 21:20 - 2016-10-25 14:27 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-02-16 21:20 - 2016-10-25 14:27 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-02-16 21:20 - 2016-10-25 14:27 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2017-02-16 21:20 - 2016-10-25 14:26 - 05240952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-02-16 21:20 - 2016-10-25 14:26 - 01355344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 00836752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 00569752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2017-02-16 21:20 - 2016-10-25 14:26 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-02-16 21:20 - 2016-10-25 14:24 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2017-02-16 21:20 - 2016-10-25 14:23 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2017-02-16 21:20 - 2016-10-25 14:22 - 00268040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2017-02-16 21:20 - 2016-10-25 14:22 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2017-02-16 21:20 - 2016-10-25 14:21 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-02-16 21:20 - 2016-10-25 14:21 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2017-02-16 21:20 - 2016-10-25 14:20 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2017-02-16 21:20 - 2016-10-25 14:19 - 00295776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-02-16 21:20 - 2016-10-25 14:19 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2017-02-16 21:20 - 2016-10-25 14:18 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-02-16 21:20 - 2016-10-25 14:18 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2017-02-16 21:20 - 2016-10-25 14:16 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-02-16 21:20 - 2016-10-25 14:14 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-02-16 21:20 - 2016-10-25 14:13 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardDlg.dll
2017-02-16 21:20 - 2016-10-25 14:13 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2017-02-16 21:20 - 2016-10-25 14:13 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpr.exe
2017-02-16 21:20 - 2016-10-25 14:12 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\racpldlg.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-02-16 21:20 - 2016-10-25 14:12 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-02-16 21:20 - 2016-10-25 14:10 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-02-16 21:20 - 2016-10-25 14:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MicrosoftAccountExtension.dll
2017-02-16 21:20 - 2016-10-25 14:10 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-02-16 21:20 - 2016-10-25 14:10 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2017-02-16 21:20 - 2016-10-25 14:09 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\oemlicense.dll
2017-02-16 21:20 - 2016-10-25 14:08 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiswan.sys
2017-02-16 21:20 - 2016-10-25 14:06 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-02-16 21:20 - 2016-10-25 14:06 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceConnectApi.dll
2017-02-16 21:20 - 2016-10-25 14:05 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2017-02-16 21:20 - 2016-10-25 14:05 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\FingerprintEnrollment.dll
2017-02-16 21:20 - 2016-10-25 14:04 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LegacyNetUXHost.exe
2017-02-16 21:20 - 2016-10-25 14:02 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-02-16 21:20 - 2016-10-25 14:02 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-02-16 21:20 - 2016-10-25 14:02 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2017-02-16 21:20 - 2016-10-25 14:00 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvc.dll
2017-02-16 21:20 - 2016-10-25 13:59 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2017-02-16 21:20 - 2016-10-25 13:58 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2017-02-16 21:20 - 2016-10-25 13:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-02-16 21:20 - 2016-10-25 13:58 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2017-02-16 21:20 - 2016-10-25 13:57 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2017-02-16 21:20 - 2016-10-25 13:57 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dot3ui.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00317952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2017-02-16 21:20 - 2016-10-25 13:56 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2017-02-16 21:20 - 2016-10-25 13:56 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-02-16 21:20 - 2016-10-25 13:55 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2017-02-16 21:20 - 2016-10-25 13:55 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2017-02-16 21:20 - 2016-10-25 13:54 - 00752128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2017-02-16 21:20 - 2016-10-25 13:54 - 00273760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-02-16 21:20 - 2016-10-25 13:54 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AdmTmpl.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-02-16 21:20 - 2016-10-25 13:53 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2017-02-16 21:20 - 2016-10-25 13:52 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostService.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFS.exe
2017-02-16 21:20 - 2016-10-25 13:51 - 00469504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsettingsprovider.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanui.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2017-02-16 21:20 - 2016-10-25 13:51 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExecModelClient.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXP.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneOm.dll
2017-02-16 21:20 - 2016-10-25 13:50 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2017-02-16 21:20 - 2016-10-25 13:49 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-02-16 21:20 - 2016-10-25 13:49 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WalletService.dll
2017-02-16 21:20 - 2016-10-25 13:49 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\netman.dll
2017-02-16 21:20 - 2016-10-25 13:48 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\system32\PortableDeviceApi.dll
2017-02-16 21:20 - 2016-10-25 13:48 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2017-02-16 21:20 - 2016-10-25 13:47 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-02-16 21:20 - 2016-10-25 13:46 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\windowsperformancerecordercontrol.dll
2017-02-16 21:20 - 2016-10-25 13:46 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2017-02-16 21:20 - 2016-10-25 13:46 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-02-16 21:20 - 2016-10-25 13:45 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-02-16 21:20 - 2016-10-25 13:44 - 01479168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2017-02-16 21:20 - 2016-10-25 13:44 - 00602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-02-16 21:20 - 2016-10-25 13:43 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2017-02-16 21:20 - 2016-10-25 13:43 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-02-16 21:20 - 2016-10-25 13:43 - 00440832 _____ (Microsoft Corporation) C:\WINDOWS\system32\certreq.exe
2017-02-16 21:20 - 2016-10-25 13:43 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 21:20 - 2016-10-25 13:42 - 01813504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2017-02-16 21:20 - 2016-10-25 13:42 - 00656896 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2017-02-16 21:20 - 2016-10-25 13:42 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-02-16 21:20 - 2016-10-25 13:42 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2017-02-16 21:20 - 2016-10-25 13:41 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 02331480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVCORE.DLL
2017-02-16 21:20 - 2016-10-25 13:40 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasgcw.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxApplicabilityEngine.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2017-02-16 21:20 - 2016-10-25 13:40 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WLanConn.dll
2017-02-16 21:20 - 2016-10-25 13:39 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00610304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmdrmsdk.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-02-16 21:20 - 2016-10-25 13:38 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-02-16 21:20 - 2016-10-25 13:37 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2017-02-16 21:20 - 2016-10-25 13:36 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-02-16 21:20 - 2016-10-25 13:36 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2017-02-16 21:20 - 2016-10-25 13:36 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 01434112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 01132544 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-02-16 21:20 - 2016-10-25 13:35 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 13:34 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-02-16 21:20 - 2016-10-25 13:34 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-02-16 21:20 - 2016-10-25 13:34 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-02-16 21:20 - 2016-10-25 13:33 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-02-16 21:20 - 2016-10-25 13:33 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2017-02-16 21:20 - 2016-10-25 13:33 - 00817152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Search.dll
2017-02-16 21:20 - 2016-10-25 13:33 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-02-16 21:20 - 2016-10-25 13:32 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 01037824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-02-16 21:20 - 2016-10-25 13:32 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2017-02-16 21:20 - 2016-10-25 13:30 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-02-16 21:20 - 2016-10-25 13:30 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-02-16 21:20 - 2016-10-25 13:29 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2017-02-16 21:20 - 2016-10-25 13:29 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-02-16 21:20 - 2016-10-25 13:29 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-02-16 21:20 - 2016-10-25 13:29 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-02-16 21:20 - 2016-10-25 13:28 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 02731008 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 01466368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Pimstore.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMNetMgr.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2017-02-16 21:20 - 2016-10-25 13:27 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-02-16 21:20 - 2016-10-25 13:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-02-16 21:20 - 2016-10-25 13:26 - 02103296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-02-16 21:20 - 2016-10-25 13:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-02-16 21:20 - 2016-10-25 13:25 - 01872896 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-02-16 21:20 - 2016-10-25 13:25 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2017-02-16 21:20 - 2016-10-25 13:25 - 01291776 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-02-16 21:20 - 2016-10-25 13:24 - 04456448 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-02-16 21:20 - 2016-10-25 13:24 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-02-16 21:20 - 2016-10-25 13:24 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2017-02-16 21:20 - 2016-10-25 13:23 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-02-16 21:20 - 2016-10-25 13:23 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 13:22 - 01424384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-02-16 21:20 - 2016-10-25 13:22 - 00638976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-02-16 21:20 - 2016-10-25 13:22 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-02-16 21:20 - 2016-10-25 13:21 - 02054144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-02-16 21:20 - 2016-10-25 13:21 - 01570816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-02-16 21:20 - 2016-10-25 13:21 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\licensingdiag.exe
2017-02-16 21:20 - 2016-10-25 13:21 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2017-02-16 21:20 - 2016-10-25 13:20 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2017-02-16 21:20 - 2016-10-25 13:19 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-02-16 21:20 - 2016-10-25 13:18 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-02-16 21:20 - 2016-10-25 13:17 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-02-16 21:20 - 2016-10-25 13:16 - 03415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2017-02-16 21:20 - 2016-10-25 13:16 - 01965568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2017-02-16 21:20 - 2016-10-25 13:16 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-02-16 21:20 - 2016-10-25 13:12 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2017-02-16 21:20 - 2016-10-25 13:11 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2017-02-16 21:20 - 2016-10-25 13:09 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-02-16 21:20 - 2016-10-25 13:09 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2017-02-16 21:20 - 2016-10-25 13:08 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2017-02-16 21:20 - 2016-10-25 13:07 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-02-16 21:20 - 2016-10-25 13:06 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2017-02-16 21:20 - 2016-10-25 13:05 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-02-16 21:20 - 2016-10-25 13:05 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdengin2.dll
2017-02-16 21:20 - 2016-10-25 13:05 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StikyNot.exe
2017-02-16 21:20 - 2016-10-25 13:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 06675968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-02-16 21:20 - 2016-10-25 13:03 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SCardDlg.dll
2017-02-16 21:20 - 2016-10-25 13:03 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 01755648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 01121792 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2017-02-16 21:20 - 2016-10-25 13:01 - 00183296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-02-16 21:20 - 2016-10-25 13:00 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-02-16 21:20 - 2016-10-25 13:00 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceClassExtension.dll
2017-02-16 21:20 - 2016-10-25 13:00 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-02-16 21:20 - 2016-10-25 12:59 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oemlicense.dll
2017-02-16 21:20 - 2016-10-25 12:57 - 02285568 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll
2017-02-16 21:20 - 2016-10-25 12:57 - 00833536 _____ (Microsoft Corporation) C:\WINDOWS\system32\pmcsnap.dll
2017-02-16 21:20 - 2016-10-25 12:56 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceConnectApi.dll
2017-02-16 21:20 - 2016-10-25 12:55 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-02-16 21:20 - 2016-10-25 12:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2017-02-16 21:20 - 2016-10-25 12:53 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-02-16 21:20 - 2016-10-25 12:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-02-16 21:20 - 2016-10-25 12:52 - 04170240 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-02-16 21:20 - 2016-10-25 12:52 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2017-02-16 21:20 - 2016-10-25 12:52 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-02-16 21:20 - 2016-10-25 12:51 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-02-16 21:20 - 2016-10-25 12:51 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 02874880 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcndmgr.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2017-02-16 21:20 - 2016-10-25 12:50 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\azroleui.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-02-16 21:20 - 2016-10-25 12:50 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 03081216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 01997312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 12:49 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dot3ui.dll
2017-02-16 21:20 - 2016-10-25 12:48 - 04826624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-02-16 21:20 - 2016-10-25 12:48 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2017-02-16 21:20 - 2016-10-25 12:48 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-02-16 21:20 - 2016-10-25 12:47 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-02-16 21:20 - 2016-10-25 12:47 - 00453632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AdmTmpl.dll
2017-02-16 21:20 - 2016-10-25 12:46 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-02-16 21:20 - 2016-10-25 12:46 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnfldr.dll
2017-02-16 21:20 - 2016-10-25 12:46 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 07977984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 00564736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2017-02-16 21:20 - 2016-10-25 12:45 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneOm.dll
2017-02-16 21:20 - 2016-10-25 12:44 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2017-02-16 21:20 - 2016-10-25 12:43 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-02-16 21:20 - 2016-10-25 12:43 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PortableDeviceApi.dll
2017-02-16 21:20 - 2016-10-25 12:43 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\filemgmt.dll
2017-02-16 21:20 - 2016-10-25 12:42 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll
2017-02-16 21:20 - 2016-10-25 12:42 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-02-16 21:20 - 2016-10-25 12:41 - 02444800 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-02-16 21:20 - 2016-10-25 12:41 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2017-02-16 21:20 - 2016-10-25 12:41 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-02-16 21:20 - 2016-10-25 12:40 - 01336832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2017-02-16 21:20 - 2016-10-25 12:40 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-02-16 21:20 - 2016-10-25 12:39 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-02-16 21:20 - 2016-10-25 12:39 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-02-16 21:20 - 2016-10-25 12:39 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certreq.exe
2017-02-16 21:20 - 2016-10-25 12:39 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2017-02-16 21:20 - 2016-10-25 12:38 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 04143104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WlanMM.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasgcw.dll
2017-02-16 21:20 - 2016-10-25 12:37 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 04646400 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-02-16 21:20 - 2016-10-25 12:36 - 00879616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00413696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WLanConn.dll
2017-02-16 21:20 - 2016-10-25 12:36 - 00153088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 02902528 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmdrmsdk.dll
2017-02-16 21:20 - 2016-10-25 12:35 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2017-02-16 21:20 - 2016-10-25 12:34 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2017-02-16 21:20 - 2016-10-25 12:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 12:34 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-02-16 21:20 - 2016-10-25 12:33 - 01063936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-02-16 21:20 - 2016-10-25 12:33 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-02-16 21:20 - 2016-10-25 12:32 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-02-16 21:20 - 2016-10-25 12:32 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2017-02-16 21:20 - 2016-10-25 12:32 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2017-02-16 21:20 - 2016-10-25 12:32 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-02-16 21:20 - 2016-10-25 12:32 - 00645632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Search.dll
2017-02-16 21:20 - 2016-10-25 12:31 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2017-02-16 21:20 - 2016-10-25 12:30 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-02-16 21:20 - 2016-10-25 12:29 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2017-02-16 21:20 - 2016-10-25 12:29 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-02-16 21:20 - 2016-10-25 12:29 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 02578432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 01186816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMNetMgr.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00882688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2017-02-16 21:20 - 2016-10-25 12:28 - 00760320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-02-16 21:20 - 2016-10-25 12:27 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-02-16 21:20 - 2016-10-25 12:27 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2017-02-16 21:20 - 2016-10-25 12:26 - 02563584 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2017-02-16 21:20 - 2016-10-25 12:26 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 03695104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 01309696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 12:25 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-02-16 21:20 - 2016-10-25 12:24 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2017-02-16 21:20 - 2016-10-25 12:24 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\licensingdiag.exe
2017-02-16 21:20 - 2016-10-25 12:23 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2017-02-16 21:20 - 2016-10-25 12:23 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2017-02-16 21:20 - 2016-10-25 12:23 - 00964096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-02-16 21:20 - 2016-10-25 12:22 - 01562624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2017-02-16 21:20 - 2016-10-25 12:21 - 03577344 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-02-16 21:20 - 2016-10-25 12:21 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-02-16 21:20 - 2016-10-25 12:20 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-02-16 21:20 - 2016-10-25 12:19 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-02-16 21:20 - 2016-10-25 12:17 - 00581632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2017-02-16 21:20 - 2016-10-25 12:14 - 02911744 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-02-16 21:20 - 2016-10-25 12:14 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-02-16 21:20 - 2016-10-25 12:14 - 00651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2017-02-16 21:20 - 2016-10-25 12:13 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-02-16 21:20 - 2016-10-25 12:12 - 11544576 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-02-16 21:20 - 2016-10-25 12:11 - 06471168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-02-16 21:20 - 2016-10-25 12:11 - 04078592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-02-16 21:20 - 2016-10-25 12:11 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-02-16 21:20 - 2016-10-25 12:10 - 01568256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-02-16 21:20 - 2016-10-25 12:10 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2017-02-16 21:20 - 2016-10-25 12:09 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dui70.dll
2017-02-16 21:20 - 2016-10-25 12:09 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-02-16 21:20 - 2016-10-25 12:05 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-02-16 21:20 - 2016-10-25 12:04 - 00835072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-02-16 21:20 - 2016-10-25 12:03 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2017-02-16 21:20 - 2016-10-25 12:02 - 06976512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-02-16 21:20 - 2016-10-25 12:02 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-02-16 21:20 - 2016-10-25 12:02 - 03459584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-02-16 21:20 - 2016-10-25 12:01 - 02361856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmcndmgr.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 02555904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-02-16 21:20 - 2016-10-25 12:00 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-02-16 21:20 - 2016-10-25 11:59 - 14258688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-02-16 21:20 - 2016-10-25 11:59 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-02-16 21:20 - 2016-10-25 11:59 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-02-16 21:20 - 2016-10-25 11:58 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-02-16 21:20 - 2016-10-25 11:58 - 07536128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-02-16 21:20 - 2016-10-25 11:57 - 06296064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-02-16 21:20 - 2016-10-25 11:56 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 02217984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-02-16 21:20 - 2016-10-25 11:55 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnfldr.dll
2017-02-16 21:20 - 2016-10-25 11:54 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-02-16 21:20 - 2016-10-25 11:53 - 03294208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-02-16 21:20 - 2016-10-25 11:53 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-02-16 21:20 - 2016-10-25 11:53 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-02-16 21:20 - 2016-10-25 11:52 - 03555840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-02-16 21:20 - 2016-10-25 11:52 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-02-16 21:20 - 2016-10-25 11:51 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\RADCUI.dll
2017-02-16 21:20 - 2016-10-25 11:50 - 01487872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-02-16 21:20 - 2016-10-25 11:48 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2017-02-16 21:20 - 2016-10-25 11:47 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-02-16 21:20 - 2016-10-25 11:46 - 02771968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-02-16 21:20 - 2016-10-25 11:45 - 02679808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2017-02-16 21:20 - 2016-10-25 11:44 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-02-16 21:20 - 2016-10-25 11:44 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2017-02-16 21:20 - 2016-10-25 11:43 - 04404736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2017-02-16 21:20 - 2016-10-25 11:43 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2017-02-16 21:20 - 2016-10-25 11:41 - 02519552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2017-02-16 21:20 - 2016-10-25 11:40 - 05325824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-02-16 21:20 - 2016-10-25 11:38 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-02-16 21:20 - 2016-10-25 11:37 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-02-16 21:20 - 2016-10-25 11:36 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-02-16 21:20 - 2016-10-25 11:35 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-02-16 21:20 - 2016-10-25 11:35 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2017-02-16 21:20 - 2016-10-25 11:34 - 02062336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-02-16 21:20 - 2016-10-25 11:34 - 01249280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-02-16 21:20 - 2016-10-25 11:34 - 01228800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-02-16 21:20 - 2016-10-25 11:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2017-02-16 21:20 - 2016-10-25 11:32 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-02-16 21:20 - 2016-10-25 11:32 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2017-02-16 21:20 - 2016-10-25 11:32 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-02-16 21:20 - 2016-10-25 11:30 - 12590080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-02-16 21:20 - 2016-10-25 11:29 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-02-16 21:20 - 2016-10-25 11:27 - 03065344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-02-16 21:20 - 2016-10-25 11:23 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2017-02-16 21:20 - 2016-10-25 11:21 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2017-02-16 21:20 - 2016-10-25 11:07 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-02-16 21:20 - 2016-10-25 09:19 - 00775336 _____ C:\WINDOWS\SysWOW64\locale.nls
2017-02-16 21:20 - 2016-10-25 09:19 - 00775336 _____ C:\WINDOWS\system32\locale.nls
2017-02-16 21:20 - 2016-10-25 08:47 - 00445873 _____ C:\WINDOWS\system32\ApnDatabase.xml
2017-02-16 21:20 - 2016-10-05 14:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-02-16 21:20 - 2016-10-05 14:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-02-16 21:20 - 2016-10-05 14:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-02-16 21:20 - 2016-10-05 14:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-02-16 21:20 - 2016-10-05 14:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-02-16 21:20 - 2016-10-05 13:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-02-16 21:20 - 2016-10-05 12:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-02-16 21:20 - 2016-10-05 12:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-02-16 21:20 - 2016-10-05 12:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-02-16 21:20 - 2016-10-05 12:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2017-02-16 21:20 - 2016-10-05 12:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-02-16 21:20 - 2016-10-05 11:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-02-16 21:20 - 2016-10-05 11:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2017-02-16 21:20 - 2016-10-05 11:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2017-02-16 21:20 - 2016-10-05 11:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-02-16 21:20 - 2016-10-05 11:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2017-02-16 21:20 - 2016-10-05 11:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-02-16 21:20 - 2016-10-05 11:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2017-02-16 21:20 - 2016-10-05 11:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2017-02-16 21:20 - 2016-10-05 11:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-02-16 21:20 - 2016-10-05 11:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-02-16 21:20 - 2016-10-05 11:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2017-02-16 21:20 - 2016-10-05 11:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2017-02-16 21:20 - 2016-10-05 11:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-02-16 21:20 - 2016-10-05 11:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2017-02-16 21:20 - 2016-10-05 11:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2017-02-16 21:20 - 2016-10-05 11:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-02-16 21:20 - 2016-10-05 11:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2017-02-16 21:20 - 2016-10-05 11:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-02-16 21:20 - 2016-10-05 11:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-02-16 21:20 - 2016-10-05 11:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-02-16 21:20 - 2016-10-05 11:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-02-16 21:20 - 2016-10-05 11:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2017-02-16 21:20 - 2016-10-05 11:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2017-02-16 21:20 - 2016-10-05 10:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-02-16 21:20 - 2016-10-05 10:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2017-02-16 21:20 - 2016-10-05 10:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2017-02-16 21:20 - 2016-10-05 10:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-02-16 21:20 - 2016-10-05 10:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2017-02-16 21:20 - 2016-10-05 10:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-02-16 21:20 - 2016-10-05 10:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2017-02-16 21:20 - 2016-10-05 10:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2017-02-16 21:20 - 2016-10-05 10:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2017-02-16 21:20 - 2016-10-05 10:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-02-16 21:20 - 2016-10-05 10:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2017-02-16 21:20 - 2016-10-05 10:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-02-16 21:20 - 2016-10-05 10:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-02-16 21:20 - 2016-10-05 09:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-02-16 21:20 - 2016-10-05 09:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-02-16 21:20 - 2016-09-27 09:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-02-16 21:20 - 2016-06-18 11:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2017-02-16 21:20 - 2016-06-18 11:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-02-16 21:20 - 2016-06-18 11:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2017-02-15 19:32 - 2017-02-15 19:32 - 00001133 _____ C:\Users\MSI_USER\Desktop\FlusiFix06.exe - Shortcut.lnk
2017-02-11 13:13 - 2017-02-11 13:13 - 00001090 _____ C:\Users\MSI_USER\Desktop\ACHTUNG.FSX PC NEW C+E Macrium auf seagate ROT - Shortcut.lnk
2017-02-10 21:30 - 2017-02-10 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSDG
2017-02-09 20:23 - 2017-02-09 20:23 - 00000000 ___HD C:\$WINDOWS.~BT
2017-02-09 12:45 - 2017-03-05 19:03 - 00765362 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-09 12:45 - 2017-03-05 19:03 - 00155416 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00305634 _____ C:\WINDOWS\system32\perfi007.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00040390 _____ C:\WINDOWS\system32\perfd007.dat
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\WINDOWS\SysWOW64\de
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\WINDOWS\system32\de
2017-02-09 12:45 - 2017-02-09 12:45 - 00000000 ____D C:\Program Files\Windows Journal
2017-02-09 11:02 - 2017-02-09 11:03 - 00000000 ____D C:\Users\MSI_USER\Downloads\1.openzip
2017-02-09 11:01 - 2017-02-09 11:02 - 02008000 _____ C:\Users\MSI_USER\Downloads\SimConnect.zip
2017-02-08 11:39 - 2017-02-08 11:39 - 00000919 _____ C:\Users\MSI_USER\Desktop\DESKTOP FSX - Shortcut.lnk
2017-02-08 11:38 - 2017-02-27 10:06 - 00000000 ___RD C:\Users\MSI_USER\Documents\DESKTOP FSX
2017-02-07 10:00 - 2017-02-07 13:30 - 00000546 _____ C:\WINDOWS\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19}.job
2017-02-07 10:00 - 2017-02-07 10:00 - 00003264 _____ C:\WINDOWS\System32\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19}
2017-02-07 08:55 - 2017-02-07 08:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2017-02-06 20:16 - 2017-02-06 20:16 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\France VFR
2017-02-06 19:38 - 2017-02-06 19:57 - 271322425 _____ () C:\Users\MSI_USER\Downloads\LFLB_FRANCEVFR-chambery_fsx.exe
2017-02-06 13:45 - 2017-02-06 13:45 - 08813488 _____ (Piriform Ltd) C:\Users\MSI_USER\Downloads\ccsetup526.exe
2017-02-06 13:41 - 2017-02-06 13:41 - 00000000 ____D C:\ProgramData\dbg
2017-02-06 13:37 - 2017-02-06 13:37 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2017-02-06 13:37 - 2017-02-06 13:37 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2017-02-06 13:37 - 2010-12-06 09:16 - 00090112 _____ (Vestris Inc.) C:\WINDOWS\system32\Vestris.ResourceLib.dll
2017-02-04 10:38 - 2017-02-05 11:49 - 00007168 _____ (painter) C:\WINDOWS\system32\painter_x64.dll
2017-02-03 20:27 - 2017-02-03 20:27 - 00000000 ____D C:\ProgramData\cGWJzVeUd0y
2017-02-03 20:23 - 2017-02-03 20:23 - 00001275 _____ C:\Users\Public\Desktop\FSX Booster Live.lnk
2017-02-03 20:23 - 2017-02-03 20:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSPS
2017-02-03 20:23 - 2017-02-03 20:23 - 00000000 ____D C:\Program Files (x86)\FSPS
2017-02-03 16:59 - 2016-09-23 02:07 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2017-02-03 16:50 - 2017-02-03 21:24 - 43236703 _____ C:\Users\MSI_USER\Downloads\north_american_ra-5c_vigilante.zip
2017-02-03 16:43 - 2017-02-03 16:50 - 38643176 _____ (VIRTUALI Sagl ) C:\Users\MSI_USER\Downloads\setup_addonmanagerX.exe
2017-02-03 16:39 - 2017-02-26 10:32 - 00003296 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-05 19:24 - 2016-01-18 01:12 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2017-03-05 19:03 - 2016-01-30 13:49 - 00004172 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6EF0C1BD-6B25-4ACC-94AA-4C1DA6F67AEA}
2017-03-05 19:03 - 2016-01-17 07:24 - 01802588 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-05 19:03 - 2015-10-30 14:21 - 00000000 ____D C:\WINDOWS\INF
2017-03-05 19:02 - 2016-01-17 09:45 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-05 19:02 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-05 10:42 - 2016-01-17 10:55 - 00000000 ____D C:\Users\MSI_USER\Documents\Flight Simulator X-Dateien
2017-03-05 10:29 - 2016-01-19 20:33 - 00000888 _____ C:\Users\MSI_USER\Desktop\fsx - Shortcut.lnk
2017-03-05 10:28 - 2016-01-17 09:47 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-05 10:28 - 2015-10-30 13:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2017-03-05 10:24 - 2016-01-17 08:01 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-05 07:53 - 2016-01-24 12:24 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-04 19:26 - 2016-09-10 18:49 - 00000142 _____ C:\Users\MSI_USER\Desktop\TO DO.txt
2017-03-04 15:19 - 2016-08-10 09:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-04 12:57 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\Registration
2017-03-04 12:12 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\tracing
2017-03-02 20:19 - 2016-09-07 10:16 - 00005163 _____ C:\Users\MSI_USER\Desktop\TO DO FSX.txt
2017-03-02 20:11 - 2016-08-08 13:03 - 00000000 ____D C:\Fraps
2017-03-02 20:10 - 2016-01-21 20:12 - 00000000 ____D C:\Users\Public\Documents\DX10SceneryFixer
2017-03-02 20:02 - 2016-01-23 10:44 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1453520686
2017-03-02 20:02 - 2016-01-23 10:44 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2017-03-02 20:02 - 2016-01-23 10:44 - 00000000 ____D C:\Program Files (x86)\Opera
2017-03-02 13:24 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-03-02 13:24 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-03-02 12:59 - 2016-01-17 08:37 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-03-02 12:59 - 2015-10-30 14:24 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-02 12:58 - 2016-01-17 08:37 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-03-02 12:58 - 2015-10-30 14:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-27 09:52 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\rescache
2017-02-26 22:52 - 2016-01-17 08:04 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\NVIDIA Corporation
2017-02-26 22:50 - 2016-01-17 09:45 - 00000000 ____D C:\Users\MSI_USER
2017-02-26 20:25 - 2016-01-17 09:45 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-26 20:25 - 2016-01-17 09:45 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-02-26 20:24 - 2016-01-17 09:45 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-02-26 19:59 - 2016-01-17 08:02 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\NVIDIA
2017-02-26 10:34 - 2016-01-24 12:24 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-26 10:34 - 2016-01-18 01:12 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\Adobe
2017-02-26 10:32 - 2016-01-17 07:37 - 00002372 _____ C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-26 10:32 - 2016-01-17 07:37 - 00000000 ___RD C:\Users\MSI_USER\OneDrive
2017-02-26 00:53 - 2016-01-18 01:14 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-26 00:13 - 2016-08-26 10:13 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2017-02-25 22:14 - 2016-08-16 08:12 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Virtuali
2017-02-24 20:27 - 2016-01-17 07:36 - 00000000 ____D C:\Users\MSI_USER\AppData\Local\Packages
2017-02-24 19:34 - 2016-01-17 09:44 - 00407464 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-24 19:33 - 2016-07-14 20:54 - 00000000 ____D C:\Program Files\CMAK
2017-02-24 19:33 - 2016-07-14 20:54 - 00000000 ____D C:\Program Files (x86)\CMAK
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\Provisioning
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Windows Defender
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-24 19:33 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-02-15 19:32 - 2016-01-18 19:50 - 00000000 ___RD C:\Users\MSI_USER\Documents\FSX
2017-02-12 13:25 - 2016-01-18 00:42 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-02-12 13:07 - 2016-01-28 11:13 - 00000000 ____D C:\Users\MSI_USER\Documents\Flight Simulator X Files
2017-02-12 12:58 - 2016-01-28 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Captain Sim
2017-02-12 12:55 - 2016-01-19 10:40 - 00000146 _____ C:\Users\MSI_USER\Desktop\Windows Defender - Shortcut.lnk
2017-02-12 12:52 - 2016-01-28 11:12 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Captain Sim
2017-02-12 12:44 - 2016-01-27 19:51 - 00000000 ____D C:\ProgramData\CaptainSim
2017-02-12 10:12 - 2016-08-22 15:33 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\CaptainSim
2017-02-11 02:29 - 2016-01-17 08:01 - 14516664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2017-02-10 09:33 - 2017-01-04 15:21 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 23738944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 20012720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 01600056 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-02-10 09:33 - 2016-01-17 08:01 - 00217528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-02-10 09:33 - 2016-01-17 08:01 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 09:33 - 2015-10-30 14:18 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\opencl.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2016-01-17 09:45 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2016-01-17 09:45 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-09 20:23 - 2016-01-18 00:44 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2017-02-09 12:45 - 2015-10-30 16:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\Com
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\IME
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\Help
2017-02-09 12:45 - 2015-10-30 14:24 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-02-09 12:45 - 2015-10-30 13:28 - 00000000 ____D C:\WINDOWS\servicing
2017-02-07 18:50 - 2016-01-26 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimMarket
2017-02-07 16:58 - 2016-08-13 20:33 - 00000000 ____D C:\Users\MSI_USER\Downloads\Macrium
2017-02-07 16:57 - 2016-01-18 01:39 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\vlc
2017-02-07 10:00 - 2016-08-25 11:51 - 00000000 ____D C:\Users\MSI_USER\Documents\Reflect
2017-02-07 08:55 - 2016-08-13 21:00 - 00000000 ____D C:\Program Files\Macrium
2017-02-07 08:55 - 2016-08-13 20:33 - 00000000 ____D C:\ProgramData\Macrium
2017-02-07 02:45 - 2015-10-30 14:26 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:45 - 2015-10-30 14:26 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 18:58 - 2016-08-17 20:00 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LLH
2017-02-06 13:48 - 2016-01-17 07:47 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-04 19:08 - 2016-01-17 07:42 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-02-04 19:03 - 2016-02-08 21:22 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2017-02-04 19:03 - 2016-02-08 21:21 - 00000000 ____D C:\ProgramData\InstallMate
2017-02-04 19:01 - 2016-01-20 13:05 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\NVIDIA
2017-02-04 10:38 - 2016-08-14 21:27 - 00003662 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-02-03 21:23 - 2016-02-08 21:20 - 00000000 ____D C:\Users\MSI_USER\AppData\Roaming\Rikoooo
2017-02-03 18:33 - 2016-01-18 01:14 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-02-03 17:07 - 2016-01-20 19:18 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2017-02-03 17:06 - 2016-01-20 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A2A Simulations
2017-02-03 17:00 - 2016-01-17 07:46 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-02-03 17:00 - 2016-01-17 07:46 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-02-03 16:36 - 2015-10-30 14:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-03 14:37 - 2016-10-20 10:56 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat

==================== Files in the root of some directories =======

2016-01-22 23:01 - 2016-08-04 11:01 - 0000231 _____ () C:\Users\MSI_USER\AppData\Roaming\WB.CFG
2016-01-17 07:40 - 2016-01-17 07:40 - 0000000 _____ () C:\Users\MSI_USER\AppData\Local\Driver_LOM_8161Present.flag

Files to move or delete:
====================
C:\Users\MSI_USER\FSDreamTeam_Geneva.reg
C:\Users\MSI_USER\FSDreamTeam_Hawaiian Airports Volume 1.reg
C:\Users\MSI_USER\FSDreamTeam_Hawaiian Airports Volume 2.reg
C:\Users\MSI_USER\FSDreamTeam_Honolulu.reg
C:\Users\MSI_USER\FSDreamTeam_ZurichX.reg


Some files in TEMP:
====================
2016-09-15 21:04 - 2017-02-07 08:05 - 46580704 _____ (Paramount Software UK Ltd) C:\Users\MSI_USER\AppData\Local\Temp\reflectPatch.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-24 15:23

==================== End of FRST.txt ============================
--- --- ---

ikarus2557 05.03.2017 14:30
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by MSI_USER (05-03-2017 20:14:28)
Running from C:\Users\MSI_USER\Desktop
Windows 10 Pro Version 1511 (X64) (2016-01-17 02:48:13)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-465342472-1690862640-1647311925-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-465342472-1690862640-1647311925-503 - Limited - Disabled)
Guest (S-1-5-21-465342472-1690862640-1647311925-501 - Limited - Disabled)
MSI_USER (S-1-5-21-465342472-1690862640-1647311925-1001 - Administrator - Enabled) => C:\Users\MSI_USER

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

737 Captain (737-100 Expansion Model) 1.5 (HKLM-x32\...\e731) (Version: 1.5.00 - ฉ 1999-2012 Captain Sim)
737 Captain (737-100 Exterior Model) 0.2 (HKLM-x32\...\x730) (Version: 0.2.00 - ฉ 1999-2011 Captain Sim)
777 Captain (777-200 Exterior Model) 0.1 (HKLM-x32\...\x770) (Version: 0.1.00 - ฉ 1999-2011 Captain Sim)
Accu-Feel (HKLM-x32\...\Accu-Feel) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
aerosoft's - Lukla X - Mount Everest (HKLM-x32\...\{EF32F291-8B08-43EF-8BAA-58B9F8C9540F}) (Version: 1.00 - aerosoft)
aerosoft's - Menorca X for FSX (HKLM-x32\...\{5BD1BBB6-DC09-420F-B459-DD61DD351541}) (Version: 1.00 - aerosoft)
Aerosoft's - MonacoX (HKLM-x32\...\{B56D25A0-1316-4255-AB45-1147C9D01C5E}) (Version: 1.02 - Aerosoft)
aerosoft's - Nice Cote dAzur X (HKLM-x32\...\{90447E05-DE8E-470D-8D3E-C871D2AE74AF}) (Version: 1.10 - aerosoft)
Aerosoft's - Piper Cheyenne FSX (HKLM-x32\...\{B7429839-9FAE-448E-8413-4888DCFE064F}) (Version: 1.00 - Aerosoft)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.00.976 - AIMP DevTeam)
Airbus A320 Family Mega Pack FSX & P3D (HKLM\...\{B3433E82-1261-4523-9D4E-BEC8CA678D50}) (Version: 1 - Project Airbus & its collaborators, François Doré, repack by Luis Quintero)
ALABEO Pitts S-2S (HKLM-x32\...\ALABEO Pitts S-2S) (Version: 1.00.00.00 - ALABEO)
Alphasim EFA Typhoon FSX & P3D (HKLM\...\{35F708C4-5C11-46C5-B4A1-EFA97EC214DE}) (Version: 1 - Alphasim/Virtavia)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Antonov An-2 0.9.7 (HKLM-x32\...\{7cd9d678-9999-4f1e-8ae0-24f71faad1a0}_is1) (Version: 0.9.7 - SibWings)
B1900D HD SERIES FSX/P3D (HKLM-x32\...\B1900D HD SERIES FSX/P3D) (Version: 1.00.00.00 - Carenado)
BAE Red Arrows Hawk T1 (HKLM-x32\...\BAE Red Arrows Hawk T1) (Version:  - )
Basler BT-67 Base Pack V2 FSX SP2 & P3D (HKLM\...\{EB6BE03D-1D14-4137-AAE8-6DEEBDB8575D}) (Version: 1 - Manfred Jahn, Daniel Fuernkaess, Alexander M. Metzger, Hansjoerg Naegele)
Boeing 777-200ER Ultimate Pack (HKLM\...\{5849CFC1-98B4-4B0A-98F7-86322E790294}) (Version: 1 - Project OpenSky, update by Hanzalah Ravat)
Boeing P8-A Poseidon (HKLM\...\{0D1B836B-D6BC-4C8B-9B06-CE966304893D}) (Version: 1 - Model by TDS, enhanced by Alejandro Rojas Lucena, packaged by Chris Evans)
C90B King Air HD SERIES FSX (HKLM-x32\...\C90B King Air HD SERIES FSX) (Version: 1.00.00.00 - Carenado)
Carenado Baron 58 FSX (HKLM-x32\...\Carenado Baron 58 FSX) (Version: 1.00.00.00 - Carenado)
Carenado C340 II FSX (HKLM-x32\...\Carenado C340 II FSX) (Version: 1.00.00.00 - Carenado)
Carenado F33A Bonanza (HKLM-x32\...\Carenado F33A Bonanza) (Version: 1.00.00.00 - Carenado)
Carenado PA28-181 ARCHER II FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\Carenado PA28-181 ARCHER II FSX) (Version:  - )
Carenado Piper Cherokee FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\Carenado Piper Cherokee FSX) (Version:  - )
Carenado V35B Bonanza for FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\Carenado V35B Bonanza for FSX) (Version:  - )
Cessna Citation Excel XLS+ (HKLM\...\{66DB8AF6-8736-40AB-BC09-7168A951B8B7}) (Version: 1 - Aryus Works, Alex Sandro Guedes Silva, Jeffrey S. Bryner, Christoffer Petersen, Bigmike)
CH Control Manager Software (HKLM-x32\...\CHControlManager_is1) (Version:  - )
CLS Piper Arrow (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\CLS Piper Arrow) (Version:  - )
DX10 Scenery Fixer (HKLM-x32\...\{BEC93831-5B06-4A2B-911E-DCC135AFCA08}) (Version: 3.0.92.1 - Stevefx)
EMB500 Phenom 100 FSX/P3D (HKLM-x32\...\EMB500 Phenom 100 FSX/P3D) (Version: ${PRODUCT_VERSION} - Carenado)
EMB505 Phenom 300 v1.3 (HKLM-x32\...\EMB505 Phenom 300 v1.3with Navigraph Pack 1.1FSX) (Version: with Navigraph Pack 1.1 - Carenado)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
F-8 Vought Crusader v2 (HKLM\...\{B88A5BAF-08DB-4704-A587-8B04DCDBA672}) (Version: 2 - Alphasim/Virtavia. Henk Schuitemaker)
F9F Panther (HKLM-x32\...\F9F Panther) (Version:  - )
Fiji Photoreal Package Western FSX & P3D (HKLM\...\{DC17D3A5-1F2A-47F2-8FDD-6F5550C6030E}) (Version: 1 - Tiberius Kowalski)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version:  - )
FlyLogic's - Altenrhein X (HKLM-x32\...\{E5326C48-869C-43C0-A78E-B531CCFF066B}) (Version: 1.00 - FlyLogic)
Fraps (HKLM-x32\...\Fraps) (Version:  - )
FSDG-Paro (HKLM-x32\...\FSDG-Paro) (Version:  - )
FSDreamTeam Geneva FSX (HKLM-x32\...\FSDreamTeam Geneva FSX_is1) (Version: 1.7.1 - VIRTUALI Sagl)
FSDreamTeam Hawaiian Airports Volume 1 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 1 FSX_is1) (Version: 1.8.3 - VIRTUALI Sagl)
FSDreamTeam Hawaiian Airports Volume 2 FSX (HKLM-x32\...\FSDreamTeam Hawaiian Airports Volume 2 FSX_is1) (Version: 1.5.3 - VIRTUALI Sagl)
FSDreamTeam Honolulu International FSX (HKLM-x32\...\FSDreamTeam Honolulu International FSX_is1) (Version: 1.4.3 - VIRTUALI Sagl)
FSDreamTeam ZurichX FSX (HKLM-x32\...\FSDreamTeam ZurichX FSX_is1) (Version: 2.7.1 - VIRTUALI Sagl)
FSX & P3D - Hawaii Photoreal Vol. 3 - The Big Island v.0.93 version 0.93 (HKLM-x32\...\{C81E0194-A136-4653-9EB6-E9B7C3BD05C7}_is1) (Version: 0.93 - AveMetal Entertainment, Inc.)
FSX Booster Live (HKLM-x32\...\{D364ED64-2EEE-440F-83C8-0589EA17F6BF}) (Version: 1.1.0.0 - FSPS)
GOM Player (HKLM-x32\...\GOM Player) (Version: 2.2.69.5227 - Gretech Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
H25B_H850XP FSX/P3D (HKLM-x32\...\H25B_H850XP FSX/P3D) (Version: ${PRODUCT_VERSION} - Carenado)
Hawaii Oahu (HKLM-x32\...\MegaSceneryX_is1) (Version: 1 - PC Aviator Inc.)
ICE AI Traffic for FSX (5.00) version 5.00 (HKLM-x32\...\{5F23C994-DED7-4AE0-B899-BBCBC57FC0F8}_is1) (Version: 5.00 - ICE AI Traffic Group)
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1158 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.0.1081 - Intel Corporation)
ItalySim-LICA 2016 (HKLM-x32\...\ISD-LICA2016-18199E96-4C34-473F-9530-E949D9209CE6_is1) (Version: 1.0.0.0 - SimMarket)
JetStream Designs LFML X 2013 (HKLM-x32\...\FSX_JETSTREAM_DESIGN_LFML_X_2013_is1) (Version: 1.0.0.0 - SimMarket)
JetStream Designs Palermo LICJ (HKLM-x32\...\JETSTREAMDESIGN-PALERMOLICJ-08588E01-7F3A-401B-A~17A2AB48_is1) (Version: 1.0.0.0 - SimMarket)
Just Flight - DC-8 Jetliner Series 10 to 40 (HKLM-x32\...\{14410905-9476-45D9-AC33-3DEDC9BDD257}) (Version: 1.00.0000 - Just Flight)
Just Flight - MilViz F-15E Strike Eagle (HKLM-x32\...\{AFCBCDA6-98C4-4D33-BA8F-3168A1860608}) (Version: 1.00.000 - Just Flight)
Just Flight Constellation Professional (HKLM-x32\...\{070B2AFF-E7F2-4085-83CD-5ED64A4C9CE5}) (Version: 1.00.000 - )
Just Flight MD-81/82 Jetliner (HKLM-x32\...\{6AA6251B-B7C8-40FC-8FB9-DCB9D81BE4C7}) (Version: 1.00.000 - )
Killer Bandwidth Control Filter Driver (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer E220x Drivers (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Network Manager (Version: 1.1.56.1120 - Rivet Networks) Hidden
Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1120 - Rivet Networks)
L-1011 Captain (1011-1 Exterior Model) 0.1 (HKLM-x32\...\l111) (Version: 0.1.00 - ฉ 1999-2013 Captain Sim)
LFKB Bastia Poretta v1.1 (HKLM-x32\...\RFSCENERYBUILDING_LFKB_is1) (Version: 1.1.0.0 - SimMarket)
LFLB - Chamb้ry Aix les Bains FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\LFLB - Chamb้ry Aix les Bains FSX) (Version:  - )
LFMD Cannes FSX version 1.01 (HKLM-x32\...\{75CBE292-551C-4CBD-89D4-D57733A4B14E}_is1) (Version: 1.01 - LMT SIMULATION)
LICC_Catania-Fontanarossa (HKLM-x32\...\RFS_LICC_CATANIA_FONTANAROSSA_is1) (Version: 1.1.0.0 - SimMarket)
LLH1 (HKLM-x32\...\LLH1) (Version:  - )
LLH9 (HKLM-x32\...\LLH9) (Version:  - )
Lockheed L-1049H Super Constellation FSX  (HKLM\...\{9C5D1F18-A234-4162-BEA8-4C90FF362EA4}) (Version:  - Manfred Jahn)
LSMP Airbase Payerne Version 3 (HKLM-x32\...\LSMP Airbase Payerne Version 3) (Version:  - )
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.3 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.3.1665 - Paramount Software (UK) Ltd.) Hidden
Mailsoft's - Birrfeld X (HKLM-x32\...\{F3F3CA83-5D04-4F6F-9234-0E3557CEADBD}) (Version: 1.00 - Mailsoft)
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MeatWater FO Altitude Callouts v1.0 (HKLM-x32\...\MeatWater FO Altitude Callouts v1.0) (Version:  - )
MegaSceneryEarth Seattle Ultra Res 001 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 001 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 002 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 002 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 003 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 003 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 004 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 004 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 005 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 005 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 006 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 006 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 007 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 007 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 008 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 008 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 009 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 009 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 010 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 010 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 011 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 011 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Seattle Ultra Res 012 2.0 (HKLM-x32\...\MegaSceneryEarth Seattle Ultra Res 012 2.0) (Version: 2.0 - MegaSceneryEarth)
MegaSceneryEarth Washington Charts 2.0 (HKLM-x32\...\MegaSceneryEarth Washington Charts 2.0) (Version: 2.0 - MegaSceneryEarth)
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (HKLM-x32\...\{D61CA184-3F6D-4A50-B2CC-7A18447D6A8D}) (Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft OneDrive (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
MSI Fast Boot (HKLM-x32\...\{0F212E7A-65EB-4668-A8D7-749026A64F8E}_is1) (Version: 1.0.1.8 - MSI)
MSI Live Update 6 (HKLM-x32\...\{4F46CF54-47D2-41F4-B230-B0954C544420}}_is1) (Version: 6.1.021 - MSI)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
North American F-86 EF Sabre FSX  (HKLM\...\{B8876B7C-AAF9-4ACB-B0A4-D33113B9E855}) (Version:  - SECTIONF8)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.100 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.100 - NVIDIA Corporation)
NVIDIA Graphics Driver 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.21 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.100 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.11.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OpenOffice 4.1.2 (HKLM-x32\...\{F5CAB1AF-7B1A-4CEC-B829-A3F699473AE1}) (Version: 4.12.9782 - Apache Software Foundation)
Opera Stable 43.0.2442.1144 (HKLM-x32\...\Opera 43.0.2442.1144) (Version: 43.0.2442.1144 - Opera Software)
P-3C Orion V3.31 (HKLM\...\{CE6DA500-D22D-4DDF-BE50-4ECFB65FE06E}) (Version: 2 - Team FS KBT)
PA34 200T SENECA II FSX (HKLM-x32\...\PA34 200T SENECA II FSX) (Version: 1.00.00.00 - Carenado)
Pilatus PC-7 V2.0 FSX FSX (HKLM\...\{5556F404-3009-46E8-90CD-0EF7A16F4850}) (Version: FSX - Tim Piglet Conrad)
QualityWings Ultimate 146 Collection FSX (HKLM-x32\...\QualityWings Ultimate 146 Collection FSX) (Version:  - )
RAZBAM LTV A-7 E & D Corsair II Volume I (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\RAZBAM LTV A-7 E & D Corsair II Volume I) (Version:  - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
SAAB 91 Safir X 3.0.2 (HKLM-x32\...\{971F7265-110A-4A7E-A159-3DB0A3CE4C63}_is1) (Version: 3.0.2 - SibWings lab)
SBD Dauntless FSX (HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\SBD Dauntless FSX) (Version:  - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.100 - NVIDIA Corporation) Hidden
Skydesigners - LFTZ Saint-Tropez La Mole Airport (HKLM-x32\...\FSX_SKYDESIGNERS_LFTZ_SAINT_TROPEZ_LA_MOLE_is1) (Version: 1.0.0.0 - SimMarket)
SOD Dragoneye HK v2 (HKLM-x32\...\SOD_DRAGONEYE_HK_V2_is1) (Version: 1.0.0.0 - SimMarket)
UKMIL Buccaneer S2 PACKAGE FSX & P3D (HKLM\...\{A1BA46E2-9D56-4DDC-93E7-EBAE79BF4214}) (Version: 1 - UKMIL)
USB Disk Security (HKLM-x32\...\USB Disk Security_is1) (Version:  - Zbshareware Lab)
Vickers Viking for FSX (HKLM-x32\...\{74DEA96E-53A5-4616-A267-71A714A10840}) (Version: 1.00.0000 - Jens B. Kristensen)
VIRTUALI Addon ManagerX FSX (HKLM-x32\...\VIRTUALI Addon ManagerX FSX_is1) (Version: 3.1.0.1 - VIRTUALI Sagl)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Your Uninstaller! 7 (HKLM-x32\...\YU2010_is1) (Version: 7.4.2012.5 - URSoft, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1B801D7D-1A90-4D1D-82A6-FD5C14CCFD32} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {21DDB531-EF3E-4BB1-AC58-F9D081CB2F47} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {285F3B85-892B-44DA-81AE-FD1DEEE82814} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {2A74CB1A-9F5C-4761-BF9E-11A658B174AA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {3425460B-F385-4591-A52F-A94AEB7EABF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-08] (NVIDIA Corporation)
Task: {37223355-7936-4B91-9282-7250B86333BA} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-08] (NVIDIA Corporation)
Task: {561CF9CE-1BA1-443F-8B4E-2E28F7BA5260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-08] (NVIDIA Corporation)
Task: {6034BD26-6F4A-44CC-A7F1-6D192FA8AE49} - System32\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19} => C:\program files\macrium\reflect\Reflect.exe [2016-12-12] (Paramount Software UK Ltd)
Task: {7C513035-1B3C-4AAD-8044-DDBD01A77CFF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-02] (Adobe Systems Incorporated)
Task: {7D48E2EC-CBBF-4E60-A950-20B7370359A1} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-08] (NVIDIA Corporation)
Task: {88E09071-B3C7-43D5-9D4F-916EA872D4BD} - System32\Tasks\FRAPS => C:\Fraps\fraps.exe [2015-09-05] (Beepa P/L)
Task: {A2D7DAFC-2FCE-4F9A-9A11-FF1EFE9C184A} - System32\Tasks\Opera scheduled Autoupdate 1453520686 => C:\Program Files (x86)\Opera\launcher.exe [2017-02-27] (Opera Software)
Task: {B8F7B765-1BF8-412A-8987-3DFDEB503081} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-17] (Google Inc.)
Task: {B9A03441-08A4-4C83-8671-32215926C9BC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-26] (Adobe Systems Incorporated)
Task: {C2D83748-8C30-4C7C-A750-B9E055555514} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)
Task: {F305DA39-12FB-406A-A015-DB73972BCB32} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-08] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Macrium-Backup-{D5990322-26A1-4F98-89E8-86A839B05F19}.job => C:\program files\macrium\reflect\Reflect.exe t-e -w -dp C:\Users\MSI_USER\Documents\Reflect\My Backup C + E.xml

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Pilatus PC-7 V2.0 FSX\www.rikoooo.com.lnk -> hxxp://www.rikoooo.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\North American F-86 EF Sabre FSX\www.rikoooo.com.lnk -> hxxp://www.rikoooo.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\North American F-86 EF Sabre FSX\www.sectionf8.com.lnk -> hxxp://www.sectionf8.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Lockheed L-1049H Super Constellation FSX\calclassic.proboards55.com.lnk -> hxxp://calclassic.proboards55.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Lockheed L-1049H Super Constellation FSX\www.calclassic.com.lnk -> hxxp://www.calclassic.com
Shortcut: C:\Users\MSI_USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons\Lockheed L-1049H Super Constellation FSX\www.rikoooo.com.lnk -> hxxp://www.rikoooo.com

ShortcutWithArgument: C:\Users\MSI_USER\Documents\DESKTOP\ARCHIV 1\Shared WiFi 3.lnk -> C:\Program Files (x86)\Hostless Modem\Shared WiFi 3\LaunchWebUI.exe () -> hxxp://m.home

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 14:18 - 2015-10-30 14:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-17 09:45 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-02-16 21:20 - 2016-10-25 16:42 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-18 00:42 - 2016-01-18 00:42 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-14 11:37 - 2016-07-01 10:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-02-16 21:20 - 2016-10-25 11:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-02-16 21:20 - 2016-10-25 11:44 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-16 21:20 - 2016-10-25 11:45 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-02-16 21:20 - 2016-10-25 11:48 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-08-04 11:33 - 2005-07-18 13:43 - 00160256 _____ () C:\Program Files (x86)\MSI\Live Update\unrar.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-02-26 19:59 - 2017-02-08 18:57 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2016-07-11 21:55 - 2016-07-11 21:55 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-07-11 21:55 - 2016-07-11 21:56 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2017-02-26 19:59 - 2017-02-08 18:56 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-26 19:59 - 2017-02-08 17:54 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2017-02-26 19:59 - 2017-02-08 17:54 - 02807232 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2017-02-26 19:59 - 2017-02-08 17:54 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-03-02 20:01 - 2017-03-02 20:01 - 39821912 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_browser.dll
2017-03-02 20:01 - 2017-03-02 20:01 - 45842008 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\opera_child.dll
2017-03-02 20:01 - 2017-03-02 20:01 - 01930328 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libglesv2.dll
2017-03-02 20:01 - 2017-03-02 20:01 - 00087640 _____ () C:\Program Files (x86)\Opera\43.0.2442.1144\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-01-17 07:08 - 2016-01-17 07:07 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-465342472-1690862640-1647311925-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\MSI_USER\AppData\Local\Packages\Microsoft.Windows.Photos_8wekyb3d8bbwe\LocalState\PhotosAppBackground\{a702d396-7125-4a27-8cf7-8a3365003199}.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\StartupFolder: => "Killer Network Manager.lnk"
HKLM\...\StartupApproved\Run: => "MouseDriver"
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "Acronis Scheduler2 Service"
HKLM\...\StartupApproved\Run32: => "Live Update"
HKLM\...\StartupApproved\Run32: => "Fast Boot"
HKLM\...\StartupApproved\Run32: => "USB Security"
HKLM\...\StartupApproved\Run32: => "AcronisTibMounterMonitor"
HKLM\...\StartupApproved\Run32: => "TrueImageMonitor.exe"
HKLM\...\StartupApproved\Run32: => "adm_tray.exe"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPortF0ac7B"
HKU\S-1-5-21-465342472-1690862640-1647311925-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_566FF74826DC815D3E0370C0C29D28A3"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{DFC29034-E9F3-45B6-8F27-9E2A7955E4C4}C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe] => (Allow) C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [TCP Query User{829D104F-3C9B-4B6B-ADFA-06C026871431}C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe] => (Allow) C:\users\msi_user\appdata\local\microsoft\onedrive\onedrive.exe
FirewallRules: [{694024F0-FC8F-4EFF-97AC-4118E714BC82}] => (Allow) C:\Users\MSI_USER\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{5242918F-7C07-40C0-AD5A-F4A2C4E9E28B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{0D139D88-1BA6-4D4C-94F4-0B3A2330E4FD}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.991\opera.exe
FirewallRules: [{0DB6C35C-3BCB-4070-A309-EFBA91EDFA41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{4DB5F2DC-1688-41EC-9CA2-2C5257F5B36A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{07DE7EEF-1141-4D87-B464-64CD509BDA0E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{A5B5CF15-232A-4360-86FF-B612C302ACBD}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5DF56E8C-6A83-4F27-A434-2054E29B809B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{8CB826C4-2343-4C6C-9803-753965FC77BB}] => (Allow) C:\Program Files (x86)\Opera\43.0.2442.1144\opera.exe

==================== Restore Points =========================

02-03-2017 12:58:36 Windows Update
04-03-2017 12:45:43 Malwarebytes Anti-Rootkit Restore Point
04-03-2017 12:56:31 Malwarebytes Anti-Rootkit Restore Point
05-03-2017 09:43:02 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/05/2017 07:34:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\MSI_USER\Documents\DESKTOP\esetsmartinstaller_deu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/05/2017 07:34:43 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\MSI_USER\Documents\DESKTOP\esetsmartinstaller_deu (1).exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/05/2017 10:16:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Users\MSI_USER\Downloads\esetsmartinstaller_deu.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_a2d6b3cea53ff843.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.672_none_ea83eaa5b9bc2149.manifest.

Error: (03/05/2017 09:43:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/04/2017 07:55:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program fsx.exe version 10.0.61637.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1420

Start Time: 01d294e236d5c3c6

Termination Time: 4294967295

Application Path: E:\FSX NEW\fsx.exe

Report Id: ccf23cbf-00d9-11e7-882d-344b50b7ef1c

Faulting package full name:

Faulting package-relative application ID:

Error: (03/04/2017 05:03:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7e91070e
Faulting process id: 0x100
Faulting application start time: 0x01d294ce887ea8ee
Faulting application path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Faulting module path: unknown
Report Id: 2a3c3442-4b85-4cc3-a659-c4311142246b
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 03:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Faulting module name: ntdll.dll, version: 10.0.10586.672, time stamp: 0x580efaf8
Exception code: 0xc0000029
Fault offset: 0x000a2387
Faulting process id: 0x1af4
Faulting application start time: 0x01d294c2f5fe9d2d
Faulting application path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3a9c6c30-45a0-429a-a0f6-75e9de17e4c4
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 03:40:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Faulting module name: ntdll.dll, version: 10.0.10586.672, time stamp: 0x580efaf8
Exception code: 0xc0000409
Fault offset: 0x000a2387
Faulting process id: 0x1af4
Faulting application start time: 0x01d294c2f5fe9d2d
Faulting application path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: cdaf181e-35af-40fc-998a-d817d91c6ef2
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 03:40:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: couatl.exe, version: 3.1.0.3625, time stamp: 0x58921765
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x7f6f0407
Faulting process id: 0x1af4
Faulting application start time: 0x01d294c2f5fe9d2d
Faulting application path: E:\FSX NEW\fsdreamteam\couatl\couatl.exe
Faulting module path: unknown
Report Id: ba71eeee-414d-49f8-a476-ce85fa19bbfd
Faulting package full name:
Faulting package-relative application ID:

Error: (03/04/2017 12:56:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (03/05/2017 07:59:37 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:00:08 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 07:00:05 PM) (Source: Microsoft-Windows-NDIS) (EventID: 10317) (User: NT AUTHORITY)
Description: Miniport Remote NDIS based Internet Sharing Device, {51519EAA-519F-4A82-B642-48DBCB0C8D35}, had event 74

Error: (03/05/2017 10:58:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_3a761 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/05/2017 10:58:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_3a761 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/05/2017 10:58:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_3a761 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/05/2017 10:58:44 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3a761 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/05/2017 10:58:30 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 10:30:41 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{5DC4F9AD-3A2B-4DF4-AC39-3FF5A19FCF4C}
 and APPID
{CE79BC8B-2980-4CA9-9570-6E0BF5B93BF2}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.WindowsStore_11610.1001.25.0_x64__8wekyb3d8bbwe SID (S-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157). This security permission can be modified using the Component Services administrative tool.

Error: (03/05/2017 10:29:06 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-TUSRUQC)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 and APPID
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 to the user DESKTOP-TUSRUQC\MSI_USER SID (S-1-5-21-465342472-1690862640-1647311925-1001) from address LocalHost (Using LRPC) running in the application container Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy SID (S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-03-03 06:57:18.179
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-03-02 12:59:53.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-24 19:34:42.671
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-16 21:17:13.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2017-02-09 12:55:11.520
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-07 10:35:08.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-26 18:10:48.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-25 10:08:34.420
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-18 17:33:29.338
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-02 09:37:18.875
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 42%
Total physical RAM: 8135.94 MB
Available physical RAM: 4640.26 MB
Total Virtual: 9415.94 MB
Available Virtual: 5644.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.69 GB) (Free:34.35 GB) NTFS
Drive d: (Local Disk) (Fixed) (Total:931.51 GB) (Free:423.26 GB) NTFS
Drive e: (Local Disk) (Fixed) (Total:1863.01 GB) (Free:631.54 GB) NTFS
Drive f: (AFM_DISK1) (CDROM) (Total:5.27 GB) (Free:0 GB) CDFS
Drive g: (KINGSTON) (Removable) (Total:14.4 GB) (Free:2.97 GB) FAT32
Drive h: (Elements 2) (Fixed) (Total:1862.98 GB) (Free:239.79 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: FADE989E)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 1ED78F3D)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1ED78F3E)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 29292B5C)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 4 (Size: 14.4 GB) (Disk ID: 4E6F2201)
Partition 1: (Active) - (Size=14.4 GB) - (Type=0B)

==================== End of Addition.txt ============================

cosinus 05.03.2017 14:49
Kontrollscans mit (1) MBAM, (2) ESET und (3) SecurityCheck bitte:


1. Schritt: MBAM

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




2. Schritt: ESET

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




3. Schritt: SecurityCheck

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

ikarus2557 06.03.2017 09:24
Hallo Cosinus,
Anbei die 3 logs mbam+ESET+SecurityCheck


Code:
Malwarebytes Anti-Malware
www.malwarebytes.org


Protection, 06.03.2017 10:03, SYSTEM, DESKTOP-TUSRUQC, Protection, Malware Protection, Starting,
Protection, 06.03.2017 10:03, SYSTEM, DESKTOP-TUSRUQC, Protection, Malware Protection, Started,
Protection, 06.03.2017 10:03, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Starting,
Protection, 06.03.2017 10:03, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Started,
Update, 06.03.2017 10:05, SYSTEM, DESKTOP-TUSRUQC, Manual, Rootkit Database, 2016.2.8.1, 2017.2.27.1,
Update, 06.03.2017 10:05, SYSTEM, DESKTOP-TUSRUQC, Manual, Remediation Database, 2016.2.12.1, 2017.3.5.1,
Update, 06.03.2017 10:06, SYSTEM, DESKTOP-TUSRUQC, Manual, IP Database, 2016.2.8.1, 2017.3.3.1,
Update, 06.03.2017 10:06, SYSTEM, DESKTOP-TUSRUQC, Manual, Domain Database, 2016.2.16.8, 2017.3.5.3,
Update, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Manual, Malware Database, 2016.2.16.6, 2017.3.6.2,
Protection, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Protection, Refresh, Starting,
Protection, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Stopping,
Protection, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Stopped,
Protection, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Protection, Refresh, Success,
Protection, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Starting,
Protection, 06.03.2017 10:10, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Started,
Scan, 06.03.2017 10:21, SYSTEM, DESKTOP-TUSRUQC, Context, Start: 06.03.2017 10:10, Dauer: 2 Min. 27 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 39 Nicht-Malware-Erkennungen,
Protection, 06.03.2017 10:22, SYSTEM, DESKTOP-TUSRUQC, Protection, Malware Protection, Starting,
Protection, 06.03.2017 10:22, SYSTEM, DESKTOP-TUSRUQC, Protection, Malware Protection, Started,
Protection, 06.03.2017 10:22, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Starting,
Protection, 06.03.2017 10:22, SYSTEM, DESKTOP-TUSRUQC, Protection, Malicious Website Protection, Started,

(end)

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2016-09-20 12:59:38
# local_time=2016-09-20 07:59:38 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 30811
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2016-09-20 01:13:02
# local_time=2016-09-20 08:13:02 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=30811
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-09-21 05:03:15
# local_time=2016-09-21 12:03:15 (+0700, SE Asia Standard Time)
# country="Thailand"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 63612 28244738 0 0
# scanned=2573198
# found=12
# cleaned=12
# scan_time=57012
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="C:\$RECYCLE.BIN\S-1-5-21-465342472-1690862640-1647311925-1001\$RB58SPP\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar"
sh=928A536FBFF196495B90E4BD51B932485B84A099 ft=1 fh=748b6a41a833329e vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MSI_USER\AppData\Local\Temp\DMR\dmr_72.exe"
sh=40F6CA5EF25B7DBD42AE8B4FDA5F98144B1AD360 ft=1 fh=08965c270c124c2f vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht)" ac=C fn="C:\Users\MSI_USER\Downloads\ccsetup519.exe"
sh=FB46431DE4C0672F8659E71460F043A4FADD9C15 ft=1 fh=31614a081caee633 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MSI_USER\Downloads\Image Resizer - CHIP-Installer.exe"
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht)" ac=C fn="D:\Downloads ex C\ccsetup513.exe"
sh=477546F75761C3FB17630D0F7401BA46B6992A69 ft=1 fh=9e83281c124af5cc vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung (Gesäubert durch Löschen)" ac=C fn="D:\Downloads ex C\uTorrent.exe"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="D:\FSX Addon sceneries\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar"
sh=477546F75761C3FB17630D0F7401BA46B6992A69 ft=1 fh=9e83281c124af5cc vn="Variante von Win32/OpenCandy.A potenziell unsichere Anwendung (Gesäubert durch Löschen)" ac=C fn="E:\FSX PC thai new DOWNLOADS bup\uTorrent.exe"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX FREEWARE\HAWAII ISLANDS\Hawaii Photoreal Vol. 2 - Maui v.0.95\FSX Captain Sim 707.rar"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX PAYWARE\Captain Sim 707-fsx.rar"
sh=5B7820485A53F89CFF971D65CE01A7AAC2E8FBCB ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX PAYWARE\Captain Sim 707.rar"
sh=20B2C31135C2E338EC296C23365A20ACBD5BEA8B ft=0 fh=0000000000000000 vn="Win32/HackTool.Patcher.A potenziell unsichere Anwendung (gelöscht)" ac=C fn="G:\FSX 485GB\FSX PAYWARE\1.Captain_Sim\Captain Sim 707.rar"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2017-02-06 08:00:19
# local_time=2017-02-06 03:00:19 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32310
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2017-02-06 08:02:17
# local_time=2017-02-06 03:02:17 (+0700, SE Asia Standard Time)
# country="Thailand"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=32310
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-06 11:24:34
# local_time=2017-02-06 06:24:34 (+0700, SE Asia Standard Time)
# country="Thailand"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 12571 40190817 0 0
# scanned=2243677
# found=4
# cleaned=0
# scan_time=12137
sh=45E4EE7D1CF429DB3E1C02C63C7C39BEA9F9A2D9 ft=1 fh=c1d5e5be4faf5d92 vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-465342472-1690862640-1647311925-1001\$R2O612V.exe"
sh=23073837FDCC6878EB8A2DA2248C745215B35D49 ft=1 fh=2114750c0916edcc vn="Variante von Win32/DownloadGuide.D eventuell unerwünschte Anwendung" ac=I fn="C:\$RECYCLE.BIN\S-1-5-21-465342472-1690862640-1647311925-1001\$RG2IAVJ.exe"
sh=928A536FBFF196495B90E4BD51B932485B84A099 ft=1 fh=748b6a41a833329e vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung" ac=I fn="C:\Users\MSI_USER\AppData\Local\Temp\DMR\dmr_72.exe"
sh=D8049E0C4852BA0442E6E2F1FA68783005676016 ft=1 fh=cf5bda33c71546c6 vn="Variante von Win32/PCCleaners.B eventuell unerwünschte Anwendung" ac=I fn="D:\Downloads ex C\app_German.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2017-02-25 03:38:24
# local_time=2017-02-25 10:38:24 (+0700, SE Asia Standard Time)
# country="Switzerland"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32524
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2017-02-25 03:41:19
# local_time=2017-02-25 10:41:19 (+0700, SE Asia Standard Time)
# country="Switzerland"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=32524
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-25 07:08:13
# local_time=2017-02-26 02:08:13 (+0700, SE Asia Standard Time)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 13445 41860236 0 0
# scanned=2305307
# found=2
# cleaned=2
# scan_time=12413
sh=928A536FBFF196495B90E4BD51B932485B84A099 ft=1 fh=748b6a41a833329e vn="Variante von Win32/DownloadSponsor.C eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="C:\Users\MSI_USER\AppData\Local\Temp\DMR\dmr_72.exe"
sh=D8049E0C4852BA0442E6E2F1FA68783005676016 ft=1 fh=cf5bda33c71546c6 vn="Variante von Win32/PCCleaners.B eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="D:\Downloads ex C\app_German.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=init
# utc_time=2017-03-06 03:32:43
# local_time=2017-03-06 10:32:43 (+0700, SE Asia Standard Time)
# country="Switzerland"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 32615
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# end=updated
# utc_time=2017-03-06 03:59:42
# local_time=2017-03-06 10:59:42 (+0700, SE Asia Standard Time)
# country="Switzerland"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=2d02fea33b56154eb330baaf9a021e0b
# engine=32615
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-03-06 07:33:17
# local_time=2017-03-06 02:33:17 (+0700, SE Asia Standard Time)
# country="Switzerland"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 42596140 0 0
# scanned=2290247
# found=4
# cleaned=4
# scan_time=12814
sh=7728DFCF828B25E741FFEFEC5D7B2076974083DB ft=1 fh=5d5c959e964e0c7f vn="Variante von Win32/InstallCore.AFF.gen eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (1) (2017_03_04 06_57_20 UTC).exe"
sh=7728DFCF828B25E741FFEFEC5D7B2076974083DB ft=1 fh=5d5c959e964e0c7f vn="Variante von Win32/InstallCore.AFF.gen eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (2017_03_04 06_57_20 UTC).exe"
sh=33906947BCD4108B3E1E3867BD010D436BF37BA0 ft=1 fh=2c9f1b5d09433735 vn="Variante von Win32/DownloadAdmin.R eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player-68612565 (2017_03_04 06_57_20 UTC).exe"
sh=7B6CF9DD005245CB25E7CF9954866E3795197098 ft=1 fh=01a8edf07803f181 vn="Variante von Win32/InstallCore.ADX.gen eventuell unerwünschte Anwendung (Gesäubert durch Löschen)" ac=C fn="E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\FlashVideoPlayer (2017_03_04 06_57_20 UTC).exe"
Code:
Results of screen317's Security Check version 1.009 
  x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Windows Defender 
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player        24.0.0.221 
 Google Chrome (56.0.2924.87)
 Google Chrome (SetupMetrics...)
````````Process Check: objlist.exe by Laurent```````` 
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 ESET ESET Online Scanner OnlineScannerApp.exe 
 ESET ESET Online Scanner OnlineCmdLineScanner.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

cosinus 06.03.2017 09:42
Bitte das richtige Log vom MBAM posten.

ikarus2557 06.03.2017 11:39
Hallo Cosinus,
Bin jetzt etwas verwirrt wegen dem Mbam Protokoll. war überzeugt, das richtige geschickt
zu haben, nun trifft das nicht zu. Wie soll ich nun weiterfahren? das Mbam nochmals ausführen?
Gruss

Alfred

cosinus 06.03.2017 12:30
Einfach das richtige Log aus dem Verlauf von MBAM heraussuchen. Es wird klar erwähnt, dass du ein Scan-Protokoll und nicht irgendein Schutzprotokoll oder so posten sollst.

ikarus2557 06.03.2017 13:29
Hallo Cosinus,
Jetzt glaube ich, habe ich das Richtige, ok?
Vielen Dank für Deine Geduld.
Gruss
Alfred


Code:
<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2017/03/06 10:10:22 +0700</date>

<logfile>mbam-log-2017-03-06 (10-03-54).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.2.1.1043</version>

<malware-database>v2017.03.06.02</malware-database>

<rootkit-database>v2017.02.27.01</rootkit-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<hostname>DESKTOP-TUSRUQC</hostname>

<ip>192.168.0.104</ip>

<osversion>Windows 10</osversion>

<arch>x64</arch>

<username>MSI_USER</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>303820</objects>

<time>147</time>

<processes>0</processes>

<modules>0</modules>

<keys>1</keys>

<values>0</values>

<datas>0</datas>

<folders>4</folders>

<files>34</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>disabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<key>

<path>HKU\S-1-5-21-465342472-1690862640-1647311925-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>61692e989b0dcd699d7c3c7b33cf24dc</hash>

</key>


-<folder>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</folder>


-<folder>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</folder>


-<folder>

<path>C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>94361da9d5d3e84ee1fcfd3ee024b34d</hash>

</folder>


-<folder>

<path>C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>94361da9d5d3e84ee1fcfd3ee024b34d</hash>

</folder>


-<file>

<path>C:\Users\MSI_USER\Downloads\adobe_flash_player (1).exe</path>

<vendor>PUP.Optional.Bundler</vendor>

<action>success</action>

<hash>527896301b8d2c0ab71dfaf100016a96</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\Downloads\adobe_flash_player-68612565.exe</path>

<vendor>PUP.Optional.DownLoadAdmin</vendor>

<action>success</action>

<hash>309a09bddbcde056c577e23231d14bb5</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\Downloads\adobe_flash_player.exe</path>

<vendor>PUP.Optional.Bundler</vendor>

<action>success</action>

<hash>a9218442e8c0ef47b123dc0f23dedd23</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\Downloads\FlashVideoPlayer.exe</path>

<vendor>PUP.Optional.InstallCore</vendor>

<action>success</action>

<hash>7e4c21a56048d85e0f09b43af60a669a</hash>

</file>


-<file>

<path>C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>eedc7a4c96125dd9cf039b3306fdc937</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\HowToRemove.html</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\chromium-min.jpg</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\control panel-min-min.JPG</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\down.png</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\ff menu.JPG</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\ff search engine-min.png</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\hp-min ff.png</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\hp-min ie.png</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\search engine.gif</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\setup pages.gif</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\sp-min.png</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\start-min.jpg</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\up.png</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\bapi.dat</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\config.dat</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\dele</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\info.dat</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\install.log</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\lica</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\nite</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\Sqlite3.dll</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\STTL.DAT</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\TTL.DAT</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\uninst.dat</path>

<vendor>PUP.Optional.WinYahoo</vendor>

<action>success</action>

<hash>8b3fd1f5446480b643fd310ced1723dd</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Roaming\Mozilla\Firefox\Profiles\b4eo7tkp.default\searchplugins\yahoo.xml</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>6e5cbe08664253e39d7cd4689a6a956b</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\manifest.json</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>94361da9d5d3e84ee1fcfd3ee024b34d</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\background.js</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>94361da9d5d3e84ee1fcfd3ee024b34d</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\content.js</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>94361da9d5d3e84ee1fcfd3ee024b34d</hash>

</file>


-<file>

<path>C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\icon.png</path>

<vendor>PUP.Optional.Yontoo</vendor>

<action>success</action>

<hash>94361da9d5d3e84ee1fcfd3ee024b34d</hash>

</file>

</items>

</mbam-log>

cosinus 06.03.2017 14:18
Jetzt nur noch als TXT und nicht als XML. Steht auch in der Anleitung. :pfeiff:

ikarus2557 07.03.2017 04:24
Guten Tag Cosinus,
endlich, endlich, hier der mbam.txt von gestern 6.3. ich hoffe, es ist mir nun gelungen.
:heulen:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlaufdatum: 06.03.2017
Suchlaufzeit: 10:10
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2017.03.06.02
Rootkit-Datenbank: v2017.02.27.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor b?sartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: MSI_USER

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 303820
Abgelaufene Zeit: 2 Min., 27 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(keine b?sartigen Elemente erkannt)

Module: 0
(keine b?sartigen Elemente erkannt)

Registrierungsschl?ssel: 1
PUP.Optional.Yontoo, HKU\S-1-5-21-465342472-1690862640-1647311925-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CDC9B2B6-5796-4D44-BC7A-2FA644057D7F}, In Quarant?ne, [61692e989b0dcd699d7c3c7b33cf24dc],

Registrierungswerte: 0
(keine b?sartigen Elemente erkannt)

Registrierungsdaten: 0
(keine b?sartigen Elemente erkannt)

Ordner: 4
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0, In Quarant?ne, [94361da9d5d3e84ee1fcfd3ee024b34d],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj, In Quarant?ne, [94361da9d5d3e84ee1fcfd3ee024b34d],

Dateien: 34
PUP.Optional.Bundler, C:\Users\MSI_USER\Downloads\adobe_flash_player (1).exe, In Quarant?ne, [527896301b8d2c0ab71dfaf100016a96],
PUP.Optional.DownLoadAdmin, C:\Users\MSI_USER\Downloads\adobe_flash_player-68612565.exe, In Quarant?ne, [309a09bddbcde056c577e23231d14bb5],
PUP.Optional.Bundler, C:\Users\MSI_USER\Downloads\adobe_flash_player.exe, In Quarant?ne, [a9218442e8c0ef47b123dc0f23dedd23],
PUP.Optional.InstallCore, C:\Users\MSI_USER\Downloads\FlashVideoPlayer.exe, In Quarant?ne, [7e4c21a56048d85e0f09b43af60a669a],
PUP.Optional.WinYahoo, C:\Program Files (x86)\Mozilla Firefox\browser\components\mrt.js, In Quarant?ne, [eedc7a4c96125dd9cf039b3306fdc937],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\HowToRemove.html, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\chromium-min.jpg, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\control panel-min-min.JPG, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\down.png, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\ff menu.JPG, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\ff search engine-min.png, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\hp-min ff.png, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\hp-min ie.png, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\search engine.gif, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\setup pages.gif, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\sp-min.png, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\start-min.jpg, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\HowToRemove\up.png, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\bapi.dat, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\config.dat, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\dele, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\info.dat, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\install.log, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\lica, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\nite, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\Sqlite3.dll, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\STTL.DAT, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\TTL.DAT, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.WinYahoo, C:\Users\MSI_USER\AppData\Local\{C34EF512-E7E6-99AA-8A7E-BC42AE1640DA}\uninst.dat, In Quarant?ne, [8b3fd1f5446480b643fd310ced1723dd],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Mozilla\Firefox\Profiles\b4eo7tkp.default\searchplugins\yahoo.xml, In Quarant?ne, [6e5cbe08664253e39d7cd4689a6a956b],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\manifest.json, In Quarant?ne, [94361da9d5d3e84ee1fcfd3ee024b34d],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\background.js, In Quarant?ne, [94361da9d5d3e84ee1fcfd3ee024b34d],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\content.js, In Quarant?ne, [94361da9d5d3e84ee1fcfd3ee024b34d],
PUP.Optional.Yontoo, C:\Users\MSI_USER\AppData\Roaming\Opera Software\Opera Stable\Extensions\cgpijdmklalodkffkfdgahcplbmmdahj\1.0.5882.33329_0\icon.png, In Quarant?ne, [94361da9d5d3e84ee1fcfd3ee024b34d],

Physische Sektoren: 0
(keine b?sartigen Elemente erkannt)


(end)
:heulen:

cosinus 07.03.2017 10:00
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (1) (2017_03_04 06_57_20 UTC).exe
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (2017_03_04 06_57_20 UTC).exe
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player-68612565 (2017_03_04 06_57_20 UTC).exe
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\FlashVideoPlayer (2017_03_04 06_57_20 UTC).exe
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


ikarus2557 07.03.2017 13:32
hier den fixlog.txt

Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 05-03-2017
Ran by MSI_USER (07-03-2017 19:23:16) Run:1
Running from C:\Users\MSI_USER\Desktop
Loaded Profiles: MSI_USER (Available Profiles: MSI_USER)
Boot Mode: Normal
==============================================

fixlist content:
*****************
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (1) (2017_03_04 06_57_20 UTC).exe
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (2017_03_04 06_57_20 UTC).exe
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player-68612565 (2017_03_04 06_57_20 UTC).exe
E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\FlashVideoPlayer (2017_03_04 06_57_20 UTC).exe
emptytemp:
*****************

"E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (1) (2017_03_04 06_57_20 UTC).exe" => not found.
"E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player (2017_03_04 06_57_20 UTC).exe" => not found.
"E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\adobe_flash_player-68612565 (2017_03_04 06_57_20 UTC).exe" => not found.
"E:\FileHistory\MSI_USER\DESKTOP-TUSRUQC\Data\C\Users\MSI_USER\Downloads\FlashVideoPlayer (2017_03_04 06_57_20 UTC).exe" => not found.

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 805856869 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 9001044 B
Edge => 11780013 B
Chrome => 0 B
Firefox => 0 B
Opera => 441881399 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 56872 B
LocalService => 0 B
NetworkService => 323940 B
MSI_USER => 553082088 B

RecycleBin => 2616303 B
EmptyTemp: => 1.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 19:23:39 ====


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:47 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131