Trojaner-Board - Ambworks nicht zu löschen

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Ambworks nicht zu löschen (https://www.trojaner-board.de/185947-ambworks-loeschen.html)

moxito

16.06.2017 22:49

Ambworks nicht zu löschen

Hallo und guten Abend zusammen!

Ich war vor ein paar Jahren schon mal hier, und es konnte mir geholfen werden....

Mein Problem jetzt:

...\AppData\Local\Ambworks läßt sich nicht löschen, mit unlocker gelöscht, ist es nach dem nächsten Reboot wieder da. Die bemängelte Datei hat immer einen neuen Namen, es ist eine dll.

Irgendwie komme ich an diesem Punkt nicht weiter, hat jemand schon einmal hiermit zu tun gehabt?

Gruß,
Moxito.

Tician

16.06.2017 23:05

Hallo und :hallo:

Bevor wir beginnen beachte bitte Folgendes:

Installiere/Deinstalliere bitte nichts während wir hier an deinem Problem arbeiten
Speicher alle unsere Tools auf dem Desktop ab (das ist später wichtig!)
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach auf mehrere Posts aufteilen
Falls vorhanden: Logs die jünger als 1 Monat sind bitte posten
Verwende keine weiteren Tools ohne Aufforderung
Wichtig: Auch wenn dein Problem behoben scheint kann dein System noch infiziert sein, arbeite also bitte weiter bis ich dir ein "Clean" gebe

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld :)

Schritt 1:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

moxito

16.06.2017 23:17

Hallo Tician,

vielen Dank für die Rückmeldung. Ich hatte vergessen, zu erwähnen: BS ist Windows10pro,
ich scanne regelmäßig, alle Updates sind installiert (Rechner läuft 24/7)

und was meinst du mit neueren Logs? Wovon?

Gruß,
Moxito.

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01

Ran by moxito (17-06-2017 00:15:04)

Running from C:\Users\moxito\Desktop

Windows 10 Enterprise Version 1607 (X64) (2016-10-10 23:15:08)

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-1078665582-1449517287-1295239923-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1078665582-1449517287-1295239923-503 - Limited - Disabled)

Guest (S-1-5-21-1078665582-1449517287-1295239923-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-1078665582-1449517287-1295239923-1005 - Limited - Enabled)

moxito (S-1-5-21-1078665582-1449517287-1295239923-1001 - Administrator - Enabled) => C:\Users\moxito
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}
 

==================== Installed Programs ======================
 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )

360 Browser (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\360Browser) (Version: 7.5.2.108 - 360 Security Center)

7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)

8GadgetPack (HKLM-x32\...\{35C86AEB-A4C6-49E3-90B7-245F2C7FDEC7}) (Version: 21.0.0 - 8GadgetPack.net)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)

Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)

Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)

Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)

Ansel (Version: 382.33 - NVIDIA Corporation) Hidden

AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.6.0 - SlySoft)

ApoDispatchConfigurator (Version: 2.3.1401 - Nahimic) Hidden

AudioLaunchpadConfigurator (Version: 2.3.1401 - Nahimic) Hidden

Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 5.4.3.148966 - Baidu, Inc.)

Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1607.1801 - Micro-Star International Co., Ltd.)

Battery Calibration (x32 Version: 1.0.1607.1801 - Micro-Star International Co., Ltd.) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.6323 - BlueStack Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)

CCTalk (HKLM-x32\...\CCTalk) (Version: 6.0.0.1 - www.hujiang.com, Inc.)

CheckDevicesConfigurator (Version: 2.3.1401 - Nahimic) Hidden

Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)

CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.)

Dragon Center (x32 Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.) Hidden

Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1605.2701 - Micro-Star International Co., Ltd.)

Dragon Gaming Center (x32 Version: 2.0.1605.2701 - Micro-Star International Co., Ltd.) Hidden

DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)

Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)

Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)

FRN Client 2014 (HKLM-x32\...\FRN Client_is1) (Version:  - Free Radio Network)

FRN Server 2014 (HKLM-x32\...\FRN Server_is1) (Version:  - Free Radio Network)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

Hauppauge WinTV 8 (HKLM-x32\...\Hauppauge WinTV 8) (Version: v8.0.34284 (CD 5.1 AAC) - Hauppauge Computer Works)

Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.)

Help Desk (x32 Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.) Hidden

Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)

Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden

Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden

Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)

Killer Bandwidth Control Filter Driver (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer E220x Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer Network Manager (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1122 - Rivet Networks)

Killer Wireless-AC Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden

K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)

Kodi (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Kodi) (Version:  - XBMC-Foundation)

LauncherSetup (Version: 2.3.1401 - Nahimic) Hidden

LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)

LenovoUsbDriver 1.1.9 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.9 - Lenovo)

Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)

Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MKVToolNix 6.9.1 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)

Nahimic 2 (HKLM-x32\...\{05c7b70a-5d25-419a-9b71-76900393b641}) (Version: 2.3.14 - Nahimic)

Nahimic2UISetup (Version: 2.3.1401 - Nahimic) Hidden

Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}) (Version: 8.0.182 - Nero AG)

NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )

Nitro Reader 5 (HKLM\...\{1DF310B2-0BE7-4CD7-8FCF-54B1ADB067D3}) (Version: 5.5.6.21 - Nitro)

NVIDIA 3D Vision Treiber 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)

NVIDIA Grafiktreiber 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)

NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden

NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

Oracle VM VirtualBox 5.1.10 (HKLM\...\{57682F33-488A-4065-8255-C3681A2B6F4E}) (Version: 5.1.10 - Oracle Corporation)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)

ProductDaemonSetup (Version: 2.3.1401 - Nahimic) Hidden

ProductNSConfigurator (Version: 2.3.1401 - Nahimic) Hidden

QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)

QQ音乐2016 (HKLM-x32\...\QQMusic) (Version: 12.97.3627.1201 - 腾讯科技（深圳）有限公司)

QTranslate 5.7.0.3 (HKLM-x32\...\QTranslate) (Version: 5.7.0.3 - QuestSoft)

QT语音 (HKLM-x32\...\QT语音) (Version: 11.43.0.17707.483 - 腾讯科技（深圳）有限公司)

Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 12.0.0.102 - Qualcomm Atheros)

QvodPlayer v3.5 (HKLM-x32\...\QvodPlayer) (Version: 3.5 - Shenzhen QVOD Technology Co.,Ltd)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8053 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)

SCM (HKLM\...\{E3CE9EC1-7244-4846-A383-6BF0B172917A}) (Version: 13.015.12097 - Application)

SDR-RADIO.com (V2) (HKLM-x32\...\SDR-RADIO.com (V2)) (Version:  - )

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden

SonicMapperConfigurator (Version: 2.3.1401 - Nahimic) Hidden

SteelSeries Engine 3.10.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.10.2 - SteelSeries ApS)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.184 - Synaptics Incorporated)

TalkTV (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.1.3 - TalkTV)

Technotrend Viewer (HKLM-x32\...\TT-Viewer_is1) (Version:  - CM&V)

The Bat! Professional v3.99.29 (HKLM-x32\...\{CA8D1F57-1D54-463F-A97D-9D740EBBD285}) (Version: 3.99.29 - Ritlabs)

TomTom HOME (HKLM-x32\...\{3C595537-D968-48D5-AAB1-CCB2E90FA59A}) (Version: 2.9.94 - Ihr Firmenname)

UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 5, 4, 0, 0 - Canon Inc.)

UIInstallUpgrade (Version: 2.3.1401 - Nahimic) Hidden

UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.0.18997 - VMware, Inc)

VMware Workstation (x32 Version: 8.0.0.18997 - VMware, Inc.) Hidden

Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows-Treiberpaket - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)

XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

YY version 1.0 (HKLM-x32\...\{76E0BCEF-DBB1-4257-8230-6DE2310E4813}_is1) (Version: 1.0 - Joe)

YY8 (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\YY8) (Version: 8.3.0.2 - 多玩游戏网)

Zattoo Live TV (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\6e425e00e7cd59c7) (Version: 1.0.0.51 - Zattoo Europa AG)

央视影音 (HKLM-x32\...\{07F79EE3-1012-40BF-BEE7-A07EE6C284DC}_is1) (Version: 4.0.8.0 - 中国网络电视台)

搜狗拼音输入法 8.0正式版 (HKLM-x32\...\Sogou Input) (Version: 8.0.0.8381 - Sogou.com)

有道词典 (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\有道词典) (Version: 6.3 - 网易公司)

百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.9 - 百度在线网络技术（北京）有限公司)

腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)

腾讯TM2009 (HKLM-x32\...\{260706D6-56D3-41E8-9183-DC4DF54B7F4B}) (Version: 1.41.1287.0 - 腾讯科技(深圳)有限公司)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{2E445E22-1A5F-4C84-B963-BB65D07C1FB3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{40C842B5-9E7D-4FBD-8E05-021F4B6F5CA5}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{A5110465-0F43-4586-9DEC-73DCC0CBCF08}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {066AC61E-1658-4034-8524-C0F15BD63338} - System32\Tasks\gsrun.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\gsrun.exe [2016-10-13] ()

Task: {06F7876A-D01A-42DE-B0BB-34D3F2C31961} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)

Task: {07B42A73-B318-4361-8F73-910851DAA954} - System32\Tasks\me.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\me.exe [2016-10-13] ()

Task: {1195CE57-9B94-42B6-BD81-89095373206D} - System32\Tasks\MeLogo_{67679FCB-7ECA-4db5-B5AE-E6B4E178D0BA} => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\me.exe [2016-10-13] ()

Task: {1574B4F0-4EB0-481D-B3D6-875944676A34} - \{057E7D47-7D0A-0A7A-7911-0E040E78110C} -> No File <==== ATTENTION

Task: {25DED191-9070-42A0-9253-062048019AE6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)

Task: {32F11BBA-6316-404F-9DC7-B8F7FE491A05} - System32\Tasks\{ED9A9CD4-5A31-2B7F-2D3D-2F4634FF2C3B} => C:\ProgramData\{EB8ACCE0-5C21-7B4B-7EE8-1C19ABAD4F85}\3B2BA978-8C80-1ED3-88ED-20DA0EEA8994.exe <==== ATTENTION

Task: {3BCE144F-14C8-4842-8A53-661187BBC8A0} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2017-01-13] ()

Task: {3E407DC0-759C-44BB-88AC-AF6AC6A3A08B} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2017-01-13] ()

Task: {41607316-F1F1-4C25-B261-37C521ABF4CA} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]

Task: {4220DF88-E589-414A-B2EA-098D3E0E6500} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-05-31] (Micro-Star International Co., Ltd.)

Task: {47435CE5-D1F2-4C13-A77E-DEADE332ED23} - System32\Tasks\{F7B708E3-B402-CC93-0235-FB6400AF3F41} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\58bca3a8\52456f97.dll" <==== ATTENTION

Task: {49FC50FD-0B66-420F-8C7C-52B54AC07DAB} - System32\Tasks\HuanjuGameUpdate => C:\Users\moxito\AppData\Roaming\duowan\yygame\popup\bin\hjGameUpdate.exe [2017-05-21] (YY Inc.)

Task: {4E03935F-200C-45FD-9C69-7E21824D8529} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)

Task: {52CC2439-C048-4BE9-B616-C6A62EBF5D60} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)

Task: {66632B7C-EA9C-4F6B-9AA6-9122D4A185F8} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2016-09-02] (Sogou.com Inc.)

Task: {743767E4-92ED-4EB8-BDE6-031C7AC9E9EC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)

Task: {77B29FB4-A203-4C87-AD47-184CA218CF3C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)

Task: {7AD8FA13-DAA9-47B8-A54D-CF5009AB44F4} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"

Task: {84F0B267-E639-40B1-8A5B-C527E0D0D998} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)

Task: {8D282348-DBD4-4BD7-9A44-95F8462FC27E} - System32\Tasks\yyplayer.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\yyplayer.exe [2016-10-13] ()

Task: {B86BD242-2DD2-49F3-A8FC-C7DFFF24FEF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)

Task: {BB0CB973-6950-4BF2-A895-DAB4D24C13C2} - System32\Tasks\Baidu Antivirus Update => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavUpdater.exe [2017-01-28] (Baidu, Inc.)

Task: {BB5B22AA-238A-4B32-8984-B8A3F29072CE} - System32\Tasks\yygamestore.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\yygamestore.exe [2016-10-13] ()

Task: {C54E8752-58C3-4FA0-9D33-A0404C058363} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2017-01-13] ()

Task: {CB33CC10-7C4E-4BB2-9E8B-6E9E3DE606AD} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-05-06] (Micro-Star International Co., Ltd.)

Task: {CC5DB9A6-FD83-429B-82E0-B343682013B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)

Task: {CDDE24C0-6063-4256-96AD-7C83C1F684C8} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)

Task: {D4BCAAFF-C409-468A-8CF1-FCF6B4054779} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {F2852D36-A114-43F8-BD54-1577764A3D45} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-21] (Adobe Systems Incorporated)

Task: {F68E41E9-0104-4361-A8EE-6CCD3F70FFA2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\HuanjuGameUpdate.job => C:\Users\moxito\AppData\Roaming\duowan\yygame\popup\bin\hjGameUpdate.exe
 

==================== Shortcuts & WMI ========================
 

(The entries could be listed to be restored or removed.)
 
 

==================== Loaded Modules (Whitelisted) ==============
 

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2017-06-16 17:51 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-09-27 13:26 - 2017-05-03 22:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2011-08-22 17:34 - 2011-08-22 17:34 - 11837440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

2016-11-25 16:45 - 2016-11-25 16:44 - 00048568 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordStrokeHelper64.dll

2017-01-13 10:53 - 2017-01-13 10:53 - 00218296 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll

2017-01-13 10:53 - 2017-01-13 10:53 - 00289976 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll

2017-02-12 17:08 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll

2017-01-13 10:49 - 2017-01-13 10:49 - 00705208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe

2017-01-13 10:50 - 2017-01-13 10:50 - 02054328 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe

2017-01-13 10:54 - 2017-01-13 10:54 - 00513208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe

2014-09-30 02:51 - 2014-09-30 02:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

2016-11-25 16:45 - 2016-11-25 16:45 - 02515520 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

2016-07-26 11:07 - 2017-06-16 22:06 - 01052192 _____ () C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe

2016-11-25 16:45 - 2016-11-25 16:44 - 00192952 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoWSH.exe

2016-11-28 14:45 - 2015-09-27 11:25 - 00035840 _____ () C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\FritzBoxTraffic1013.gadget\FritzBoxTrafficMonitorLib.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00297968 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\HipsLogger.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00370672 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BNetOp.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00540656 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\sqlite.dll

2017-01-28 04:16 - 2015-05-28 13:44 - 00198128 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\dark.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 01120752 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Operation.dll

2016-11-25 00:13 - 2011-08-23 14:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll

2016-12-09 16:53 - 2016-12-09 10:21 - 00368128 _____ () c:\programdata\microsoft\visualstudio\14.0\2052\msmg.dll

2017-01-18 15:01 - 2017-01-18 06:18 - 00443904 _____ () c:\programdata\microsoft\phone tools\corecon\12.0\3082\nonsdkaddonlangver.dll

2016-05-05 10:53 - 2017-06-16 21:39 - 00713504 _____ () C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\qpsafeplugin.dll

2011-08-22 17:23 - 2011-08-22 17:23 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll

2016-09-27 13:26 - 2017-05-03 22:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-01-13 10:48 - 2017-01-13 10:48 - 00189112 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll

2017-01-13 10:46 - 2017-01-13 10:46 - 00262840 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll

2016-11-25 16:45 - 2016-11-25 16:44 - 00042936 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordStrokeHelper32.dll

2016-10-30 19:55 - 2016-10-30 19:55 - 00108544 __RSH () C:\Program Files (x86)\SlySoft\AnyDVD\BRD.dll

2016-11-25 16:45 - 2016-11-25 16:44 - 00095936 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\CrashRpt.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 34880064 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\libcef.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 03795520 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\v8.dll

2016-11-25 16:44 - 2016-11-25 16:44 - 01577912 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\Stable\Acrobat2Dict.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 01874496 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\ffmpegsumo.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00155192 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\lua.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00089656 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\zlib.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00138808 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libexpatw.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00159288 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libpng.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00286264 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libjpegturbo.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00495160 _____ () C:\Program Files (x86)\Tencent\QQIntl\Plugin\com.tencent.audiovideo\Bin\VP8.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00941624 _____ () C:\Program Files (x86)\Tencent\QQIntl\Plugin\com.tencent.audiovideo\Bin\TRAE.DLL

2017-01-28 04:16 - 2017-01-28 04:16 - 00277488 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Pulgin_Dark_DeleteFileTip.dll

2017-06-16 23:32 - 2017-06-16 23:32 - 01307136 _____ () C:\Users\moxito\AppData\Local\Ambworks\vtmbuvmp.dll

2015-06-24 02:07 - 2015-06-24 02:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2017-01-19 22:20 - 2014-08-28 09:49 - 00887624 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\libglesv2.dll

2017-01-19 22:20 - 2014-08-28 09:49 - 00110408 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\libegl.dll

2017-01-19 22:20 - 2014-05-29 14:46 - 04055504 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\pdf.dll

2017-01-19 22:20 - 2014-08-29 09:29 - 01875784 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\ffmpegsumo.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 
 

==================== Safe Mode (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
 

==================== Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2015-07-10 13:04 - 2017-01-28 01:43 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 

127.0.0.1       down.baidu2016.com

127.0.0.1       123.sogou.com

127.0.0.1       www.czzsyzgm.com

127.0.0.1       www.czzsyzxl.com

127.0.0.1       union.baidu2019.com
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

HKLM\...\StartupApproved\StartupFolder: => "WinTV Recording Status.lnk"

HKLM\...\StartupApproved\Run: => "MRT"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Malware (cleanup)"

HKLM\...\StartupApproved\Run32: => "ProductUpdater"

HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\StartupFolder: => "CCTalk.lnk"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "CNTV-CBox"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "CBoxService"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "YYAssistant"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{DE39C442-3DC6-4243-A674-02F31C37F9E7}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{ACFB4839-4B17-4430-B6F0-8C234D1C509B}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [UDP Query User{CEFCF085-AC3C-4B1C-B0FF-2C51D1AD339C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [TCP Query User{53F4CB2C-7672-4F31-A2F9-62989417793F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{43A23B75-74E8-4875-9A65-CC0CCECF0F3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2F86D7C7-F739-4A76-A3A9-0C34651FED92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{FBA342AE-35EE-4750-910F-CE78E00118EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{BB2C5D8C-7E1E-4324-AB48-78593709BE80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{844B361F-D871-4C06-987B-462B094C2573}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{2061BD21-6061-422C-8523-065687C533FE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{A359A2C1-C028-4350-A631-F496D5477FB0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{71FA7AB2-9E15-46F8-A963-D82667A03415}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{C48FC8B7-1DC6-4455-B699-CE06502CDB2F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{7150BA5F-B30A-4D64-B823-F89DE0A830BD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{B310D159-F3F2-45EB-A5FE-953947A4BE1D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{B881DE74-70F2-4EBA-8025-04098ED82486}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{C7AF81E2-2AB8-4951-8285-CFDC1AD3079B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{AEB5BA9D-F104-4486-9BB2-DE7FB73A14C9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{0D600F81-A48E-4F61-8E6C-C1080833002A}] => (Block) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [{7D07C0F1-7085-4E51-B4F5-02EFB9979BD6}] => (Block) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [UDP Query User{6D500D6D-0622-493B-8922-7B6C6AC6594D}C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe] => (Allow) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [TCP Query User{0CE7BE09-640F-4DEF-9446-12028651A4B2}C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe] => (Allow) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [{3875BA83-5C8C-4DB6-9A2A-465B7C93CFDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{478080CB-538B-43CE-9228-EB1DFBEB573F}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{E7E6FE5A-C0F8-4573-86A1-C3BBC3E1FEE1}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{E3AC73CB-85FD-4BFE-93E7-0937E4C71984}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{55BB1B60-D077-4E19-B71F-7E53DA95C475}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{33751988-263F-4609-9C75-E0A3788542AC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{D53BA843-D88B-46F3-987C-7E82CA24861D}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{770B7A06-DB83-4087-9819-D33F8A3590CF}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{8D482EBE-AA6E-411A-B90A-C8FFC0CE9FC6}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{99831EB5-9E79-4FC7-B2B3-BD6C88B049FC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{50431C4D-6CC7-4F91-9FD6-160DA53EC800}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{29441021-B130-4DCB-8A2C-98E3654EAB8E}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{83B2C97B-D8EC-4022-A2D2-E92E7D323D85}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [TCP Query User{2B248973-D5C1-4568-B90F-508D8AE0D0E6}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe

FirewallRules: [UDP Query User{D34EC77D-ABF0-40A4-8D31-1EB46795B998}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe

FirewallRules: [{DF707D42-B066-4440-A290-76C3782F7D20}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

FirewallRules: [{CBCC3D60-D1D0-45D6-B4BF-24B3FA51CC7A}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

FirewallRules: [{791391FB-26F6-4455-ABAB-F0CC178163D2}] => (Allow) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

FirewallRules: [{D422F381-3BB5-46FF-A8DB-07A9F1C39410}] => (Allow) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

FirewallRules: [{9BD45F0A-D4CC-4CEA-84E6-0DB37326C47F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{EC9E85AA-6E4F-4F46-ACB9-73FDA2D4D21B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{77FDE012-D87A-44AD-B6D0-94B3A9B6FC22}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

FirewallRules: [{CEF220D9-C4B8-43AF-B1AD-AF5F286B2E19}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

FirewallRules: [{928F44AB-072E-40CC-BA43-E6BC9320A81B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

FirewallRules: [{856ACEC8-3599-4335-BBCC-62BBCD61DC6D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

FirewallRules: [{83F1A492-987E-4799-BFC4-B2190523875C}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.17\Bin\QTalk.exe

FirewallRules: [{AB07117A-6A25-427D-8370-FBA11D71F3C4}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.17\Bin\QTalk.exe

FirewallRules: [{73B22CDE-F42F-48D0-ABDE-CEBDEA261561}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{BD10F1F2-821D-4AA7-A5BB-6517CEAFD0EB}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{C2AF2505-834E-4CF7-8AD4-EFCF2489688A}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{E0794B69-C90C-45A5-A33D-073392938B3D}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [TCP Query User{FF9524A3-306C-4072-987A-3B52600DAE87}C:\program files (x86)\duowan\yy\yy.exe] => (Allow) C:\program files (x86)\duowan\yy\yy.exe

FirewallRules: [UDP Query User{7198139F-6FC4-485D-969C-3974742B20E1}C:\program files (x86)\duowan\yy\yy.exe] => (Allow) C:\program files (x86)\duowan\yy\yy.exe

FirewallRules: [{46AD7F9B-EA90-441C-92A4-C625FD5AFC3D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{7D63BBB3-557E-4FA0-A0B1-3311761D7245}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{004FC471-A249-4476-9233-97837F5DC187}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{E9CB61D5-2A6F-4D36-B053-46B9A4E82DD6}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{41BD44A0-3B8E-4D2F-984C-DB0A9747D92C}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{38F6F4C3-06C7-4F2C-A56A-223A528AAC34}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{016D1F2C-DA2F-4B0A-B5AC-920F9726FFC1}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{2456EF25-4F38-43D0-96F8-E95CD2D91E31}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{0E1C2F32-B86C-4260-BD9C-38FCF76181A8}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{E11CDFE4-AEFB-409A-9947-2082963FDB2D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{A803234B-AF31-471F-AB88-14763ED74CBB}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{DA0F938A-CD7A-43F0-A86F-68651FBC84D8}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{1B840E50-2AD0-4D3E-BDC8-366478D56844}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{E8B5E362-0CBF-409B-AECA-041D925C0C92}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{9B0C0FF5-8CF3-4601-A9A8-5FEB03062501}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{A8C0E650-29AC-4198-8ECC-3A7D52D166A4}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{5D4FE374-A1CE-49E0-AF1D-EE024A7E8DEE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{7769A548-F7A8-4E30-8C27-7978B0141D90}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{5773DC5E-741B-4A49-AFAC-5ECDDAECCBDE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{C307F899-B1CE-4AA9-BA01-4FF5450FBAF5}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{022A31EF-B2B8-4297-8E3F-675C15DE94AC}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{AE75BACB-263F-4C0F-87AA-7247D82B0CBF}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{1D5162A3-4235-4D03-B504-C4F4F7246E53}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{901D2A03-DABD-474A-8B3D-976A205B8422}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{2F3B86E9-CE22-4695-85F4-3B6BDFED3C5A}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{514EE4BC-9EEE-4677-B4D2-4D9E74321D29}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{ED1E880D-383C-44C1-92D3-E8CA804F9221}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{4448BD80-0766-4AF6-8BF2-10B269418FE3}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{1A995BD3-762A-4327-9D40-39043A72168A}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{4DC55797-A6D6-4594-BB8E-45CBFF359500}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{C2EC3A64-8BB9-4E9D-8749-82C9ED99F790}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{79E67A5E-81D2-4B24-900A-233B96A73BCD}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{F565A5A4-9F6D-4DED-B6BC-5014E9671545}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{3A531803-0279-4217-B535-4982A56D73A7}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{53783036-D1FC-440D-B36B-DF723723216D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{BA595CB8-3A7C-478F-8D36-16E98FFF5B57}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{3ECCB7EE-F978-42BC-A9B6-325DD4BA322B}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{601CC53D-79DA-4246-B7EB-07C2D086FFD0}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{29D7ADFD-4772-4B73-9C4D-BEF485E987EE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{99554E8E-DC9F-4433-8FC8-B9C134B75403}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{B4E4F695-34B7-4187-9F9F-E9AEEC55D094}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{90B48959-73E8-483B-9EF6-4F660EB44F70}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{A21AA5AE-676B-4D0A-9946-9F8F5DD222B4}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{1BBF2246-CD1C-4829-AD1A-E8CAEBA612A9}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{BA93C79E-F926-497B-89EF-492E13588D7D}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{B2C4F98E-6E0C-489A-A744-6BD5BAD22C18}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{54347CA7-88C3-4931-B431-E80A289FEA32}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{368F75CF-9388-47ED-B631-65B1C9668E86}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{2E09659B-6EA8-4509-BC8B-89A1F52CAED7}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{F7F9C92B-2D60-4A82-833E-ECD3CB8D7997}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{50607091-02F0-4003-A9C1-3AB89E5D2947}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{0CD70842-A679-4531-AAB3-E5E8015B373D}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [TCP Query User{DF0986B7-F5B9-4CA4-8466-7CD4AF2AE0AF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{882FA26D-CF07-4B30-82CD-8BDCC1312631}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [TCP Query User{7C43F587-F429-4292-92AF-457A3B96BA15}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe

FirewallRules: [UDP Query User{6A47CEE3-C601-4D40-938B-E151D69CCA2A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe

FirewallRules: [{5FC1A2E4-E23E-4A40-8F68-9680094BC070}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{D3B507C3-11FC-4106-A76D-846E68EC90C3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{4863C59D-1DEA-4C40-9654-2F0C1BE2FB76}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{55C29EA5-B451-4E41-83DF-E6531186E441}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [TCP Query User{D6E5B159-2B74-4272-BAA1-7E51AB84F86C}C:\qvodplayer\qvodterminal.exe] => (Allow) C:\qvodplayer\qvodterminal.exe

FirewallRules: [UDP Query User{013196D6-20C5-4A65-8551-6D06065B5FB1}C:\qvodplayer\qvodterminal.exe] => (Allow) C:\qvodplayer\qvodterminal.exe

FirewallRules: [{8B68AAEF-669D-4F39-9BED-3160EC00A152}] => (Block) C:\qvodplayer\qvodterminal.exe

FirewallRules: [{5509BB12-DE0F-4487-9212-24E34F0F30BE}] => (Block) C:\qvodplayer\qvodterminal.exe

FirewallRules: [TCP Query User{FF62CBB6-700E-4F9C-823F-965C666AEFDF}C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe] => (Allow) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [UDP Query User{60F6CF78-C495-4A2A-8B47-575F834CEF9C}C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe] => (Allow) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [{CE84693F-1ADB-43AB-9A38-A2B0DDCB0BD6}] => (Block) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [{2B529D50-00F9-4652-BC7E-8C5985B5576D}] => (Block) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [TCP Query User{148B2AF4-E62B-4350-925B-8BEA76CF35B3}C:\program files (x86)\cntv\cbox\bin\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [UDP Query User{04A34041-F5A8-4533-A5FD-C6118F2D79DA}C:\program files (x86)\cntv\cbox\bin\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [{12586A64-FF12-4ECA-BB97-9D1067A5F11B}] => (Block) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [{22C4E24C-9B6C-47A9-8A26-D689334469FC}] => (Block) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [TCP Query User{76EFBE6B-1CAC-4061-A316-9D6E1710301A}C:\users\moxito\downloads\airspy\sdrsharp.exe] => (Allow) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [UDP Query User{CE976857-156C-43F3-B42E-582F49119166}C:\users\moxito\downloads\airspy\sdrsharp.exe] => (Allow) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [{E7CEAF8F-6ECC-478E-AF60-ED369F6364BB}] => (Block) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [{159669FB-3C82-427F-85E5-6C0405FA89B9}] => (Block) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [TCP Query User{AE9DD382-6F3E-4994-9FA4-DA38D03EBFA3}C:\program files\sdr-radio-pro.com\sdrconsole.exe] => (Allow) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [UDP Query User{21B4A0EA-47F8-424B-974C-230C570B2E6D}C:\program files\sdr-radio-pro.com\sdrconsole.exe] => (Allow) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{D8C7869F-BC2B-4962-861A-23350B75163F}] => (Block) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{1CE19DF8-01E3-43C7-BDE4-321B25C28B45}] => (Block) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{2378DA66-4690-4BE1-AA12-B2762255FED3}] => (Allow) C:\Users\moxito\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe

FirewallRules: [{C4451068-39BD-428B-B0AE-E4CEB549A5E4}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe

FirewallRules: [{8283DF27-E8D8-404E-9CF8-22CBAF6061CC}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe

FirewallRules: [{644D8DC8-C47A-4C1D-89A7-DF5E8ACE7BE0}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe

FirewallRules: [{58123EF6-29C8-4276-A308-ED2A9A86B1FC}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe

FirewallRules: [{97B0CABD-78AA-407D-B7A2-A86F79BED1B6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe

FirewallRules: [{D9D9C92B-573F-4F40-ADAD-823B83F8E41F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe

FirewallRules: [{11AB198E-D6B0-42AA-9662-F5496BBD0387}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe

FirewallRules: [{157E434D-102F-4E56-8ADF-F49896ECAB96}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe

FirewallRules: [{DA5D3FD0-F9C0-40D0-8517-9611B98F8937}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe

FirewallRules: [{FA7BDB2A-B22C-4EFB-ADC2-7D566C0572F8}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe

FirewallRules: [{E770A729-2BE4-4189-BD71-0BD9967B1896}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe

FirewallRules: [{2B08D25C-C48F-4302-9B51-2F9C1AD2F7E6}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe

FirewallRules: [{C4455ADD-005F-4DC2-BB48-81C50375766E}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusicExternal.exe

FirewallRules: [{D3CACE26-0333-4EA3-9C55-F3AE95CAA573}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\moleplugin\tadb.exe

FirewallRules: [{21BDBBDE-297A-478F-9B2D-34C39FEA3DD5}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusic.exe

FirewallRules: [{D630DBBE-4A30-4AFD-9E28-F3583EFF4E9E}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQMusic\QQMusicService.exe

FirewallRules: [{65BB453F-B20A-4272-9477-C6F08359162A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusicUp.exe

FirewallRules: [TCP Query User{247D4396-0D31-4F31-A892-084C41B75164}C:\program files (x86)\tencent\tm2008\bin\tm.exe] => (Allow) C:\program files (x86)\tencent\tm2008\bin\tm.exe

FirewallRules: [UDP Query User{92886B66-0227-4ED8-A533-E83C7C9706EA}C:\program files (x86)\tencent\tm2008\bin\tm.exe] => (Allow) C:\program files (x86)\tencent\tm2008\bin\tm.exe

FirewallRules: [TCP Query User{5507FF27-196C-4493-9C74-B09525F5413B}C:\program files (x86)\yy\yy.exe] => (Allow) C:\program files (x86)\yy\yy.exe

FirewallRules: [UDP Query User{1112C62E-F3A6-4843-8972-62BD0CEFF9E2}C:\program files (x86)\yy\yy.exe] => (Allow) C:\program files (x86)\yy\yy.exe

FirewallRules: [{0AE31196-BBF9-44D8-981B-AB04C98CEB4C}] => (Block) C:\program files (x86)\yy\yy.exe

FirewallRules: [{8167C8B9-F43D-43EA-B143-8F332F565158}] => (Block) C:\program files (x86)\yy\yy.exe

FirewallRules: [TCP Query User{1F74AD5B-43D2-4D18-9122-78BBF7F43C8E}C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [UDP Query User{A12C75E4-10F9-41E1-BA3B-B1162AA9825B}C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{EC1A9325-2130-47B6-90F7-212BFE14681F}] => (Block) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{990EB6F9-48F5-4D1C-86EE-1546944CF64C}] => (Block) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
 

==================== Restore Points =========================
 

19-05-2017 13:16:28 Windows Update

21-05-2017 20:50:47 Nahimic 2

05-06-2017 22:00:23 Windows Update

11-06-2017 12:29:53 Windows Update

16-06-2017 18:09:25 Windows Update
 

==================== Faulty Device Manager Devices =============
 

Name: Intel(R) Management Engine Interface 

Description: Intel(R) Management Engine Interface 

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: MEIx64

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Mi 4i

Description: Mi 4i

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: USB Device

Description: USB Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/16/2017 11:33:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/16/2017 11:31:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/16/2017 11:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Ausnahmecode: 0xc000027b

Fehleroffset: 0x0000000000022e27

ID des fehlerhaften Prozesses: 0x1bd4

Startzeit der fehlerhaften Anwendung: 0x01d2e6e7e7e4e1d5

Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Berichtskennung: f9f8ae6f-57f4-4007-91ff-2525dab93fbc

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (06/16/2017 11:25:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
 

System errors:

=============

Error: (06/16/2017 11:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

 und der APPID 

{F72671A9-012C-4725-9D2F-2A4D32D65169}

 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
 

Error: (06/16/2017 11:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MSI)

Description: Der Server "App.AppX76q4xtxwbj16z0zkyp0pnwtt6m850rvk.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (06/16/2017 11:31:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:25 PM) (Source: DCOM) (EventID: 10010) (User: MSI)

Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (06/16/2017 11:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 
 

CodeIntegrity:

===================================

  Date: 2016-10-26 14:29:14.952

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 14:20:37.498

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 13:12:20.412

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 03:05:20.720

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:58:24.531

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:40:48.352

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:18:53.408

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-5950HQ CPU @ 2.90GHz

Percentage of memory in use: 13%

Total physical RAM: 32723.28 MB

Available physical RAM: 28279.54 MB

Total Virtual: 67539.28 MB

Available Virtual: 62540 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:951.82 GB) (Free:502.28 GB) NTFS

Drive d: (data) (Fixed) (Total:912.3 GB) (Free:26.14 GB) NTFS

Drive f: (XIAOMI) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 953.9 GB) (Disk ID: 524198F9)
 

Partition: GPT.
 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 52419B1B)
 

Partition: GPT.
 

==================== End of Addition.txt ============================

moxito

16.06.2017 23:31

[CODE]Additional
FRST Logfile:

Code:

scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01

Ran by moxito (17-06-2017 00:15:04)

Running from C:\Users\moxito\Desktop

Windows 10 Enterprise Version 1607 (X64) (2016-10-10 23:15:08)

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-1078665582-1449517287-1295239923-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1078665582-1449517287-1295239923-503 - Limited - Disabled)

Guest (S-1-5-21-1078665582-1449517287-1295239923-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-1078665582-1449517287-1295239923-1005 - Limited - Enabled)

moxito (S-1-5-21-1078665582-1449517287-1295239923-1001 - Administrator - Enabled) => C:\Users\moxito
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}
 

==================== Installed Programs ======================
 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )

360 Browser (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\360Browser) (Version: 7.5.2.108 - 360 Security Center)

7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)

8GadgetPack (HKLM-x32\...\{35C86AEB-A4C6-49E3-90B7-245F2C7FDEC7}) (Version: 21.0.0 - 8GadgetPack.net)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)

Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)

Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)

Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)

Ansel (Version: 382.33 - NVIDIA Corporation) Hidden

AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.6.0 - SlySoft)

ApoDispatchConfigurator (Version: 2.3.1401 - Nahimic) Hidden

AudioLaunchpadConfigurator (Version: 2.3.1401 - Nahimic) Hidden

Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 5.4.3.148966 - Baidu, Inc.)

Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1607.1801 - Micro-Star International Co., Ltd.)

Battery Calibration (x32 Version: 1.0.1607.1801 - Micro-Star International Co., Ltd.) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.6323 - BlueStack Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)

CCTalk (HKLM-x32\...\CCTalk) (Version: 6.0.0.1 - www.hujiang.com, Inc.)

CheckDevicesConfigurator (Version: 2.3.1401 - Nahimic) Hidden

Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)

CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.)

Dragon Center (x32 Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.) Hidden

Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1605.2701 - Micro-Star International Co., Ltd.)

Dragon Gaming Center (x32 Version: 2.0.1605.2701 - Micro-Star International Co., Ltd.) Hidden

DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)

Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)

Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)

FRN Client 2014 (HKLM-x32\...\FRN Client_is1) (Version:  - Free Radio Network)

FRN Server 2014 (HKLM-x32\...\FRN Server_is1) (Version:  - Free Radio Network)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

Hauppauge WinTV 8 (HKLM-x32\...\Hauppauge WinTV 8) (Version: v8.0.34284 (CD 5.1 AAC) - Hauppauge Computer Works)

Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.)

Help Desk (x32 Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.) Hidden

Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)

Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden

Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden

Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)

Killer Bandwidth Control Filter Driver (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer E220x Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer Network Manager (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1122 - Rivet Networks)

Killer Wireless-AC Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden

K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)

Kodi (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Kodi) (Version:  - XBMC-Foundation)

LauncherSetup (Version: 2.3.1401 - Nahimic) Hidden

LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)

LenovoUsbDriver 1.1.9 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.9 - Lenovo)

Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)

Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MKVToolNix 6.9.1 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)

Nahimic 2 (HKLM-x32\...\{05c7b70a-5d25-419a-9b71-76900393b641}) (Version: 2.3.14 - Nahimic)

Nahimic2UISetup (Version: 2.3.1401 - Nahimic) Hidden

Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}) (Version: 8.0.182 - Nero AG)

NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )

Nitro Reader 5 (HKLM\...\{1DF310B2-0BE7-4CD7-8FCF-54B1ADB067D3}) (Version: 5.5.6.21 - Nitro)

NVIDIA 3D Vision Treiber 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)

NVIDIA Grafiktreiber 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)

NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden

NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

Oracle VM VirtualBox 5.1.10 (HKLM\...\{57682F33-488A-4065-8255-C3681A2B6F4E}) (Version: 5.1.10 - Oracle Corporation)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)

ProductDaemonSetup (Version: 2.3.1401 - Nahimic) Hidden

ProductNSConfigurator (Version: 2.3.1401 - Nahimic) Hidden

QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)

QQ音乐2016 (HKLM-x32\...\QQMusic) (Version: 12.97.3627.1201 - 腾讯科技（深圳）有限公司)

QTranslate 5.7.0.3 (HKLM-x32\...\QTranslate) (Version: 5.7.0.3 - QuestSoft)

QT语音 (HKLM-x32\...\QT语音) (Version: 11.43.0.17707.483 - 腾讯科技（深圳）有限公司)

Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 12.0.0.102 - Qualcomm Atheros)

QvodPlayer v3.5 (HKLM-x32\...\QvodPlayer) (Version: 3.5 - Shenzhen QVOD Technology Co.,Ltd)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8053 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)

SCM (HKLM\...\{E3CE9EC1-7244-4846-A383-6BF0B172917A}) (Version: 13.015.12097 - Application)

SDR-RADIO.com (V2) (HKLM-x32\...\SDR-RADIO.com (V2)) (Version:  - )

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden

SonicMapperConfigurator (Version: 2.3.1401 - Nahimic) Hidden

SteelSeries Engine 3.10.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.10.2 - SteelSeries ApS)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.4.184 - Synaptics Incorporated)

TalkTV (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.1.3 - TalkTV)

Technotrend Viewer (HKLM-x32\...\TT-Viewer_is1) (Version:  - CM&V)

The Bat! Professional v3.99.29 (HKLM-x32\...\{CA8D1F57-1D54-463F-A97D-9D740EBBD285}) (Version: 3.99.29 - Ritlabs)

TomTom HOME (HKLM-x32\...\{3C595537-D968-48D5-AAB1-CCB2E90FA59A}) (Version: 2.9.94 - Ihr Firmenname)

UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 5, 4, 0, 0 - Canon Inc.)

UIInstallUpgrade (Version: 2.3.1401 - Nahimic) Hidden

UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.0.18997 - VMware, Inc)

VMware Workstation (x32 Version: 8.0.0.18997 - VMware, Inc.) Hidden

Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows-Treiberpaket - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)

XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

YY version 1.0 (HKLM-x32\...\{76E0BCEF-DBB1-4257-8230-6DE2310E4813}_is1) (Version: 1.0 - Joe)

YY8 (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\YY8) (Version: 8.3.0.2 - 多玩游戏网)

Zattoo Live TV (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\6e425e00e7cd59c7) (Version: 1.0.0.51 - Zattoo Europa AG)

央视影音 (HKLM-x32\...\{07F79EE3-1012-40BF-BEE7-A07EE6C284DC}_is1) (Version: 4.0.8.0 - 中国网络电视台)

搜狗拼音输入法 8.0正式版 (HKLM-x32\...\Sogou Input) (Version: 8.0.0.8381 - Sogou.com)

有道词典 (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\有道词典) (Version: 6.3 - 网易公司)

百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.9 - 百度在线网络技术（北京）有限公司)

腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)

腾讯TM2009 (HKLM-x32\...\{260706D6-56D3-41E8-9183-DC4DF54B7F4B}) (Version: 1.41.1287.0 - 腾讯科技(深圳)有限公司)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{2E445E22-1A5F-4C84-B963-BB65D07C1FB3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{40C842B5-9E7D-4FBD-8E05-021F4B6F5CA5}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{A5110465-0F43-4586-9DEC-73DCC0CBCF08}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {066AC61E-1658-4034-8524-C0F15BD63338} - System32\Tasks\gsrun.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\gsrun.exe [2016-10-13] ()

Task: {06F7876A-D01A-42DE-B0BB-34D3F2C31961} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)

Task: {07B42A73-B318-4361-8F73-910851DAA954} - System32\Tasks\me.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\me.exe [2016-10-13] ()

Task: {1195CE57-9B94-42B6-BD81-89095373206D} - System32\Tasks\MeLogo_{67679FCB-7ECA-4db5-B5AE-E6B4E178D0BA} => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\me.exe [2016-10-13] ()

Task: {1574B4F0-4EB0-481D-B3D6-875944676A34} - \{057E7D47-7D0A-0A7A-7911-0E040E78110C} -> No File <==== ATTENTION

Task: {25DED191-9070-42A0-9253-062048019AE6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)

Task: {32F11BBA-6316-404F-9DC7-B8F7FE491A05} - System32\Tasks\{ED9A9CD4-5A31-2B7F-2D3D-2F4634FF2C3B} => C:\ProgramData\{EB8ACCE0-5C21-7B4B-7EE8-1C19ABAD4F85}\3B2BA978-8C80-1ED3-88ED-20DA0EEA8994.exe <==== ATTENTION

Task: {3BCE144F-14C8-4842-8A53-661187BBC8A0} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2017-01-13] ()

Task: {3E407DC0-759C-44BB-88AC-AF6AC6A3A08B} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2017-01-13] ()

Task: {41607316-F1F1-4C25-B261-37C521ABF4CA} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]

Task: {4220DF88-E589-414A-B2EA-098D3E0E6500} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-05-31] (Micro-Star International Co., Ltd.)

Task: {47435CE5-D1F2-4C13-A77E-DEADE332ED23} - System32\Tasks\{F7B708E3-B402-CC93-0235-FB6400AF3F41} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\58bca3a8\52456f97.dll" <==== ATTENTION

Task: {49FC50FD-0B66-420F-8C7C-52B54AC07DAB} - System32\Tasks\HuanjuGameUpdate => C:\Users\moxito\AppData\Roaming\duowan\yygame\popup\bin\hjGameUpdate.exe [2017-05-21] (YY Inc.)

Task: {4E03935F-200C-45FD-9C69-7E21824D8529} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)

Task: {52CC2439-C048-4BE9-B616-C6A62EBF5D60} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)

Task: {66632B7C-EA9C-4F6B-9AA6-9122D4A185F8} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2016-09-02] (Sogou.com Inc.)

Task: {743767E4-92ED-4EB8-BDE6-031C7AC9E9EC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)

Task: {77B29FB4-A203-4C87-AD47-184CA218CF3C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)

Task: {7AD8FA13-DAA9-47B8-A54D-CF5009AB44F4} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"

Task: {84F0B267-E639-40B1-8A5B-C527E0D0D998} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)

Task: {8D282348-DBD4-4BD7-9A44-95F8462FC27E} - System32\Tasks\yyplayer.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\yyplayer.exe [2016-10-13] ()

Task: {B86BD242-2DD2-49F3-A8FC-C7DFFF24FEF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)

Task: {BB0CB973-6950-4BF2-A895-DAB4D24C13C2} - System32\Tasks\Baidu Antivirus Update => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavUpdater.exe [2017-01-28] (Baidu, Inc.)

Task: {BB5B22AA-238A-4B32-8984-B8A3F29072CE} - System32\Tasks\yygamestore.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\yygamestore.exe [2016-10-13] ()

Task: {C54E8752-58C3-4FA0-9D33-A0404C058363} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2017-01-13] ()

Task: {CB33CC10-7C4E-4BB2-9E8B-6E9E3DE606AD} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-05-06] (Micro-Star International Co., Ltd.)

Task: {CC5DB9A6-FD83-429B-82E0-B343682013B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)

Task: {CDDE24C0-6063-4256-96AD-7C83C1F684C8} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)

Task: {D4BCAAFF-C409-468A-8CF1-FCF6B4054779} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {F2852D36-A114-43F8-BD54-1577764A3D45} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-21] (Adobe Systems Incorporated)

Task: {F68E41E9-0104-4361-A8EE-6CCD3F70FFA2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\HuanjuGameUpdate.job => C:\Users\moxito\AppData\Roaming\duowan\yygame\popup\bin\hjGameUpdate.exe
 

==================== Shortcuts & WMI ========================
 

(The entries could be listed to be restored or removed.)
 
 

==================== Loaded Modules (Whitelisted) ==============
 

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2017-06-16 17:51 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-09-27 13:26 - 2017-05-03 22:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2011-08-22 17:34 - 2011-08-22 17:34 - 11837440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

2016-11-25 16:45 - 2016-11-25 16:44 - 00048568 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordStrokeHelper64.dll

2017-01-13 10:53 - 2017-01-13 10:53 - 00218296 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll

2017-01-13 10:53 - 2017-01-13 10:53 - 00289976 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll

2017-02-12 17:08 - 2015-02-27 15:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll

2017-01-13 10:49 - 2017-01-13 10:49 - 00705208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe

2017-01-13 10:50 - 2017-01-13 10:50 - 02054328 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe

2017-01-13 10:54 - 2017-01-13 10:54 - 00513208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe

2014-09-30 02:51 - 2014-09-30 02:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

2016-11-25 16:45 - 2016-11-25 16:45 - 02515520 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

2016-07-26 11:07 - 2017-06-16 22:06 - 01052192 _____ () C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe

2016-11-25 16:45 - 2016-11-25 16:44 - 00192952 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoWSH.exe

2016-11-28 14:45 - 2015-09-27 11:25 - 00035840 _____ () C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\FritzBoxTraffic1013.gadget\FritzBoxTrafficMonitorLib.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00297968 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\HipsLogger.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00370672 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BNetOp.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00540656 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\sqlite.dll

2017-01-28 04:16 - 2015-05-28 13:44 - 00198128 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\dark.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 01120752 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Operation.dll

2016-11-25 00:13 - 2011-08-23 14:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll

2016-12-09 16:53 - 2016-12-09 10:21 - 00368128 _____ () c:\programdata\microsoft\visualstudio\14.0\2052\msmg.dll

2017-01-18 15:01 - 2017-01-18 06:18 - 00443904 _____ () c:\programdata\microsoft\phone tools\corecon\12.0\3082\nonsdkaddonlangver.dll

2016-05-05 10:53 - 2017-06-16 21:39 - 00713504 _____ () C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\qpsafeplugin.dll

2011-08-22 17:23 - 2011-08-22 17:23 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll

2016-09-27 13:26 - 2017-05-03 22:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-01-13 10:48 - 2017-01-13 10:48 - 00189112 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll

2017-01-13 10:46 - 2017-01-13 10:46 - 00262840 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll

2016-11-25 16:45 - 2016-11-25 16:44 - 00042936 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordStrokeHelper32.dll

2016-10-30 19:55 - 2016-10-30 19:55 - 00108544 __RSH () C:\Program Files (x86)\SlySoft\AnyDVD\BRD.dll

2016-11-25 16:45 - 2016-11-25 16:44 - 00095936 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\CrashRpt.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 34880064 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\libcef.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 03795520 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\v8.dll

2016-11-25 16:44 - 2016-11-25 16:44 - 01577912 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\Stable\Acrobat2Dict.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 01874496 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\ffmpegsumo.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00155192 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\lua.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00089656 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\zlib.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00138808 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libexpatw.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00159288 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libpng.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00286264 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libjpegturbo.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00495160 _____ () C:\Program Files (x86)\Tencent\QQIntl\Plugin\com.tencent.audiovideo\Bin\VP8.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00941624 _____ () C:\Program Files (x86)\Tencent\QQIntl\Plugin\com.tencent.audiovideo\Bin\TRAE.DLL

2017-01-28 04:16 - 2017-01-28 04:16 - 00277488 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Pulgin_Dark_DeleteFileTip.dll

2017-06-16 23:32 - 2017-06-16 23:32 - 01307136 _____ () C:\Users\moxito\AppData\Local\Ambworks\vtmbuvmp.dll

2015-06-24 02:07 - 2015-06-24 02:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

2017-01-19 22:20 - 2014-08-28 09:49 - 00887624 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\libglesv2.dll

2017-01-19 22:20 - 2014-08-28 09:49 - 00110408 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\libegl.dll

2017-01-19 22:20 - 2014-05-29 14:46 - 04055504 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\pdf.dll

2017-01-19 22:20 - 2014-08-29 09:29 - 01875784 _____ () C:\Users\moxito\AppData\Local\360Browser\Browser\Application\7.5.2.108\ffmpegsumo.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 
 

==================== Safe Mode (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
 

==================== Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2015-07-10 13:04 - 2017-01-28 01:43 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 

127.0.0.1       down.baidu2016.com

127.0.0.1       123.sogou.com

127.0.0.1       www.czzsyzgm.com

127.0.0.1       www.czzsyzxl.com

127.0.0.1       union.baidu2019.com
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

HKLM\...\StartupApproved\StartupFolder: => "WinTV Recording Status.lnk"

HKLM\...\StartupApproved\Run: => "MRT"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Malware (cleanup)"

HKLM\...\StartupApproved\Run32: => "ProductUpdater"

HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\StartupFolder: => "CCTalk.lnk"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "CNTV-CBox"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "CBoxService"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "YYAssistant"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{DE39C442-3DC6-4243-A674-02F31C37F9E7}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{ACFB4839-4B17-4430-B6F0-8C234D1C509B}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [UDP Query User{CEFCF085-AC3C-4B1C-B0FF-2C51D1AD339C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [TCP Query User{53F4CB2C-7672-4F31-A2F9-62989417793F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{43A23B75-74E8-4875-9A65-CC0CCECF0F3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2F86D7C7-F739-4A76-A3A9-0C34651FED92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{FBA342AE-35EE-4750-910F-CE78E00118EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{BB2C5D8C-7E1E-4324-AB48-78593709BE80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{844B361F-D871-4C06-987B-462B094C2573}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{2061BD21-6061-422C-8523-065687C533FE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{A359A2C1-C028-4350-A631-F496D5477FB0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{71FA7AB2-9E15-46F8-A963-D82667A03415}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{C48FC8B7-1DC6-4455-B699-CE06502CDB2F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{7150BA5F-B30A-4D64-B823-F89DE0A830BD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{B310D159-F3F2-45EB-A5FE-953947A4BE1D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{B881DE74-70F2-4EBA-8025-04098ED82486}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{C7AF81E2-2AB8-4951-8285-CFDC1AD3079B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{AEB5BA9D-F104-4486-9BB2-DE7FB73A14C9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{0D600F81-A48E-4F61-8E6C-C1080833002A}] => (Block) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [{7D07C0F1-7085-4E51-B4F5-02EFB9979BD6}] => (Block) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [UDP Query User{6D500D6D-0622-493B-8922-7B6C6AC6594D}C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe] => (Allow) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [TCP Query User{0CE7BE09-640F-4DEF-9446-12028651A4B2}C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe] => (Allow) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [{3875BA83-5C8C-4DB6-9A2A-465B7C93CFDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{478080CB-538B-43CE-9228-EB1DFBEB573F}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{E7E6FE5A-C0F8-4573-86A1-C3BBC3E1FEE1}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{E3AC73CB-85FD-4BFE-93E7-0937E4C71984}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{55BB1B60-D077-4E19-B71F-7E53DA95C475}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{33751988-263F-4609-9C75-E0A3788542AC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{D53BA843-D88B-46F3-987C-7E82CA24861D}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{770B7A06-DB83-4087-9819-D33F8A3590CF}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{8D482EBE-AA6E-411A-B90A-C8FFC0CE9FC6}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{99831EB5-9E79-4FC7-B2B3-BD6C88B049FC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{50431C4D-6CC7-4F91-9FD6-160DA53EC800}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{29441021-B130-4DCB-8A2C-98E3654EAB8E}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{83B2C97B-D8EC-4022-A2D2-E92E7D323D85}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [TCP Query User{2B248973-D5C1-4568-B90F-508D8AE0D0E6}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe

FirewallRules: [UDP Query User{D34EC77D-ABF0-40A4-8D31-1EB46795B998}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe

FirewallRules: [{DF707D42-B066-4440-A290-76C3782F7D20}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

FirewallRules: [{CBCC3D60-D1D0-45D6-B4BF-24B3FA51CC7A}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

FirewallRules: [{791391FB-26F6-4455-ABAB-F0CC178163D2}] => (Allow) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

FirewallRules: [{D422F381-3BB5-46FF-A8DB-07A9F1C39410}] => (Allow) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

FirewallRules: [{9BD45F0A-D4CC-4CEA-84E6-0DB37326C47F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{EC9E85AA-6E4F-4F46-ACB9-73FDA2D4D21B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{77FDE012-D87A-44AD-B6D0-94B3A9B6FC22}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

FirewallRules: [{CEF220D9-C4B8-43AF-B1AD-AF5F286B2E19}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

FirewallRules: [{928F44AB-072E-40CC-BA43-E6BC9320A81B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

FirewallRules: [{856ACEC8-3599-4335-BBCC-62BBCD61DC6D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

FirewallRules: [{83F1A492-987E-4799-BFC4-B2190523875C}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.17\Bin\QTalk.exe

FirewallRules: [{AB07117A-6A25-427D-8370-FBA11D71F3C4}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.17\Bin\QTalk.exe

FirewallRules: [{73B22CDE-F42F-48D0-ABDE-CEBDEA261561}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{BD10F1F2-821D-4AA7-A5BB-6517CEAFD0EB}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{C2AF2505-834E-4CF7-8AD4-EFCF2489688A}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{E0794B69-C90C-45A5-A33D-073392938B3D}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [TCP Query User{FF9524A3-306C-4072-987A-3B52600DAE87}C:\program files (x86)\duowan\yy\yy.exe] => (Allow) C:\program files (x86)\duowan\yy\yy.exe

FirewallRules: [UDP Query User{7198139F-6FC4-485D-969C-3974742B20E1}C:\program files (x86)\duowan\yy\yy.exe] => (Allow) C:\program files (x86)\duowan\yy\yy.exe

FirewallRules: [{46AD7F9B-EA90-441C-92A4-C625FD5AFC3D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{7D63BBB3-557E-4FA0-A0B1-3311761D7245}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{004FC471-A249-4476-9233-97837F5DC187}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{E9CB61D5-2A6F-4D36-B053-46B9A4E82DD6}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{41BD44A0-3B8E-4D2F-984C-DB0A9747D92C}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{38F6F4C3-06C7-4F2C-A56A-223A528AAC34}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{016D1F2C-DA2F-4B0A-B5AC-920F9726FFC1}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{2456EF25-4F38-43D0-96F8-E95CD2D91E31}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{0E1C2F32-B86C-4260-BD9C-38FCF76181A8}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{E11CDFE4-AEFB-409A-9947-2082963FDB2D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{A803234B-AF31-471F-AB88-14763ED74CBB}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{DA0F938A-CD7A-43F0-A86F-68651FBC84D8}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{1B840E50-2AD0-4D3E-BDC8-366478D56844}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{E8B5E362-0CBF-409B-AECA-041D925C0C92}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{9B0C0FF5-8CF3-4601-A9A8-5FEB03062501}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{A8C0E650-29AC-4198-8ECC-3A7D52D166A4}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{5D4FE374-A1CE-49E0-AF1D-EE024A7E8DEE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{7769A548-F7A8-4E30-8C27-7978B0141D90}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{5773DC5E-741B-4A49-AFAC-5ECDDAECCBDE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{C307F899-B1CE-4AA9-BA01-4FF5450FBAF5}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{022A31EF-B2B8-4297-8E3F-675C15DE94AC}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{AE75BACB-263F-4C0F-87AA-7247D82B0CBF}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{1D5162A3-4235-4D03-B504-C4F4F7246E53}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{901D2A03-DABD-474A-8B3D-976A205B8422}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{2F3B86E9-CE22-4695-85F4-3B6BDFED3C5A}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{514EE4BC-9EEE-4677-B4D2-4D9E74321D29}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{ED1E880D-383C-44C1-92D3-E8CA804F9221}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{4448BD80-0766-4AF6-8BF2-10B269418FE3}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{1A995BD3-762A-4327-9D40-39043A72168A}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{4DC55797-A6D6-4594-BB8E-45CBFF359500}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{C2EC3A64-8BB9-4E9D-8749-82C9ED99F790}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{79E67A5E-81D2-4B24-900A-233B96A73BCD}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{F565A5A4-9F6D-4DED-B6BC-5014E9671545}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{3A531803-0279-4217-B535-4982A56D73A7}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{53783036-D1FC-440D-B36B-DF723723216D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{BA595CB8-3A7C-478F-8D36-16E98FFF5B57}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{3ECCB7EE-F978-42BC-A9B6-325DD4BA322B}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{601CC53D-79DA-4246-B7EB-07C2D086FFD0}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{29D7ADFD-4772-4B73-9C4D-BEF485E987EE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{99554E8E-DC9F-4433-8FC8-B9C134B75403}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{B4E4F695-34B7-4187-9F9F-E9AEEC55D094}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{90B48959-73E8-483B-9EF6-4F660EB44F70}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{A21AA5AE-676B-4D0A-9946-9F8F5DD222B4}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{1BBF2246-CD1C-4829-AD1A-E8CAEBA612A9}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{BA93C79E-F926-497B-89EF-492E13588D7D}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{B2C4F98E-6E0C-489A-A744-6BD5BAD22C18}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{54347CA7-88C3-4931-B431-E80A289FEA32}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{368F75CF-9388-47ED-B631-65B1C9668E86}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{2E09659B-6EA8-4509-BC8B-89A1F52CAED7}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{F7F9C92B-2D60-4A82-833E-ECD3CB8D7997}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{50607091-02F0-4003-A9C1-3AB89E5D2947}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{0CD70842-A679-4531-AAB3-E5E8015B373D}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [TCP Query User{DF0986B7-F5B9-4CA4-8466-7CD4AF2AE0AF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{882FA26D-CF07-4B30-82CD-8BDCC1312631}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [TCP Query User{7C43F587-F429-4292-92AF-457A3B96BA15}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe

FirewallRules: [UDP Query User{6A47CEE3-C601-4D40-938B-E151D69CCA2A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe

FirewallRules: [{5FC1A2E4-E23E-4A40-8F68-9680094BC070}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{D3B507C3-11FC-4106-A76D-846E68EC90C3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{4863C59D-1DEA-4C40-9654-2F0C1BE2FB76}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{55C29EA5-B451-4E41-83DF-E6531186E441}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [TCP Query User{D6E5B159-2B74-4272-BAA1-7E51AB84F86C}C:\qvodplayer\qvodterminal.exe] => (Allow) C:\qvodplayer\qvodterminal.exe

FirewallRules: [UDP Query User{013196D6-20C5-4A65-8551-6D06065B5FB1}C:\qvodplayer\qvodterminal.exe] => (Allow) C:\qvodplayer\qvodterminal.exe

FirewallRules: [{8B68AAEF-669D-4F39-9BED-3160EC00A152}] => (Block) C:\qvodplayer\qvodterminal.exe

FirewallRules: [{5509BB12-DE0F-4487-9212-24E34F0F30BE}] => (Block) C:\qvodplayer\qvodterminal.exe

FirewallRules: [TCP Query User{FF62CBB6-700E-4F9C-823F-965C666AEFDF}C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe] => (Allow) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [UDP Query User{60F6CF78-C495-4A2A-8B47-575F834CEF9C}C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe] => (Allow) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [{CE84693F-1ADB-43AB-9A38-A2B0DDCB0BD6}] => (Block) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [{2B529D50-00F9-4652-BC7E-8C5985B5576D}] => (Block) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [TCP Query User{148B2AF4-E62B-4350-925B-8BEA76CF35B3}C:\program files (x86)\cntv\cbox\bin\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [UDP Query User{04A34041-F5A8-4533-A5FD-C6118F2D79DA}C:\program files (x86)\cntv\cbox\bin\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [{12586A64-FF12-4ECA-BB97-9D1067A5F11B}] => (Block) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [{22C4E24C-9B6C-47A9-8A26-D689334469FC}] => (Block) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [TCP Query User{76EFBE6B-1CAC-4061-A316-9D6E1710301A}C:\users\moxito\downloads\airspy\sdrsharp.exe] => (Allow) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [UDP Query User{CE976857-156C-43F3-B42E-582F49119166}C:\users\moxito\downloads\airspy\sdrsharp.exe] => (Allow) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [{E7CEAF8F-6ECC-478E-AF60-ED369F6364BB}] => (Block) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [{159669FB-3C82-427F-85E5-6C0405FA89B9}] => (Block) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [TCP Query User{AE9DD382-6F3E-4994-9FA4-DA38D03EBFA3}C:\program files\sdr-radio-pro.com\sdrconsole.exe] => (Allow) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [UDP Query User{21B4A0EA-47F8-424B-974C-230C570B2E6D}C:\program files\sdr-radio-pro.com\sdrconsole.exe] => (Allow) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{D8C7869F-BC2B-4962-861A-23350B75163F}] => (Block) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{1CE19DF8-01E3-43C7-BDE4-321B25C28B45}] => (Block) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{2378DA66-4690-4BE1-AA12-B2762255FED3}] => (Allow) C:\Users\moxito\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe

FirewallRules: [{C4451068-39BD-428B-B0AE-E4CEB549A5E4}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe

FirewallRules: [{8283DF27-E8D8-404E-9CF8-22CBAF6061CC}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe

FirewallRules: [{644D8DC8-C47A-4C1D-89A7-DF5E8ACE7BE0}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe

FirewallRules: [{58123EF6-29C8-4276-A308-ED2A9A86B1FC}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe

FirewallRules: [{97B0CABD-78AA-407D-B7A2-A86F79BED1B6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe

FirewallRules: [{D9D9C92B-573F-4F40-ADAD-823B83F8E41F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe

FirewallRules: [{11AB198E-D6B0-42AA-9662-F5496BBD0387}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe

FirewallRules: [{157E434D-102F-4E56-8ADF-F49896ECAB96}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe

FirewallRules: [{DA5D3FD0-F9C0-40D0-8517-9611B98F8937}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe

FirewallRules: [{FA7BDB2A-B22C-4EFB-ADC2-7D566C0572F8}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe

FirewallRules: [{E770A729-2BE4-4189-BD71-0BD9967B1896}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe

FirewallRules: [{2B08D25C-C48F-4302-9B51-2F9C1AD2F7E6}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe

FirewallRules: [{C4455ADD-005F-4DC2-BB48-81C50375766E}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusicExternal.exe

FirewallRules: [{D3CACE26-0333-4EA3-9C55-F3AE95CAA573}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\moleplugin\tadb.exe

FirewallRules: [{21BDBBDE-297A-478F-9B2D-34C39FEA3DD5}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusic.exe

FirewallRules: [{D630DBBE-4A30-4AFD-9E28-F3583EFF4E9E}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQMusic\QQMusicService.exe

FirewallRules: [{65BB453F-B20A-4272-9477-C6F08359162A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusicUp.exe

FirewallRules: [TCP Query User{247D4396-0D31-4F31-A892-084C41B75164}C:\program files (x86)\tencent\tm2008\bin\tm.exe] => (Allow) C:\program files (x86)\tencent\tm2008\bin\tm.exe

FirewallRules: [UDP Query User{92886B66-0227-4ED8-A533-E83C7C9706EA}C:\program files (x86)\tencent\tm2008\bin\tm.exe] => (Allow) C:\program files (x86)\tencent\tm2008\bin\tm.exe

FirewallRules: [TCP Query User{5507FF27-196C-4493-9C74-B09525F5413B}C:\program files (x86)\yy\yy.exe] => (Allow) C:\program files (x86)\yy\yy.exe

FirewallRules: [UDP Query User{1112C62E-F3A6-4843-8972-62BD0CEFF9E2}C:\program files (x86)\yy\yy.exe] => (Allow) C:\program files (x86)\yy\yy.exe

FirewallRules: [{0AE31196-BBF9-44D8-981B-AB04C98CEB4C}] => (Block) C:\program files (x86)\yy\yy.exe

FirewallRules: [{8167C8B9-F43D-43EA-B143-8F332F565158}] => (Block) C:\program files (x86)\yy\yy.exe

FirewallRules: [TCP Query User{1F74AD5B-43D2-4D18-9122-78BBF7F43C8E}C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [UDP Query User{A12C75E4-10F9-41E1-BA3B-B1162AA9825B}C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{EC1A9325-2130-47B6-90F7-212BFE14681F}] => (Block) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{990EB6F9-48F5-4D1C-86EE-1546944CF64C}] => (Block) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
 

==================== Restore Points =========================
 

19-05-2017 13:16:28 Windows Update

21-05-2017 20:50:47 Nahimic 2

05-06-2017 22:00:23 Windows Update

11-06-2017 12:29:53 Windows Update

16-06-2017 18:09:25 Windows Update
 

==================== Faulty Device Manager Devices =============
 

Name: Intel(R) Management Engine Interface 

Description: Intel(R) Management Engine Interface 

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: MEIx64

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Mi 4i

Description: Mi 4i

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: USB Device

Description: USB Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/16/2017 11:33:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/16/2017 11:31:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/16/2017 11:31:25 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Ausnahmecode: 0xc000027b

Fehleroffset: 0x0000000000022e27

ID des fehlerhaften Prozesses: 0x1bd4

Startzeit der fehlerhaften Anwendung: 0x01d2e6e7e7e4e1d5

Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Berichtskennung: f9f8ae6f-57f4-4007-91ff-2525dab93fbc

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (06/16/2017 11:25:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
 

System errors:

=============

Error: (06/16/2017 11:46:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)

Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 

{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}

 und der APPID 

{F72671A9-012C-4725-9D2F-2A4D32D65169}

 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
 

Error: (06/16/2017 11:33:24 PM) (Source: DCOM) (EventID: 10010) (User: MSI)

Description: Der Server "App.AppX76q4xtxwbj16z0zkyp0pnwtt6m850rvk.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (06/16/2017 11:31:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:25 PM) (Source: DCOM) (EventID: 10010) (User: MSI)

Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (06/16/2017 11:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/16/2017 11:31:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 
 

CodeIntegrity:

===================================

  Date: 2016-10-26 14:29:14.952

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 14:20:37.498

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 13:12:20.412

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 03:05:20.720

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:58:24.531

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:40:48.352

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:18:53.408

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-5950HQ CPU @ 2.90GHz

Percentage of memory in use: 13%

Total physical RAM: 32723.28 MB

Available physical RAM: 28279.54 MB

Total Virtual: 67539.28 MB

Available Virtual: 62540 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:951.82 GB) (Free:502.28 GB) NTFS

Drive d: (data) (Fixed) (Total:912.3 GB) (Free:26.14 GB) NTFS

Drive f: (XIAOMI) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 953.9 GB) (Disk ID: 524198F9)
 

Partition: GPT.
 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 52419B1B)
 

Partition: GPT.
 

==================== End of Addition.txt ============================

--- --- ---

Teil 1 von Frst.txt:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01

Ran by moxito (administrator) on MSI (17-06-2017 00:14:36)

Running from C:\Users\moxito\Desktop

Loaded Profiles: moxito (Available Profiles: moxito)

Platform: Windows 10 Enterprise Version 1607 (X64) Language: Englisch (Vereinigte Staaten)

Internet Explorer Version 11 (Default browser: "C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BHipsSvc.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavSvc.exe

(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

(Nitro PDF Software) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\bavhm.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(MSI) C:\Program Files (x86)\SCM\SCM.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe

(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe

(Microsoft Corporation) C:\Windows\System32\CastSrv.exe

(QuestSoft) C:\Program Files (x86)\QTranslate\QTranslate.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\YodaoDict.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoIE.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe

(Tencent) C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe

(Tencent) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordBook.exe

(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

() C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavTray.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoWSH.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Microsoft® Windows® Operating System) C:\Windows\System32\Taskmgr.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Bav.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe
 

==================== Registry (Whitelisted) ====================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-02-06] (Realtek Semiconductor)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)

HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [297984 2015-12-09] (MSI)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [705208 2017-01-13] ()

HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavTray.exe [1998832 2017-01-28] (Baidu, Inc.)

HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()

HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-01-24] ()

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [55264 2016-03-10] (Malwarebytes)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [9604008 2015-12-12] (SlySoft, Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [QTranslate] => C:\Program Files (x86)\QTranslate\QTranslate.exe [642048 2016-05-12] (QuestSoft)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YYAssistant] => C:\Program Files (x86)\YY\8.24.0.2\\yyassistant.exe [335600 2017-06-12] (YY Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YodaoDict] => C:\Users\moxito\AppData\Local\Youdao\Dict\Application\YodaoDict.exe [5552192 2016-11-25] (网易公司)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [11954536 2007-10-31] (Ritlabs S.R.L.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-11-29] (TomTom)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [97976 2016-11-25] (Tencent)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [TM] => C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe [132472 2016-11-25] (Tencent)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [BaiduYunGuanjia] => C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\baidunetdisk.exe [7757856 2017-06-16] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [BaiduYunDetect] => C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe [1052192 2017-06-16] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [{1052DBDE-C7E1-498F-7A72-11F13F705104}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YfftPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\moxito\AppData\Local\Ambworks\vtmbuvmp.dll <===== ATTENTION

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [Ambworks] => C:\Users\moxito\AppData\Local\Ambworks\395c48ebd078c81a6235f7da464d45bd.exe

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll [2017-01-28] (Baidu, Inc.)

ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-12-09]

ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-06-16]

ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2017-02-11]

ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}\IcoUltraMon.ico ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2016-12-09]

ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works, Inc.)

Startup: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCTalk.lnk [2016-12-09]

ShortcutTarget: CCTalk.lnk -> C:\Users\moxito\AppData\Roaming\Hujiang\Setup\PreInst\CCLaunch.exe (Hujiang)

Startup: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar469.lnk [2017-06-16]

ShortcutTarget: Sidebar469.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

GroupPolicy: Restriction <======= ATTENTION

GroupPolicyScripts: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: [S-1-5-21-1078665582-1449517287-1295239923-1001] => 120.52.73.97:80

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4

Tcpip\..\Interfaces\{1f590c30-fd8d-44ea-ae52-5c965539d833}: [DhcpNameServer] 82.163.143.157

Tcpip\..\Interfaces\{38ff234b-697a-4a3c-99af-17abf95b27e9}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{ddecc736-557e-44c0-b1c3-dbe0f06f526f}: [DhcpNameServer] 82.163.143.157
 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131261445025659793&GUID=D8CC01CB-AEB0-4853-A5B1-0C8D1E99C72E

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.qq.com/?unc=o400493_1&s=o400493_1

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-25] (Oracle Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\moxito\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2017-06-16] (Tencent)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

DPF: HKLM-x32 {1E525898-EE12-4002-9374-82D15147F762} hxxp://player.cntv.cn/flashplayer/config/plugins/wCNTVLive212.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 

FireFox:

========

FF ProfilePath: C:\Users\moxito\AppData\Roaming\TomTom\HOME\Profiles\crxg47tn.default [2017-04-04]

FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2017-02-08] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-12-09] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi

FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-02-12]

FF HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\moxito\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-21] ()

FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-21] ()

FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2017-06-16] (Baidu.com, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-03-03] (Nitro PDF)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)

FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files (x86)\Tencent\QQGAME\npQQGameAssistPlugin.dll [No File]

FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2017-01-28] (Tencent)

FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)

FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()

FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent)

FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.4.3\Bin\npSSOAxCtrlForPTLogin.dll [2016-05-05] (Tencent)

FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)

FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)

FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin HKU\S-1-5-21-1078665582-1449517287-1295239923-1001: @1.qq.com/npqqwebgame -> C:\Users\moxito\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]

FF Plugin HKU\S-1-5-21-1078665582-1449517287-1295239923-1001: duowan.com/Checker -> C:\Program Files (x86)\Common Files\duowan\yy\YYSSO\1.0.0.8\npChecker.dll [2016-11-21] (广州多玩信息技术有限公司)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-11-15] (Microsoft Corporation)
 

Chrome: 

=======

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Shutness\Application\chrome.exe <==== ATTENTION
 

==================== Services (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [315472 2015-06-29] (Windows (R) Win 7 DDK provider)

R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavSvc.exe [2791312 2017-01-28] (Baidu, Inc.)

S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdSandboxSrv64.exe [264688 2017-01-28] (Baidu, Inc.)

R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BHipsSvc.exe [531232 2017-01-28] (Baidu, Inc.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-11-23] (BlueStack Systems, Inc.)

S3 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-11-23] (BlueStack Systems, Inc.)

S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-11-23] (BlueStack Systems, Inc.)

S3 ehRecvr; C:\WINDOWS\ehome\ehRecvr.exe [713728 2015-09-02] (Microsoft Corporation) [File not signed]

S3 ehSched; C:\WINDOWS\ehome\ehsched.exe [177152 2015-09-02] (Microsoft Corporation) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-21] (Macrovision Europe Ltd.) [File not signed]

R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed]

R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2016-10-10] (Hauppauge Computer Works)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)

R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]

S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)

R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]

R2 MCRL; C:\ProgramData\Microsoft\VisualStudio\14.0\2052\msmg.dll [368128 2016-12-09] () [File not signed]

S3 Mcx2Svc; C:\WINDOWS\system32\Mcx2Svc.dll [83968 2015-09-05] (Microsoft Corporation) [File not signed]

R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-12-09] (Micro-Star International Co., Ltd.) [File not signed]

R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [62392 2017-04-24] (Micro-Star INT'L CO., LTD.)

R2 MSLN; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\3082\NonSDKAddonLangVer.dll [443904 2017-01-18] () [File not signed]

R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-03-03] (Nitro PDF Software)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)

R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)

R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115104 2017-06-16] (Tencent)

S2 QQMusicService; C:\Program Files (x86)\Common Files\Tencent\QQMusic\QQMusicService.exe [175848 2016-12-01] (Tencent)

S3 QTService; C:\Program Files (x86)\Tencent\QTalk\QTService.dll [111160 2016-11-29] (Tencent)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)

S3 SogouUpdate; C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouUpdate.exe [369056 2016-09-02] (Sogou.com Inc.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [279104 2017-05-16] (Synaptics Incorporated)

R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-08-22] (VMware, Inc.) [File not signed]

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11837440 2011-08-22] () [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)

R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
 

===================== Drivers (Whitelisted) ======================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)

R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)

R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdApiUtil64.sys [116968 2017-01-28] (Baidu, Inc.)

S3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-28] ()

R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdCameraProtect64.sys [25032 2017-01-28] (Baidu, Inc.)

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [61896 2016-08-21] (Baidu, Inc.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-08-21] (Baidu, Inc.)

S0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [83144 2017-01-28] (Baidu, Inc.)

R1 Bnbase; C:\WINDOWS\System32\drivers\bnbasex64.sys [62792 2016-08-21] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-08-21] (Baidu, Inc.)

R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Bnmon64.sys [82376 2017-01-28] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [262088 2016-08-21] (Baidu, Inc.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-11-23] (BlueStack Systems)

S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )

S3 BTHPORT; C:\WINDOWS\System32\drivers\BTHport.sys [967168 2016-11-11] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-27] (Samsung Electronics Co., Ltd.)

R3 flex1500; C:\WINDOWS\system32\drivers\flex1500.sys [265312 2012-11-29] (Jungo)

R3 flex1500; C:\Windows\SysWOW64\drivers\flex1500.sys [265312 2012-11-29] (Jungo)

R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)

R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162456 2016-08-21] (Qualcomm Atheros, Inc.)

S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2016-12-27] (hxxp://libusb-win32.sourceforge.net)

R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [192216 2017-06-16] (Malwarebytes)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_69ca8597af61d80b\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)

R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)

R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-06-07] (Synaptics Incorporated)

R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46440 2017-04-06] (SteelSeries ApS)

R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45896 2017-05-12] (SteelSeries ApS)

R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38720 2016-11-03] (SteelSeries ApS)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-27] (Samsung Electronics Co., Ltd.)

S3 SundtekMTV; C:\WINDOWS\system32\DRIVERS\sundtekmtv64.sys [365776 2015-12-10] (Sundtek Electronics)

R1 TenCommProtect; C:\Windows\system32\drivers\TenCommProtect64.sys [47736 2016-10-04] (Tencent)

R3 TT4650_SRV_64; C:\WINDOWS\system32\drivers\ttConnect4650_64.sys [436736 2015-11-24] (CityCom GmbH)

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

R1 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)

R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

U0 weqio; C:\WINDOWS\System32\drivers\leawmu.sys [79064 2017-06-16] (Malwarebytes)

R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()

S1 eougywyt; \??\C:\WINDOWS\system32\drivers\eougywyt.sys [X]

S3 GSVxDrv; \??\C:\Program Files\YYBox\drivers\GSVxDrv\GSVxDrv.sys [X]

U2 QQMicroGameBoxService; no ImagePath

S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.2.18346.226\TsNetHlpX64_ev.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

moxito

16.06.2017 23:32

und der Rest davon:

Code:

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2017-06-17 00:14 - 2017-06-17 00:14 - 00033816 _____ C:\Users\moxito\Desktop\FRST.txt

2017-06-17 00:14 - 2017-06-17 00:14 - 00000000 ____D C:\FRST

2017-06-17 00:13 - 2017-06-17 00:13 - 02438656 _____ (Farbar) C:\Users\moxito\Desktop\FRST64.exe

2017-06-16 23:44 - 2017-06-16 23:44 - 00148496 _____ C:\WINDOWS\i287.2fiWt

2017-06-16 23:44 - 2017-06-16 23:44 - 00018448 _____ C:\WINDOWS\q46dED.Dk4B4

2017-06-16 23:41 - 2017-06-16 23:41 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\leawmu.sys

2017-06-16 23:31 - 2017-06-16 23:31 - 02296696 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-06-16 23:23 - 2017-06-16 23:25 - 00000000 ____D C:\WINDOWS\Minidump

2017-06-16 23:04 - 2017-06-16 23:04 - 09598376 _____ (Piriform Ltd) C:\Users\moxito\Downloads\ccsetup531.exe

2017-06-16 22:59 - 2017-06-16 23:35 - 00000000 ____D C:\Users\moxito\AppData\Local\Ambworks

2017-06-16 22:42 - 2017-06-16 22:42 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2

2017-06-16 22:07 - 2017-06-16 22:07 - 00003654 _____ C:\WINDOWS\System32\Tasks\Dragon_Center_updater

2017-06-16 22:07 - 2017-06-16 22:07 - 00003016 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Center

2017-06-16 19:06 - 2017-06-16 19:06 - 81963976 _____ C:\Users\moxito\Downloads\SteelSeriesEngine3.10.2Setup.exe

2017-06-16 17:59 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-06-16 17:59 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll

2017-06-16 17:58 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-06-16 17:58 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-06-16 17:58 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-06-16 17:58 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-06-16 17:58 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-06-16 17:58 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-06-16 17:58 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2017-06-16 17:58 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2017-06-16 17:58 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2017-06-16 17:58 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-06-16 17:58 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-06-16 17:58 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-06-16 17:58 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-06-16 17:58 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-06-16 17:58 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-06-16 17:58 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2017-06-16 17:58 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-06-16 17:58 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2017-06-16 17:58 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll

2017-06-16 17:58 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2017-06-16 17:58 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll

2017-06-16 17:58 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2017-06-16 17:58 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll

2017-06-16 17:58 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-06-16 17:58 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe

2017-06-16 17:58 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-06-16 17:58 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2017-06-16 17:58 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-06-16 17:58 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2017-06-16 17:58 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2017-06-16 17:58 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2017-06-16 17:58 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-06-16 17:58 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-06-16 17:58 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-06-16 17:58 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2017-06-16 17:58 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2017-06-16 17:58 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2017-06-16 17:53 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-06-16 17:53 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-06-16 17:53 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2017-06-16 17:53 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2017-06-16 17:52 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll

2017-06-16 17:52 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys

2017-06-16 17:52 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-06-16 17:52 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-06-16 17:52 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-06-16 17:52 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2017-06-16 17:52 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-06-16 17:52 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-06-16 17:52 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-06-16 17:52 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-06-16 17:52 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-06-16 17:52 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-06-16 17:52 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2017-06-16 17:52 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2017-06-16 17:52 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-06-16 17:52 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-06-16 17:52 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-06-16 17:52 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-06-16 17:52 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-06-16 17:52 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-06-16 17:52 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-06-16 17:52 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2017-06-16 17:52 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2017-06-16 17:52 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2017-06-16 17:52 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-06-16 17:52 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-06-16 17:52 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2017-06-16 17:52 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-06-16 17:52 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-06-16 17:52 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2017-06-16 17:52 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-06-16 17:52 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-06-16 17:52 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2017-06-16 17:52 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-06-16 17:52 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-06-16 17:52 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-06-16 17:52 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-06-16 17:52 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe

2017-06-16 17:52 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2017-06-16 17:51 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-06-16 17:51 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-06-16 17:51 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-06-16 17:51 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2017-06-16 17:51 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-06-16 17:51 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-06-16 17:51 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-06-16 17:51 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2017-06-16 17:51 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-06-16 17:51 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-06-16 17:51 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-06-16 17:51 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-06-16 17:51 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-06-16 17:51 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-06-16 17:51 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-06-16 17:51 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-06-16 17:51 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-06-16 17:51 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-06-16 17:51 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll

2017-06-16 17:51 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-06-16 17:51 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2017-06-16 17:51 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll

2017-06-16 17:51 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2017-06-16 17:51 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-06-16 17:51 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-06-16 17:51 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll

2017-06-16 17:51 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-06-16 17:51 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2017-06-16 17:51 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe

2017-06-16 17:51 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-06-16 17:51 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-06-16 17:51 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll

2017-06-16 17:51 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls

2017-06-11 12:28 - 2017-06-11 12:28 - 00001103 _____ C:\Users\Public\Desktop\VLC media player.lnk

2017-06-06 01:22 - 2017-06-06 01:21 - 01282385 _____ C:\Users\moxito\Desktop\KMSpico 10.2.0 Final Activator.zip

2017-06-06 01:21 - 2017-06-06 01:21 - 01282385 _____ C:\Users\moxito\Documents\KMSpico 10.2.0 Final Activator.zip

2017-06-06 00:58 - 2017-06-06 00:58 - 01611944 _____ (Secure Download Ltd. ) C:\Users\moxito\Downloads\KMSpico_patch

2017-06-06 00:55 - 2017-06-06 00:55 - 00000000 ____D C:\Users\moxito\AppData\Roaming\RenewSoftware.com

2017-06-06 00:54 - 2017-06-16 22:38 - 00000000 ____D C:\Program Files (x86)\KMSPico

2017-06-06 00:04 - 2017-06-06 00:04 - 4083853312 _____ C:\Users\moxito\Downloads\Win10_English_x64.iso

2017-06-05 23:39 - 2017-06-05 23:39 - 00000000 ____D C:\Users\moxito\AppData\Local\RenewSoftware.com

2017-06-05 23:23 - 2017-06-06 00:35 - 00000000 ____D C:\ProgramData\58bca3a8

2017-06-05 23:23 - 2017-06-05 23:23 - 00004184 _____ C:\WINDOWS\System32\Tasks\{ED9A9CD4-5A31-2B7F-2D3D-2F4634FF2C3B}

2017-06-05 23:23 - 2017-06-05 23:23 - 00003884 _____ C:\WINDOWS\System32\Tasks\{F7B708E3-B402-CC93-0235-FB6400AF3F41}

2017-06-05 23:22 - 2017-06-05 23:22 - 01611944 _____ (Secure Download Ltd. ) C:\Users\moxito\Downloads\Registry_Activation

2017-06-05 23:21 - 2017-06-05 23:21 - 00000000 ____D C:\ProgramData\Caphyon

2017-06-05 23:20 - 2017-06-06 00:35 - 00000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final

2017-05-24 16:31 - 2017-05-24 16:31 - 00187408 _____ C:\WINDOWS\3LQJZeRfB62pV.9W5pn

2017-05-24 16:31 - 2017-05-24 16:31 - 00053264 _____ C:\WINDOWS\FXu4.S5k12

2017-05-24 16:29 - 2017-05-18 07:21 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2017-05-24 16:26 - 2017-05-18 09:35 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 35390072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 35282040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 28624504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 10551072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 03797112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438233.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438233.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01056704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00993912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00964032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00612272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00583800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2017-05-22 21:10 - 2017-05-22 21:10 - 00095248 _____ C:\WINDOWS\Yfn76w2d9ICq.19CwO

2017-05-22 16:08 - 2017-05-22 16:08 - 00163856 _____ C:\WINDOWS\ok9734e.2DWmr

2017-05-22 00:22 - 2017-05-22 00:22 - 00001101 _____ C:\Users\moxito\Desktop\百度网盘.lnk

2017-05-22 00:22 - 2017-05-22 00:22 - 00000000 ____D C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘

2017-05-21 22:53 - 2017-05-21 22:53 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2017-05-03 22:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

2017-05-21 22:53 - 2017-05-03 22:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2017-05-21 22:32 - 2017-05-21 22:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\BaiduYunKernel

2017-05-21 22:32 - 2017-05-21 22:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\BaiduYunGuanjia

2017-05-21 20:51 - 2017-05-21 20:51 - 00002116 _____ C:\Users\Public\Desktop\Nahimic 2.lnk

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ___HD C:\Program Files (x86)\Temp

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic 2

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ____D C:\Program Files\Nahimic

2017-05-21 20:51 - 2017-02-06 10:31 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat

2017-05-21 20:51 - 2017-02-06 10:31 - 10187598 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT

2017-05-21 20:51 - 2017-02-06 10:31 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03203584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03014656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl

2017-05-21 20:51 - 2017-02-06 10:31 - 02830480 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 02190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01353816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01003504 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00962120 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00866088 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00859912 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00855232 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00726624 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00517504 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00158688 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 07172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 07096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 06264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 05593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 05347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 02444688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 02202624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01133584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00680512 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00203832 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00105304 _____ C:\WINDOWS\system32\audioLibVc.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll

2017-05-19 13:16 - 2017-04-28 03:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll

2017-05-19 13:16 - 2017-04-28 02:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-05-19 13:16 - 2017-04-28 02:55 - 00088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys

2017-05-19 13:16 - 2017-04-28 02:53 - 00616048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2017-05-19 13:16 - 2017-04-28 02:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll

2017-05-19 13:16 - 2017-04-28 02:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-05-19 13:16 - 2017-04-28 02:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2017-05-19 13:16 - 2017-04-28 02:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2017-05-19 13:16 - 2017-04-28 02:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2017-05-19 13:16 - 2017-04-28 02:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll

2017-05-19 13:16 - 2017-04-28 02:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-05-19 13:16 - 2017-04-28 02:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2017-05-19 13:16 - 2017-04-28 02:39 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2017-05-19 13:16 - 2017-04-28 02:38 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2017-05-19 13:16 - 2017-04-28 02:35 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll

2017-05-19 13:16 - 2017-04-28 02:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2017-05-19 13:16 - 2017-04-28 02:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

2017-05-19 13:16 - 2017-04-28 02:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-05-19 13:16 - 2017-04-28 02:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll

2017-05-19 13:16 - 2017-04-28 02:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll

2017-05-19 13:16 - 2017-04-28 02:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll

2017-05-19 13:16 - 2017-04-28 02:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll

2017-05-19 13:16 - 2017-04-28 02:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2017-05-19 13:16 - 2017-04-28 02:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2017-05-19 13:16 - 2017-04-28 02:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp

2017-05-19 13:16 - 2017-04-28 02:17 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2017-05-19 13:16 - 2017-04-28 02:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl

2017-05-19 13:16 - 2017-04-28 02:15 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll

2017-05-19 13:16 - 2017-04-28 02:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll

2017-05-19 13:16 - 2017-04-28 02:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll

2017-05-19 13:16 - 2017-04-28 02:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2017-05-19 13:16 - 2017-04-28 02:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe

2017-05-19 13:16 - 2017-04-28 02:12 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll

2017-05-19 13:16 - 2017-04-28 02:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-05-19 13:16 - 2017-04-28 02:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll

2017-05-19 13:16 - 2017-04-28 02:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll

2017-05-19 13:16 - 2017-04-28 02:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll

2017-05-19 13:16 - 2017-04-28 02:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll

2017-05-19 13:16 - 2017-04-28 02:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll

2017-05-19 13:16 - 2017-04-28 02:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2017-05-19 13:16 - 2017-04-28 02:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2017-05-19 13:16 - 2017-04-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2017-05-19 13:16 - 2017-04-28 02:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-05-19 13:16 - 2017-04-28 02:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2017-05-19 13:16 - 2017-04-28 02:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll

2017-05-19 13:16 - 2017-04-28 02:02 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp

2017-05-19 13:16 - 2017-04-28 02:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys

2017-05-19 13:16 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll

2017-05-19 13:16 - 2017-04-28 01:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2017-05-19 13:16 - 2017-04-28 01:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-05-19 13:16 - 2017-04-28 01:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2017-05-19 13:16 - 2017-04-28 01:44 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-05-19 13:16 - 2017-04-28 01:43 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll

2017-05-19 13:16 - 2017-04-28 01:41 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll

2017-05-19 13:16 - 2017-04-28 01:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2017-05-19 13:16 - 2017-04-28 01:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll

2017-05-19 13:16 - 2017-04-28 01:37 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll

2017-05-19 13:16 - 2017-04-28 01:37 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2017-05-19 13:16 - 2017-03-04 09:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2017-05-19 13:16 - 2017-03-04 08:25 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2017-05-19 13:16 - 2017-03-04 08:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2017-05-19 13:16 - 2017-03-04 08:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll

2017-05-19 13:16 - 2017-03-04 08:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll

2017-05-19 13:16 - 2017-03-04 08:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll

2017-05-19 13:16 - 2017-03-04 08:06 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll

2017-05-19 13:16 - 2017-03-04 08:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2017-05-19 13:16 - 2017-03-04 08:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00754528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00573280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll

2017-05-19 13:15 - 2017-04-28 02:56 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll

2017-05-19 13:15 - 2017-04-28 02:53 - 00774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-05-19 13:15 - 2017-04-28 02:52 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-05-19 13:15 - 2017-04-28 02:49 - 00700936 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2017-05-19 13:15 - 2017-04-28 02:47 - 00699744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll

2017-05-19 13:15 - 2017-04-28 02:47 - 00501088 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll

2017-05-19 13:15 - 2017-04-28 02:46 - 00410464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

2017-05-19 13:15 - 2017-04-28 02:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys

2017-05-19 13:15 - 2017-04-28 02:42 - 00526176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe

2017-05-19 13:15 - 2017-04-28 02:42 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 02759704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 00578400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2017-05-19 13:15 - 2017-04-28 02:40 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe

2017-05-19 13:15 - 2017-04-28 02:38 - 02915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 01852200 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 00431968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2017-05-19 13:15 - 2017-04-28 02:36 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll

2017-05-19 13:15 - 2017-04-28 02:36 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 08170600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-05-19 13:15 - 2017-04-28 02:34 - 01277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 00244824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll

2017-05-19 13:15 - 2017-04-28 02:30 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll

2017-05-19 13:15 - 2017-04-28 02:28 - 00453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2017-05-19 13:15 - 2017-04-28 02:28 - 00387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-05-19 13:15 - 2017-04-28 02:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2017-05-19 13:15 - 2017-04-28 02:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-05-19 13:15 - 2017-04-28 02:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2017-05-19 13:15 - 2017-04-28 02:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2017-05-19 13:15 - 2017-04-28 02:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2017-05-19 13:15 - 2017-04-28 02:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2017-05-19 13:15 - 2017-04-28 02:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-05-19 13:15 - 2017-04-28 02:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-05-19 13:15 - 2017-04-28 02:07 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe

2017-05-19 13:15 - 2017-04-28 02:07 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2017-05-19 13:15 - 2017-04-28 02:07 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe

2017-05-19 13:15 - 2017-04-28 02:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-05-19 13:15 - 2017-04-28 02:05 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2017-05-19 13:15 - 2017-04-28 02:03 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-05-19 13:15 - 2017-04-28 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2017-05-19 13:15 - 2017-04-28 02:03 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys

2017-05-19 13:15 - 2017-04-28 02:03 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll

2017-05-19 13:15 - 2017-04-28 02:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-05-19 13:15 - 2017-04-28 02:02 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2017-05-19 13:15 - 2017-04-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2017-05-19 13:15 - 2017-04-28 02:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe

2017-05-19 13:15 - 2017-04-28 02:01 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2017-05-19 13:15 - 2017-04-28 01:58 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-05-19 13:15 - 2017-04-28 01:57 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2017-05-19 13:15 - 2017-04-28 01:56 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl

2017-05-19 13:15 - 2017-04-28 01:55 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-05-19 13:15 - 2017-04-28 01:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2017-05-19 13:15 - 2017-04-28 01:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2017-05-19 13:15 - 2017-04-28 01:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 01476608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

2017-05-19 13:15 - 2017-04-28 01:50 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll

2017-05-19 13:15 - 2017-04-28 01:48 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe

2017-05-19 13:15 - 2017-04-28 01:48 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2017-05-19 13:15 - 2017-04-28 01:48 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll

2017-05-19 13:15 - 2017-04-28 01:48 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 03290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe

2017-05-19 13:15 - 2017-04-28 01:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe

2017-05-19 13:15 - 2017-04-28 01:46 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2017-05-19 13:15 - 2017-04-28 01:46 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe

2017-05-19 13:15 - 2017-04-28 01:45 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 04749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-05-19 13:15 - 2017-04-28 01:44 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2017-05-19 13:15 - 2017-04-28 01:43 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2017-05-19 13:15 - 2017-04-28 01:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl

2017-05-19 13:15 - 2017-04-28 01:41 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 02096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-05-19 13:15 - 2017-04-28 01:40 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2017-05-19 13:15 - 2017-04-28 01:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2017-05-19 13:15 - 2017-04-28 01:39 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2017-05-19 13:15 - 2017-04-28 01:38 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2017-05-19 13:15 - 2017-04-28 01:38 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll

2017-05-19 13:15 - 2017-04-28 01:38 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2017-05-19 13:15 - 2017-04-28 01:38 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 02216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll

2017-05-19 13:15 - 2017-04-28 01:35 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2017-05-19 13:15 - 2017-04-28 01:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2017-05-19 13:15 - 2017-04-28 01:34 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2017-05-19 13:15 - 2017-04-28 01:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe

2017-05-19 13:15 - 2017-04-28 01:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe

2017-05-19 13:15 - 2017-04-28 01:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe

2017-05-19 13:15 - 2017-04-28 01:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2017-05-19 13:15 - 2017-03-04 09:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2017-05-19 13:15 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2017-05-19 13:15 - 2017-03-04 08:25 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll

2017-05-19 13:15 - 2017-03-04 08:19 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll

2017-05-19 13:15 - 2016-12-21 09:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2017-06-17 00:00 - 2016-09-28 16:01 - 00000000 ____D C:\Users\moxito\AppData\Local\app

2017-06-16 23:44 - 2016-09-30 14:34 - 00000000 ____D C:\ProgramData\TENCENT

2017-06-16 23:36 - 2016-08-21 16:55 - 00000000 ____D C:\Users\moxito\AppData\Roaming\steelseries-engine-3-client

2017-06-16 23:35 - 2016-10-11 11:04 - 03074492 _____ C:\WINDOWS\system32\perfh007.dat

2017-06-16 23:35 - 2016-10-11 11:04 - 00860680 _____ C:\WINDOWS\system32\perfc007.dat

2017-06-16 23:35 - 2016-08-21 15:19 - 06497746 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-06-16 23:33 - 2016-08-21 22:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-06-16 23:33 - 2016-08-21 16:12 - 00000000 ____D C:\ProgramData\NVIDIA

2017-06-16 23:31 - 2016-11-27 00:25 - 00000000 ____D C:\ProgramData\VMware

2017-06-16 23:31 - 2016-11-25 16:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\The Bat!

2017-06-16 23:31 - 2016-10-30 02:17 - 00000040 ___SH C:\ProgramData\.zreglib

2017-06-16 23:31 - 2016-10-11 12:57 - 00000066 _____ C:\Users\Public\Documents\temp.dat

2017-06-16 23:31 - 2016-10-11 01:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-06-16 23:31 - 2016-08-21 20:02 - 00000000 ____D C:\Users\moxito\Documents\Tencent Files

2017-06-16 23:31 - 2016-08-21 17:36 - 00000000 ____D C:\Users\moxito\AppData\Local\Sidebar7

2017-06-16 23:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-06-16 23:26 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF

2017-06-16 23:23 - 2016-10-11 01:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-06-16 23:18 - 2016-11-25 00:13 - 00000000 ____D C:\ProgramData\Hauppauge

2017-06-16 23:13 - 2016-08-21 17:10 - 00000000 ____D C:\Users\moxito\AppData\Local\ClassicShell

2017-06-16 23:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\tracing

2017-06-16 23:04 - 2016-08-21 16:58 - 00000823 _____ C:\Users\Public\Desktop\CCleaner.lnk

2017-06-16 23:02 - 2016-10-11 01:13 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2017-06-16 22:56 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI

2017-06-16 22:45 - 2016-08-21 15:17 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-06-16 22:45 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-06-16 22:43 - 2016-09-28 18:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-06-16 22:43 - 2016-09-28 18:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-06-16 22:39 - 2016-11-25 17:35 - 00000000 ____D C:\Users\moxito\AppData\Roaming\uTorrent

2017-06-16 22:17 - 2016-08-21 15:41 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-06-16 22:15 - 2016-09-28 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-06-16 22:15 - 2016-08-21 15:41 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-06-16 22:14 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-06-16 22:08 - 2016-09-27 14:20 - 00000000 ____D C:\ProgramData\MSI

2017-06-16 22:07 - 2016-09-27 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI

2017-06-16 22:07 - 2016-08-21 16:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-06-16 19:08 - 2016-08-21 16:53 - 00000000 ____D C:\WINDOWS\Cnxt

2017-06-16 19:07 - 2016-08-21 16:53 - 00000000 ____D C:\ProgramData\Conexant

2017-06-16 18:19 - 2016-08-21 22:03 - 00000000 ____D C:\Users\moxito\AppData\Roaming\vlc

2017-06-16 18:14 - 2016-08-21 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2017-06-16 15:49 - 2017-04-25 19:16 - 00000000 ____D C:\Program Files (x86)\YY

2017-06-06 00:36 - 2016-10-12 17:33 - 00000000 ____D C:\WINDOWS\PCHEALTH

2017-06-05 23:50 - 2016-09-28 17:46 - 00000626 __RSH C:\ProgramData\ntuser.pol

2017-06-05 23:35 - 2016-12-15 05:59 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-06-05 23:34 - 2016-12-11 17:10 - 00000000 ____D C:\Program Files (x86)\Intel

2017-06-05 23:33 - 2016-09-27 14:09 - 00000000 ____D C:\Program Files (x86)\MSI

2017-06-05 22:44 - 2016-12-13 21:43 - 00000000 ____D C:\Users\moxito\AppData\Local\Deployment

2017-06-05 22:00 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-05-27 19:20 - 2016-10-11 01:10 - 00000000 ____D C:\Users\moxito

2017-05-24 16:29 - 2016-10-11 01:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-05-24 16:29 - 2016-09-15 19:33 - 00000000 ____D C:\Temp

2017-05-24 16:18 - 2016-09-28 16:42 - 00000000 ____D C:\Users\moxito\Documents\temp

2017-05-22 15:54 - 2017-01-28 01:13 - 00000486 _____ C:\WINDOWS\Tasks\HuanjuGameUpdate.job

2017-05-22 03:41 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache

2017-05-21 22:53 - 2017-02-07 15:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-12-15 05:53 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-05-21 22:53 - 2016-09-27 13:26 - 00001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-05-21 22:53 - 2016-08-21 15:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-05-21 22:32 - 2016-08-22 17:03 - 00000000 ____D C:\Users\moxito\AppData\Roaming\baidu

2017-05-21 20:52 - 2017-01-28 01:13 - 00003588 _____ C:\WINDOWS\System32\Tasks\HuanjuGameUpdate

2017-05-21 20:51 - 2016-10-11 01:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2017-05-21 20:51 - 2016-10-11 01:09 - 00000000 ____D C:\WINDOWS\system32\DAX2

2017-05-21 20:51 - 2016-08-21 15:43 - 00000000 ____D C:\ProgramData\Package Cache

2017-05-21 20:48 - 2017-04-26 02:17 - 05821944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2017-05-21 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-05-21 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2017-05-19 18:43 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2017-05-19 13:01 - 2016-07-16 13:42 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll

2017-05-18 09:35 - 2017-04-17 20:20 - 03624784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll

2017-05-18 09:35 - 2017-01-18 15:10 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys

2017-05-18 09:35 - 2016-12-15 05:53 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat

2017-05-18 09:35 - 2016-09-27 18:31 - 04114248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll

2017-05-18 09:35 - 2016-09-27 18:31 - 00045061 _____ C:\WINDOWS\system32\nvinfo.pb

2017-05-18 07:55 - 2016-09-27 13:26 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat

2017-05-18 07:48 - 2016-10-11 01:09 - 06437824 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll

2017-05-18 07:48 - 2016-10-11 01:09 - 02479736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll

2017-05-18 07:48 - 2016-10-11 01:09 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll

2017-05-18 07:48 - 2016-10-11 01:09 - 00548984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll

2017-05-18 07:48 - 2016-10-11 01:09 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll

2017-05-18 07:48 - 2016-10-11 01:09 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll

2017-05-18 07:48 - 2016-10-11 01:09 - 00069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
 

==================== Files in the root of some directories =======
 

2016-10-08 00:26 - 2016-10-08 00:29 - 0000752 _____ () C:\Users\moxito\AppData\Roaming\.emacs

2016-11-30 19:44 - 2016-11-30 19:44 - 0000020 _____ () C:\Users\moxito\AppData\Roaming\004D5649544E41696E66

2016-11-30 19:43 - 2016-11-30 19:43 - 0000256 _____ () C:\Users\moxito\AppData\Roaming\140A0027000007

2016-12-05 20:22 - 2016-12-05 20:22 - 0000024 _____ () C:\Users\moxito\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini

2016-11-30 19:44 - 2017-01-16 21:48 - 0001209 _____ () C:\Users\moxito\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini

2017-02-13 02:41 - 2017-02-13 02:41 - 0001038 _____ () C:\Users\moxito\AppData\Roaming\ex_log.txt

2016-10-10 20:08 - 2017-02-04 16:04 - 0001269 _____ () C:\Users\moxito\AppData\Roaming\Network Meter_Settings.ini

2016-10-10 20:09 - 2016-10-10 20:09 - 0000772 _____ () C:\Users\moxito\AppData\Roaming\Stock Meter_Settings.ini

2016-09-30 18:39 - 2016-10-10 19:53 - 0000122 _____ () C:\Users\moxito\AppData\Roaming\System Monitor II_UptimeRecord.ini

2017-01-28 01:25 - 2017-01-28 01:25 - 1444872 _____ (Tencent Inc.) C:\Users\moxito\AppData\Roaming\XQ4Q.DLL

2016-08-21 16:30 - 2016-08-21 16:30 - 0000000 _____ () C:\Users\moxito\AppData\Local\Driver_11ACPresent.flag

2016-08-21 16:30 - 2016-08-21 16:30 - 0000000 _____ () C:\Users\moxito\AppData\Local\Driver_LOM_8161Present.flag

2016-12-16 23:50 - 2016-12-29 02:03 - 0000600 _____ () C:\Users\moxito\AppData\Local\PUTTY.RND

2016-09-28 19:18 - 2016-09-28 19:18 - 0007597 _____ () C:\Users\moxito\AppData\Local\Resmon.ResmonCfg

2016-10-30 02:17 - 2017-06-16 23:31 - 0000040 ___SH () C:\ProgramData\.zreglib

2016-10-11 01:09 - 2016-10-11 01:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2017-01-28 03:09 - 2017-01-28 03:09 - 0076168 _____ (Tencent) C:\ProgramData\fa5HvkT6.aIj

2016-12-15 05:53 - 2017-01-18 15:10 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log

2016-12-15 05:53 - 2017-01-14 12:59 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

2016-11-24 23:00 - 2016-11-24 23:01 - 1696960 _____ () C:\ProgramData\QQGAMEQCK2119.DLL

2016-12-05 20:10 - 2016-12-05 20:10 - 1696960 _____ () C:\ProgramData\QQGAMEQCK2205.DLL

2016-12-04 20:08 - 2016-12-08 20:16 - 1389760 _____ () C:\ProgramData\QQGameQCK2840.exe

2017-01-28 01:29 - 2017-01-28 01:29 - 0076168 _____ (Tencent) C:\ProgramData\rW2F6Ma7N5GJI83.971
 

Files to move or delete:

====================

C:\ProgramData\QQGAMEQCK2119.DLL

C:\ProgramData\QQGAMEQCK2205.DLL

C:\ProgramData\QQGameQCK2840.exe

C:\Users\moxito\psiphon3.exe
 
 

==================== Bamital & volsnap ======================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2017-06-16 17:32
 

==================== End of FRST.txt ============================

Tician

17.06.2017 14:57

Hi,

erstmal schlechte Neuigkeiten.

Hinweis:
Cracks und Keygens

Zitat:

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [{1052DBDE-C7E1-498F-7A72-11F13F705104}] => C:\Program Files (x86)\KMSPico\395c48ebd078c81a6235f7da464d45bd.exe [117561 2017-05-13] ()

Den Kopierschutz von Software zu umgehen ist nach geltendem Recht illegal. Die Logfiles deuten stark darauf hin, dass du nicht legal erworbene Software einsetzt. Zudem sind Cracks und Patches aus dubioser Quelle sehr oft mit Schädlingen versehen, womit man sich also fast vorsätzlich infiziert.

Wir haben uns hier auf dem Board darauf geeinigt, dass wir an dieser Stelle nicht weiter bereinigen, da wir ein solches Vorgehen nicht unterstützen. Hinzu kommt, dass wir dich in unserer Anleitung und auch in diesem Wichtig-Thema unmissverständlich darauf hingewiesen haben, wie wir damit umgehen werden. Saubere, gute Software hat seinen Preis und die Softwarefirmen leben von diesen Einnahmen.

Hier gibt es keine weitere Hilfe bis jegliche Art von illegaler Software vom PC entfernt wurde.

Weiter geht es wenn alle Cracks und Keygens gelöscht wurden.

moxito

17.06.2017 15:13

Ok, das kann ich verstehen.

Ich habe das Notebook gebraucht gekauft, und keine Ännderungen am Betriebssystem vorgenommen, wie werde ich KMS denn wieder los? Oder ist das schon zuviel gefragt?

Tician

17.06.2017 22:33

Also gut dann machen wir es mal so:

Schritt 1:

Wenn du keinen gültigen Office-Produktkey hast, dann jetzt Office Professional Plus 2013 deinstallieren. Als Ersatz würde sich OpenOffice anbieten.

Schritt 2:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

moxito

18.06.2017 00:32

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-06-2017 01

Ran by moxito (administrator) on MSI (18-06-2017 01:03:22)

Running from C:\Users\moxito\Desktop

Loaded Profiles: moxito (Available Profiles: moxito)

Platform: Windows 10 Enterprise Version 1607 (X64) Language: Englisch (Vereinigte Staaten)

Internet Explorer Version 11 (Default browser: "C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BHipsSvc.exe

(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavSvc.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

(Nitro PDF Software) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe

() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Tencent) C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\bavhm.exe

() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe

(MSI) C:\Program Files (x86)\SCM\SCM.exe

(Microsoft Corporation) C:\Windows\System32\CastSrv.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe

(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe

(QuestSoft) C:\Program Files (x86)\QTranslate\QTranslate.exe

() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\YodaoDict.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoIE.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe

(Tencent) C:\Program Files (x86)\Tencent\QQ\Bin\TXPlatform.exe

(Tencent) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordBook.exe

(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoWSH.exe

() C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe

(YY Inc.) C:\Program Files (x86)\YY\YY.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavTray.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(YY Inc.) C:\Program Files (x86)\YY\8.24.0.2\yyplatform.exe

(YY Inc.) C:\Program Files (x86)\YY\8.24.0.2\yybrowser.exe

() C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.webrunlogin\65547\yyqlogin.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 

==================== Registry (Whitelisted) ====================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-02-06] (Realtek Semiconductor)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)

HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [297984 2015-12-09] (MSI)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [705208 2017-01-13] ()

HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavTray.exe [1998832 2017-01-28] (Baidu, Inc.)

HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()

HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2017-01-24] ()

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [9604008 2015-12-12] (SlySoft, Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [QTranslate] => C:\Program Files (x86)\QTranslate\QTranslate.exe [642048 2016-05-12] (QuestSoft)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YYAssistant] => C:\Program Files (x86)\YY\8.24.0.2\\yyassistant.exe [335600 2017-06-12] (YY Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YodaoDict] => C:\Users\moxito\AppData\Local\Youdao\Dict\Application\YodaoDict.exe [5552192 2016-11-25] (网易公司)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [11954536 2007-10-31] (Ritlabs S.R.L.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-11-29] (TomTom)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [97976 2016-11-25] (Tencent)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [TM] => C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe [132472 2016-11-25] (Tencent)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [BaiduYunGuanjia] => C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\baidunetdisk.exe [7757856 2017-06-16] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [BaiduYunDetect] => C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe [1052192 2017-06-16] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YfftPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\moxito\AppData\Local\Ambworks\wpnlefjp.dll <===== ATTENTION

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YY] => C:\Program Files (x86)\YY\YY.exe [151792 2017-06-12] (YY Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll [2017-01-28] (Baidu, Inc.)

ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-12-09]

ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-06-16]

ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2017-02-11]

ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}\IcoUltraMon.ico ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2016-12-09]

ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works, Inc.)

Startup: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCTalk.lnk [2016-12-09]

ShortcutTarget: CCTalk.lnk -> C:\Users\moxito\AppData\Roaming\Hujiang\Setup\PreInst\CCLaunch.exe (Hujiang)

Startup: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar18.lnk [2017-06-18]

ShortcutTarget: Sidebar18.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)

GroupPolicy: Restriction <======= ATTENTION

GroupPolicyScripts: Restriction <======= ATTENTION

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

ProxyServer: [S-1-5-21-1078665582-1449517287-1295239923-1001] => 120.52.73.97:80

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4

Tcpip\..\Interfaces\{1f590c30-fd8d-44ea-ae52-5c965539d833}: [DhcpNameServer] 82.163.143.157

Tcpip\..\Interfaces\{38ff234b-697a-4a3c-99af-17abf95b27e9}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{ddecc736-557e-44c0-b1c3-dbe0f06f526f}: [DhcpNameServer] 82.163.143.157
 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131261445025659793&GUID=D8CC01CB-AEB0-4853-A5B1-0C8D1E99C72E

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://hao.qq.com/?unc=o400493_1&s=o400493_1

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-25] (Oracle Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

BHO-x32: QQMiniDL Helper Class -> {C9C7334B-5657-41e1-8F79-F6AACECA05F4} -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\QQIEHelper01.dll [2014-07-15] (Tencent Technology (Shenzhen) Company Limited)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

BHO-x32: AccountProtectBHO Class -> {DDD362CF-523B-4BC9-8FDC-58F93B6BC945} -> C:\Users\moxito\AppData\Roaming\Tencent\QQ\QQAntiPhishing\AccountProtect.dll [2017-06-16] (Tencent)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

DPF: HKLM-x32 {1E525898-EE12-4002-9374-82D15147F762} hxxp://player.cntv.cn/flashplayer/config/plugins/wCNTVLive212.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 

FireFox:

========

FF ProfilePath: C:\Users\moxito\AppData\Roaming\TomTom\HOME\Profiles\crxg47tn.default [2017-04-04]

FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2017-02-08] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-12-09] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi

FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-02-12]

FF HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\moxito\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_25_0_0_171.dll [2017-05-21] ()

FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll [2017-05-21] ()

FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2017-06-16] (Baidu.com, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-03-03] (Nitro PDF)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)

FF Plugin-x32: @qq.com/npQQGameAssist -> C:\Program Files (x86)\Tencent\QQGAME\npQQGameAssistPlugin.dll [No File]

FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npactivex.dll [2017-01-28] (Tencent)

FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [2014-04-25] (Tencent Technology (Shenzhen) Company Limited)

FF Plugin-x32: @qq.com/QQPhotoDrawEx -> C:\Program Files (x86)\Tencent\Qzone\npQQPhotoDrawEx.dll [2013-08-13] ()

FF Plugin-x32: @qq.com/QzoneMusic -> C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\npQzoneMusic.dll [2016-02-26] (Tencent)

FF Plugin-x32: @qq.com/TXSSO -> C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.4.3\Bin\npSSOAxCtrlForPTLogin.dll [2016-05-05] (Tencent)

FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [2013-04-25] (Tencent)

FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [2013-04-08] (Tencent Technology (Shenzhen) Company Limited)

FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin HKU\S-1-5-21-1078665582-1449517287-1295239923-1001: @1.qq.com/npqqwebgame -> C:\Users\moxito\AppData\Roaming\Tencent\WebGamePlugin\1.0.4.9\npqqwebgame.dll [No File]

FF Plugin HKU\S-1-5-21-1078665582-1449517287-1295239923-1001: duowan.com/Checker -> C:\Program Files (x86)\Common Files\duowan\yy\YYSSO\1.0.0.8\npChecker.dll [2016-11-21] (广州多玩信息技术有限公司)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-11-15] (Microsoft Corporation)
 

Chrome: 

=======

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartMenuInternet\ChromeHTML: -> C:\Program Files (x86)\Shutness\Application\chrome.exe <==== ATTENTION
 

==================== Services (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [315472 2015-06-29] (Windows (R) Win 7 DDK provider)

R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavSvc.exe [2791312 2017-01-28] (Baidu, Inc.)

S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdSandboxSrv64.exe [264688 2017-01-28] (Baidu, Inc.)

R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BHipsSvc.exe [531232 2017-01-28] (Baidu, Inc.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-11-23] (BlueStack Systems, Inc.)

S3 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-11-23] (BlueStack Systems, Inc.)

S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-11-23] (BlueStack Systems, Inc.)

S3 ehRecvr; C:\WINDOWS\ehome\ehRecvr.exe [713728 2015-09-02] (Microsoft Corporation) [File not signed]

S3 ehSched; C:\WINDOWS\ehome\ehsched.exe [177152 2015-09-02] (Microsoft Corporation) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-21] (Macrovision Europe Ltd.) [File not signed]

R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed]

R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2016-10-10] (Hauppauge Computer Works)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)

S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]

R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)

R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]

R2 MCRL; C:\ProgramData\Microsoft\VisualStudio\14.0\2052\msmg.dll [368128 2016-12-09] () [File not signed]

S3 Mcx2Svc; C:\WINDOWS\system32\Mcx2Svc.dll [83968 2015-09-05] (Microsoft Corporation) [File not signed]

R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-12-09] (Micro-Star International Co., Ltd.) [File not signed]

R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [62392 2017-04-24] (Micro-Star INT'L CO., LTD.)

R2 MSLN; C:\ProgramData\Microsoft\Phone Tools\CoreCon\12.0\3082\NonSDKAddonLangVer.dll [443904 2017-01-18] () [File not signed]

R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-03-03] (Nitro PDF Software)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)

R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)

R2 QPCore; C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\QQProtect.exe [115104 2017-06-16] (Tencent)

S2 QQMusicService; C:\Program Files (x86)\Common Files\Tencent\QQMusic\QQMusicService.exe [175848 2016-12-01] (Tencent)

S3 QTService; C:\Program Files (x86)\Tencent\QTalk\QTService.dll [111160 2016-11-29] (Tencent)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)

S3 SogouUpdate; C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouUpdate.exe [369056 2016-09-02] (Sogou.com Inc.)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246888 2016-06-07] (Synaptics Incorporated)

R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-08-22] (VMware, Inc.) [File not signed]

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11837440 2011-08-22] () [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)

R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
 

===================== Drivers (Whitelisted) ======================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)

R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)

R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdApiUtil64.sys [116968 2017-01-28] (Baidu, Inc.)

S3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-28] ()

R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdCameraProtect64.sys [25032 2017-01-28] (Baidu, Inc.)

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [61896 2016-08-21] (Baidu, Inc.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-08-21] (Baidu, Inc.)

S0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [83144 2017-01-28] (Baidu, Inc.)

R1 Bnbase; C:\WINDOWS\System32\drivers\bnbasex64.sys [62792 2016-08-21] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-08-21] (Baidu, Inc.)

R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Bnmon64.sys [82376 2017-01-28] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [262088 2016-08-21] (Baidu, Inc.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-11-23] (BlueStack Systems)

S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )

S3 BTHPORT; C:\WINDOWS\System32\drivers\BTHport.sys [967168 2016-11-11] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-27] (Samsung Electronics Co., Ltd.)

R3 flex1500; C:\WINDOWS\system32\drivers\flex1500.sys [265312 2012-11-29] (Jungo)

R3 flex1500; C:\Windows\SysWOW64\drivers\flex1500.sys [265312 2012-11-29] (Jungo)

R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)

R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162456 2016-08-21] (Qualcomm Atheros, Inc.)

S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2016-12-27] (hxxp://libusb-win32.sourceforge.net)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_69ca8597af61d80b\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)

R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)

R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-06-07] (Synaptics Incorporated)

R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46440 2017-04-06] (SteelSeries ApS)

R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45896 2017-05-12] (SteelSeries ApS)

R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38720 2016-11-03] (SteelSeries ApS)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-27] (Samsung Electronics Co., Ltd.)

S3 SundtekMTV; C:\WINDOWS\system32\DRIVERS\sundtekmtv64.sys [365776 2015-12-10] (Sundtek Electronics)

R1 TenCommProtect; C:\Windows\system32\drivers\TenCommProtect64.sys [47736 2016-10-04] (Tencent)

R3 TT4650_SRV_64; C:\WINDOWS\system32\drivers\ttConnect4650_64.sys [436736 2015-11-24] (CityCom GmbH)

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

R1 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)

R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()

S1 eougywyt; \??\C:\WINDOWS\system32\drivers\eougywyt.sys [X]

S3 GSVxDrv; \??\C:\Program Files\YYBox\drivers\GSVxDrv\GSVxDrv.sys [X]

U2 QQMicroGameBoxService; no ImagePath

S2 tsnethlpx64; \??\C:\Program Files (x86)\Tencent\QQPCMgr\12.2.18346.226\TsNetHlpX64_ev.sys [X]

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2017-06-18 01:01 - 2017-06-18 01:03 - 00033031 _____ C:\Users\moxito\Desktop\FRST.txt

2017-06-18 00:38 - 2017-06-18 00:38 - 02296696 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-06-18 00:17 - 2017-06-18 01:02 - 00073736 _____ C:\Users\moxito\Desktop\Addition.txt

2017-06-18 00:01 - 2017-06-18 00:01 - 02388709 _____ C:\HEADERS

2017-06-18 00:01 - 2017-06-18 00:01 - 00000019 _____ C:\END

2017-06-17 23:44 - 2017-06-17 23:47 - 00000000 ___HD C:\$WINDOWS.~BT

2017-06-17 23:30 - 2017-06-17 23:30 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

2017-06-17 23:30 - 2017-06-17 23:30 - 00000000 ____D C:\Program Files\Synaptics

2017-06-17 20:53 - 2017-06-17 20:53 - 00000000 ____D C:\Users\moxito\AppData\Local\F524E5C1-49AC-4835-B859-6FDC260E6394

2017-06-17 19:05 - 2017-06-17 19:25 - 00000000 ____D C:\ESD

2017-06-17 19:05 - 2017-06-17 19:05 - 00000000 ___HD C:\$Windows.~WS

2017-06-17 18:36 - 2017-06-17 18:36 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\tvwoetih.sys

2017-06-17 16:43 - 2017-06-17 16:43 - 05265000 _____ C:\Users\moxito\Downloads\psiphon3.exe

2017-06-17 01:58 - 2017-06-18 00:59 - 00000000 ____D C:\Users\moxito\AppData\Local\CrashDumps

2017-06-17 00:14 - 2017-06-18 01:03 - 00000000 ____D C:\FRST

2017-06-17 00:13 - 2017-06-17 00:13 - 02438656 _____ (Farbar) C:\Users\moxito\Desktop\FRST64.exe

2017-06-16 23:23 - 2017-06-16 23:25 - 00000000 ____D C:\WINDOWS\Minidump

2017-06-16 23:04 - 2017-06-16 23:04 - 09598376 _____ (Piriform Ltd) C:\Users\moxito\Downloads\ccsetup531.exe

2017-06-16 22:42 - 2017-06-16 22:42 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2

2017-06-16 22:07 - 2017-06-16 22:07 - 00003654 _____ C:\WINDOWS\System32\Tasks\Dragon_Center_updater

2017-06-16 22:07 - 2017-06-16 22:07 - 00003016 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Center

2017-06-16 19:06 - 2017-06-16 19:06 - 81963976 _____ C:\Users\moxito\Downloads\SteelSeriesEngine3.10.2Setup.exe

2017-06-16 17:59 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-06-16 17:59 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll

2017-06-16 17:58 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-06-16 17:58 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-06-16 17:58 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-06-16 17:58 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-06-16 17:58 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-06-16 17:58 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-06-16 17:58 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2017-06-16 17:58 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2017-06-16 17:58 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2017-06-16 17:58 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-06-16 17:58 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-06-16 17:58 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-06-16 17:58 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-06-16 17:58 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-06-16 17:58 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-06-16 17:58 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2017-06-16 17:58 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-06-16 17:58 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2017-06-16 17:58 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll

2017-06-16 17:58 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2017-06-16 17:58 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll

2017-06-16 17:58 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2017-06-16 17:58 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll

2017-06-16 17:58 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-06-16 17:58 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe

2017-06-16 17:58 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-06-16 17:58 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2017-06-16 17:58 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-06-16 17:58 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2017-06-16 17:58 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2017-06-16 17:58 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2017-06-16 17:58 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-06-16 17:58 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-06-16 17:58 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-06-16 17:58 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2017-06-16 17:58 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2017-06-16 17:58 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2017-06-16 17:53 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-06-16 17:53 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-06-16 17:53 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2017-06-16 17:53 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2017-06-16 17:52 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll

2017-06-16 17:52 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys

2017-06-16 17:52 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-06-16 17:52 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-06-16 17:52 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-06-16 17:52 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2017-06-16 17:52 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-06-16 17:52 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-06-16 17:52 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-06-16 17:52 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-06-16 17:52 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-06-16 17:52 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-06-16 17:52 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2017-06-16 17:52 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2017-06-16 17:52 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-06-16 17:52 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-06-16 17:52 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-06-16 17:52 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-06-16 17:52 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-06-16 17:52 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-06-16 17:52 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-06-16 17:52 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2017-06-16 17:52 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2017-06-16 17:52 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2017-06-16 17:52 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-06-16 17:52 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-06-16 17:52 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2017-06-16 17:52 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-06-16 17:52 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-06-16 17:52 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2017-06-16 17:52 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-06-16 17:52 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-06-16 17:52 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2017-06-16 17:52 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-06-16 17:52 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-06-16 17:52 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-06-16 17:52 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-06-16 17:52 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe

2017-06-16 17:52 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2017-06-16 17:51 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-06-16 17:51 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-06-16 17:51 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-06-16 17:51 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2017-06-16 17:51 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-06-16 17:51 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-06-16 17:51 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-06-16 17:51 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2017-06-16 17:51 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-06-16 17:51 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-06-16 17:51 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-06-16 17:51 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-06-16 17:51 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-06-16 17:51 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-06-16 17:51 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-06-16 17:51 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-06-16 17:51 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-06-16 17:51 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-06-16 17:51 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll

2017-06-16 17:51 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-06-16 17:51 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2017-06-16 17:51 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll

2017-06-16 17:51 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2017-06-16 17:51 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-06-16 17:51 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-06-16 17:51 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll

2017-06-16 17:51 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-06-16 17:51 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2017-06-16 17:51 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe

2017-06-16 17:51 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-06-16 17:51 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-06-16 17:51 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll

2017-06-16 17:51 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls

2017-06-06 00:55 - 2017-06-06 00:55 - 00000000 ____D C:\Users\moxito\AppData\Roaming\RenewSoftware.com

2017-06-06 00:04 - 2017-06-06 00:04 - 4083853312 _____ C:\Users\moxito\Downloads\Win10_English_x64.iso

2017-06-05 23:39 - 2017-06-05 23:39 - 00000000 ____D C:\Users\moxito\AppData\Local\RenewSoftware.com

2017-06-05 23:23 - 2017-06-06 00:35 - 00000000 ____D C:\ProgramData\58bca3a8

2017-06-05 23:23 - 2017-06-05 23:23 - 00004184 _____ C:\WINDOWS\System32\Tasks\{ED9A9CD4-5A31-2B7F-2D3D-2F4634FF2C3B}

2017-06-05 23:23 - 2017-06-05 23:23 - 00003884 _____ C:\WINDOWS\System32\Tasks\{F7B708E3-B402-CC93-0235-FB6400AF3F41}

2017-06-05 23:22 - 2017-06-05 23:22 - 01611944 _____ (Secure Download Ltd. ) C:\Users\moxito\Downloads\Registry_Activation

2017-06-05 23:21 - 2017-06-05 23:21 - 00000000 ____D C:\ProgramData\Caphyon

2017-05-24 16:31 - 2017-05-24 16:31 - 00187408 _____ C:\WINDOWS\3LQJZeRfB62pV.9W5pn

2017-05-24 16:31 - 2017-05-24 16:31 - 00053264 _____ C:\WINDOWS\FXu4.S5k12

2017-05-24 16:29 - 2017-05-18 07:21 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2017-05-24 16:26 - 2017-05-18 09:35 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 35390072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 35282040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 28624504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 10551072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 03797112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438233.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438233.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01056704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00993912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00964032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00612272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00583800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2017-05-22 21:10 - 2017-05-22 21:10 - 00095248 _____ C:\WINDOWS\Yfn76w2d9ICq.19CwO

2017-05-22 16:08 - 2017-05-22 16:08 - 00163856 _____ C:\WINDOWS\ok9734e.2DWmr

2017-05-22 00:22 - 2017-05-22 00:22 - 00001101 _____ C:\Users\moxito\Desktop\百度网盘.lnk

2017-05-22 00:22 - 2017-05-22 00:22 - 00000000 ____D C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘

2017-05-21 22:53 - 2017-05-21 22:53 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2017-05-03 22:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

2017-05-21 22:53 - 2017-05-03 22:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2017-05-21 22:32 - 2017-05-21 22:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\BaiduYunKernel

2017-05-21 22:32 - 2017-05-21 22:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\BaiduYunGuanjia

2017-05-21 20:51 - 2017-05-21 20:51 - 00002116 _____ C:\Users\Public\Desktop\Nahimic 2.lnk

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ___HD C:\Program Files (x86)\Temp

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic 2

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ____D C:\Program Files\Nahimic

2017-05-21 20:51 - 2017-02-06 10:31 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat

2017-05-21 20:51 - 2017-02-06 10:31 - 10187598 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT

2017-05-21 20:51 - 2017-02-06 10:31 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03203584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03014656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl

2017-05-21 20:51 - 2017-02-06 10:31 - 02830480 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 02190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01353816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01003504 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00962120 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00866088 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00859912 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00855232 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00726624 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00517504 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00158688 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 07172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 07096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 06264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 05593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 05347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 02444688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 02202624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01133584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00680512 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00203832 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00105304 _____ C:\WINDOWS\system32\audioLibVc.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll

2017-05-19 13:16 - 2017-04-28 03:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll

2017-05-19 13:16 - 2017-04-28 02:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll

2017-05-19 13:16 - 2017-04-28 02:55 - 00088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys

2017-05-19 13:16 - 2017-04-28 02:53 - 00616048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2017-05-19 13:16 - 2017-04-28 02:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll

2017-05-19 13:16 - 2017-04-28 02:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2017-05-19 13:16 - 2017-04-28 02:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll

2017-05-19 13:16 - 2017-04-28 02:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2017-05-19 13:16 - 2017-04-28 02:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2017-05-19 13:16 - 2017-04-28 02:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll

2017-05-19 13:16 - 2017-04-28 02:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll

2017-05-19 13:16 - 2017-04-28 02:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll

2017-05-19 13:16 - 2017-04-28 02:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll

2017-05-19 13:16 - 2017-04-28 02:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2017-05-19 13:16 - 2017-04-28 02:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll

2017-05-19 13:16 - 2017-04-28 02:39 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys

2017-05-19 13:16 - 2017-04-28 02:38 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2017-05-19 13:16 - 2017-04-28 02:35 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll

2017-05-19 13:16 - 2017-04-28 02:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2017-05-19 13:16 - 2017-04-28 02:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll

2017-05-19 13:16 - 2017-04-28 02:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll

2017-05-19 13:16 - 2017-04-28 02:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll

2017-05-19 13:16 - 2017-04-28 02:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll

2017-05-19 13:16 - 2017-04-28 02:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll

2017-05-19 13:16 - 2017-04-28 02:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll

2017-05-19 13:16 - 2017-04-28 02:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2017-05-19 13:16 - 2017-04-28 02:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2017-05-19 13:16 - 2017-04-28 02:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp

2017-05-19 13:16 - 2017-04-28 02:17 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2017-05-19 13:16 - 2017-04-28 02:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll

2017-05-19 13:16 - 2017-04-28 02:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2017-05-19 13:16 - 2017-04-28 02:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl

2017-05-19 13:16 - 2017-04-28 02:15 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll

2017-05-19 13:16 - 2017-04-28 02:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll

2017-05-19 13:16 - 2017-04-28 02:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll

2017-05-19 13:16 - 2017-04-28 02:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll

2017-05-19 13:16 - 2017-04-28 02:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe

2017-05-19 13:16 - 2017-04-28 02:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll

2017-05-19 13:16 - 2017-04-28 02:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe

2017-05-19 13:16 - 2017-04-28 02:12 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll

2017-05-19 13:16 - 2017-04-28 02:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll

2017-05-19 13:16 - 2017-04-28 02:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll

2017-05-19 13:16 - 2017-04-28 02:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll

2017-05-19 13:16 - 2017-04-28 02:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll

2017-05-19 13:16 - 2017-04-28 02:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll

2017-05-19 13:16 - 2017-04-28 02:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll

2017-05-19 13:16 - 2017-04-28 02:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2017-05-19 13:16 - 2017-04-28 02:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll

2017-05-19 13:16 - 2017-04-28 02:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll

2017-05-19 13:16 - 2017-04-28 02:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2017-05-19 13:16 - 2017-04-28 02:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2017-05-19 13:16 - 2017-04-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2017-05-19 13:16 - 2017-04-28 02:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2017-05-19 13:16 - 2017-04-28 02:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll

2017-05-19 13:16 - 2017-04-28 02:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll

2017-05-19 13:16 - 2017-04-28 02:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll

2017-05-19 13:16 - 2017-04-28 02:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll

2017-05-19 13:16 - 2017-04-28 02:02 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp

2017-05-19 13:16 - 2017-04-28 02:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll

2017-05-19 13:16 - 2017-04-28 02:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys

2017-05-19 13:16 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll

2017-05-19 13:16 - 2017-04-28 02:00 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll

2017-05-19 13:16 - 2017-04-28 01:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll

2017-05-19 13:16 - 2017-04-28 01:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll

2017-05-19 13:16 - 2017-04-28 01:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2017-05-19 13:16 - 2017-04-28 01:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

moxito

18.06.2017 00:33

Code:

2017-05-19 13:16 - 2017-04-28 01:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2017-05-19 13:16 - 2017-04-28 01:55 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll

2017-05-19 13:16 - 2017-04-28 01:54 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2017-05-19 13:16 - 2017-04-28 01:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll

2017-05-19 13:16 - 2017-04-28 01:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe

2017-05-19 13:16 - 2017-04-28 01:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2017-05-19 13:16 - 2017-04-28 01:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2017-05-19 13:16 - 2017-04-28 01:44 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll

2017-05-19 13:16 - 2017-04-28 01:43 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll

2017-05-19 13:16 - 2017-04-28 01:41 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll

2017-05-19 13:16 - 2017-04-28 01:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2017-05-19 13:16 - 2017-04-28 01:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll

2017-05-19 13:16 - 2017-04-28 01:37 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll

2017-05-19 13:16 - 2017-04-28 01:37 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2017-05-19 13:16 - 2017-03-04 09:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2017-05-19 13:16 - 2017-03-04 08:25 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2017-05-19 13:16 - 2017-03-04 08:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2017-05-19 13:16 - 2017-03-04 08:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll

2017-05-19 13:16 - 2017-03-04 08:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll

2017-05-19 13:16 - 2017-03-04 08:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll

2017-05-19 13:16 - 2017-03-04 08:06 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll

2017-05-19 13:16 - 2017-03-04 08:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2017-05-19 13:16 - 2017-03-04 08:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00754528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll

2017-05-19 13:15 - 2017-04-28 02:57 - 00573280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll

2017-05-19 13:15 - 2017-04-28 02:56 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll

2017-05-19 13:15 - 2017-04-28 02:53 - 00774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll

2017-05-19 13:15 - 2017-04-28 02:52 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2017-05-19 13:15 - 2017-04-28 02:49 - 00700936 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2017-05-19 13:15 - 2017-04-28 02:47 - 00699744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll

2017-05-19 13:15 - 2017-04-28 02:47 - 00501088 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll

2017-05-19 13:15 - 2017-04-28 02:46 - 00410464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll

2017-05-19 13:15 - 2017-04-28 02:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys

2017-05-19 13:15 - 2017-04-28 02:42 - 00526176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe

2017-05-19 13:15 - 2017-04-28 02:42 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 02759704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 00578400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2017-05-19 13:15 - 2017-04-28 02:40 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll

2017-05-19 13:15 - 2017-04-28 02:40 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe

2017-05-19 13:15 - 2017-04-28 02:38 - 02915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 01852200 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll

2017-05-19 13:15 - 2017-04-28 02:38 - 00431968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys

2017-05-19 13:15 - 2017-04-28 02:36 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll

2017-05-19 13:15 - 2017-04-28 02:36 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 08170600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2017-05-19 13:15 - 2017-04-28 02:35 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2017-05-19 13:15 - 2017-04-28 02:34 - 01277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 00244824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2017-05-19 13:15 - 2017-04-28 02:34 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll

2017-05-19 13:15 - 2017-04-28 02:30 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll

2017-05-19 13:15 - 2017-04-28 02:28 - 00453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2017-05-19 13:15 - 2017-04-28 02:28 - 00387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll

2017-05-19 13:15 - 2017-04-28 02:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx

2017-05-19 13:15 - 2017-04-28 02:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll

2017-05-19 13:15 - 2017-04-28 02:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2017-05-19 13:15 - 2017-04-28 02:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll

2017-05-19 13:15 - 2017-04-28 02:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2017-05-19 13:15 - 2017-04-28 02:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll

2017-05-19 13:15 - 2017-04-28 02:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2017-05-19 13:15 - 2017-04-28 02:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2017-05-19 13:15 - 2017-04-28 02:07 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe

2017-05-19 13:15 - 2017-04-28 02:07 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2017-05-19 13:15 - 2017-04-28 02:07 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe

2017-05-19 13:15 - 2017-04-28 02:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2017-05-19 13:15 - 2017-04-28 02:05 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2017-05-19 13:15 - 2017-04-28 02:03 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll

2017-05-19 13:15 - 2017-04-28 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx

2017-05-19 13:15 - 2017-04-28 02:03 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys

2017-05-19 13:15 - 2017-04-28 02:03 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll

2017-05-19 13:15 - 2017-04-28 02:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll

2017-05-19 13:15 - 2017-04-28 02:02 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2017-05-19 13:15 - 2017-04-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys

2017-05-19 13:15 - 2017-04-28 02:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe

2017-05-19 13:15 - 2017-04-28 02:01 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll

2017-05-19 13:15 - 2017-04-28 02:01 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2017-05-19 13:15 - 2017-04-28 02:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll

2017-05-19 13:15 - 2017-04-28 01:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2017-05-19 13:15 - 2017-04-28 01:58 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll

2017-05-19 13:15 - 2017-04-28 01:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2017-05-19 13:15 - 2017-04-28 01:57 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll

2017-05-19 13:15 - 2017-04-28 01:57 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe

2017-05-19 13:15 - 2017-04-28 01:56 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll

2017-05-19 13:15 - 2017-04-28 01:56 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll

2017-05-19 13:15 - 2017-04-28 01:55 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl

2017-05-19 13:15 - 2017-04-28 01:55 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2017-05-19 13:15 - 2017-04-28 01:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2017-05-19 13:15 - 2017-04-28 01:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll

2017-05-19 13:15 - 2017-04-28 01:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2017-05-19 13:15 - 2017-04-28 01:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll

2017-05-19 13:15 - 2017-04-28 01:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2017-05-19 13:15 - 2017-04-28 01:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 01476608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

2017-05-19 13:15 - 2017-04-28 01:50 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll

2017-05-19 13:15 - 2017-04-28 01:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2017-05-19 13:15 - 2017-04-28 01:49 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll

2017-05-19 13:15 - 2017-04-28 01:48 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe

2017-05-19 13:15 - 2017-04-28 01:48 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2017-05-19 13:15 - 2017-04-28 01:48 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll

2017-05-19 13:15 - 2017-04-28 01:48 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 03290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2017-05-19 13:15 - 2017-04-28 01:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe

2017-05-19 13:15 - 2017-04-28 01:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe

2017-05-19 13:15 - 2017-04-28 01:46 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe

2017-05-19 13:15 - 2017-04-28 01:46 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll

2017-05-19 13:15 - 2017-04-28 01:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll

2017-05-19 13:15 - 2017-04-28 01:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe

2017-05-19 13:15 - 2017-04-28 01:45 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 04749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe

2017-05-19 13:15 - 2017-04-28 01:44 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll

2017-05-19 13:15 - 2017-04-28 01:44 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2017-05-19 13:15 - 2017-04-28 01:43 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll

2017-05-19 13:15 - 2017-04-28 01:43 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe

2017-05-19 13:15 - 2017-04-28 01:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2017-05-19 13:15 - 2017-04-28 01:42 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl

2017-05-19 13:15 - 2017-04-28 01:41 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2017-05-19 13:15 - 2017-04-28 01:41 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 02096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2017-05-19 13:15 - 2017-04-28 01:40 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2017-05-19 13:15 - 2017-04-28 01:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2017-05-19 13:15 - 2017-04-28 01:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll

2017-05-19 13:15 - 2017-04-28 01:39 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2017-05-19 13:15 - 2017-04-28 01:38 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2017-05-19 13:15 - 2017-04-28 01:38 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll

2017-05-19 13:15 - 2017-04-28 01:38 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2017-05-19 13:15 - 2017-04-28 01:38 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 02216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2017-05-19 13:15 - 2017-04-28 01:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2017-05-19 13:15 - 2017-04-28 01:36 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll

2017-05-19 13:15 - 2017-04-28 01:35 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe

2017-05-19 13:15 - 2017-04-28 01:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2017-05-19 13:15 - 2017-04-28 01:34 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2017-05-19 13:15 - 2017-04-28 01:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe

2017-05-19 13:15 - 2017-04-28 01:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe

2017-05-19 13:15 - 2017-04-28 01:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe

2017-05-19 13:15 - 2017-04-28 01:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll

2017-05-19 13:15 - 2017-03-04 09:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2017-05-19 13:15 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll

2017-05-19 13:15 - 2017-03-04 08:25 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll

2017-05-19 13:15 - 2017-03-04 08:19 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll

2017-05-19 13:15 - 2016-12-21 09:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2017-06-18 01:03 - 2016-10-11 11:04 - 03222312 _____ C:\WINDOWS\system32\perfh007.dat

2017-06-18 01:03 - 2016-10-11 11:04 - 00904720 _____ C:\WINDOWS\system32\perfc007.dat

2017-06-18 01:03 - 2016-08-21 15:19 - 06784126 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-06-18 01:01 - 2016-10-11 12:57 - 00000380 _____ C:\Users\Public\Documents\temp.dat

2017-06-18 01:01 - 2016-08-21 16:12 - 00000000 ____D C:\ProgramData\NVIDIA

2017-06-18 01:00 - 2016-08-21 20:02 - 00000000 ____D C:\Users\moxito\Documents\Tencent Files

2017-06-18 01:00 - 2016-08-21 17:36 - 00000000 ____D C:\Users\moxito\AppData\Local\Sidebar7

2017-06-18 00:59 - 2016-11-27 00:25 - 00000000 ____D C:\ProgramData\VMware

2017-06-18 00:59 - 2016-11-25 16:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\The Bat!

2017-06-18 00:59 - 2016-10-30 02:17 - 00000040 ___SH C:\ProgramData\.zreglib

2017-06-18 00:59 - 2016-10-11 01:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-06-18 00:57 - 2016-08-21 17:10 - 00000000 ____D C:\Users\moxito\AppData\Local\ClassicShell

2017-06-18 00:44 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF

2017-06-18 00:40 - 2016-08-21 22:39 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-06-18 00:36 - 2016-09-30 14:34 - 00000000 ____D C:\ProgramData\TENCENT

2017-06-17 23:55 - 2016-10-11 01:14 - 00003780 _____ C:\WINDOWS\diagwrn.xml

2017-06-17 23:55 - 2016-10-11 01:14 - 00001908 _____ C:\WINDOWS\diagerr.xml

2017-06-17 23:47 - 2016-10-13 18:41 - 00000000 ____D C:\WINDOWS\Panther

2017-06-17 23:20 - 2016-10-11 01:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-06-17 23:20 - 2016-08-21 17:08 - 00000000 ____D C:\ProgramData\BavSvc_exe

2017-06-17 22:41 - 2017-02-11 13:53 - 00000000 ____D C:\Users\moxito\AppData\Roaming\XnView

2017-06-17 20:03 - 2016-08-21 22:03 - 00000000 ____D C:\Users\moxito\AppData\Roaming\vlc

2017-06-17 19:58 - 2016-12-01 01:43 - 00000000 ____D C:\Users\moxito\Downloads\div. Windows

2017-06-17 18:56 - 2016-11-29 18:50 - 00000000 ____D C:\Users\moxito\AppData\Roaming\Psiphon3

2017-06-17 18:29 - 2016-11-29 18:50 - 05265000 _____ C:\Users\moxito\psiphon3.exe

2017-06-17 18:29 - 2016-10-11 01:10 - 00000000 ____D C:\Users\moxito

2017-06-17 16:30 - 2016-12-13 21:43 - 00000000 ____D C:\Users\moxito\AppData\Local\Deployment

2017-06-17 13:55 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI

2017-06-17 02:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache

2017-06-17 02:12 - 2016-08-21 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2017-06-17 00:00 - 2016-09-28 16:01 - 00000000 ____D C:\Users\moxito\AppData\Local\app

2017-06-16 23:36 - 2016-08-21 16:55 - 00000000 ____D C:\Users\moxito\AppData\Roaming\steelseries-engine-3-client

2017-06-16 23:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-06-16 23:18 - 2016-11-25 00:13 - 00000000 ____D C:\ProgramData\Hauppauge

2017-06-16 23:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\tracing

2017-06-16 23:04 - 2016-08-21 16:58 - 00000823 _____ C:\Users\Public\Desktop\CCleaner.lnk

2017-06-16 23:02 - 2016-10-11 01:13 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2017-06-16 22:45 - 2016-08-21 15:17 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-06-16 22:45 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-06-16 22:43 - 2016-09-28 18:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-06-16 22:43 - 2016-09-28 18:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-06-16 22:39 - 2016-11-25 17:35 - 00000000 ____D C:\Users\moxito\AppData\Roaming\uTorrent

2017-06-16 22:17 - 2016-08-21 15:41 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-06-16 22:15 - 2016-09-28 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-06-16 22:15 - 2016-08-21 15:41 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-06-16 22:14 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-06-16 22:08 - 2016-09-27 14:20 - 00000000 ____D C:\ProgramData\MSI

2017-06-16 22:07 - 2016-09-27 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI

2017-06-16 22:07 - 2016-08-21 16:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-06-16 19:08 - 2016-08-21 16:53 - 00000000 ____D C:\WINDOWS\Cnxt

2017-06-16 19:07 - 2016-08-21 16:53 - 00000000 ____D C:\ProgramData\Conexant

2017-06-16 15:49 - 2017-04-25 19:16 - 00000000 ____D C:\Program Files (x86)\YY

2017-06-06 00:36 - 2016-10-12 17:33 - 00000000 ____D C:\WINDOWS\PCHEALTH

2017-06-05 23:50 - 2016-09-28 17:46 - 00000626 __RSH C:\ProgramData\ntuser.pol

2017-06-05 23:35 - 2016-12-15 05:59 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-06-05 23:34 - 2016-12-11 17:10 - 00000000 ____D C:\Program Files (x86)\Intel

2017-06-05 23:33 - 2016-09-27 14:09 - 00000000 ____D C:\Program Files (x86)\MSI

2017-06-05 22:00 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-05-24 16:29 - 2016-10-11 01:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-05-24 16:29 - 2016-09-15 19:33 - 00000000 ____D C:\Temp

2017-05-24 16:18 - 2016-09-28 16:42 - 00000000 ____D C:\Users\moxito\Documents\temp

2017-05-22 15:54 - 2017-01-28 01:13 - 00000486 _____ C:\WINDOWS\Tasks\HuanjuGameUpdate.job

2017-05-21 22:53 - 2017-02-07 15:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-12-15 05:53 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-05-21 22:53 - 2016-09-27 13:26 - 00001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-05-21 22:53 - 2016-08-21 15:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-05-21 22:32 - 2016-08-22 17:03 - 00000000 ____D C:\Users\moxito\AppData\Roaming\baidu

2017-05-21 20:52 - 2017-01-28 01:13 - 00003588 _____ C:\WINDOWS\System32\Tasks\HuanjuGameUpdate

2017-05-21 20:51 - 2016-10-11 01:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2017-05-21 20:51 - 2016-10-11 01:09 - 00000000 ____D C:\WINDOWS\system32\DAX2

2017-05-21 20:51 - 2016-08-21 15:43 - 00000000 ____D C:\ProgramData\Package Cache

2017-05-21 20:48 - 2017-04-26 02:17 - 05821944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2017-05-21 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-05-21 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer

2017-05-19 18:43 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2017-05-19 18:43 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2017-05-19 13:01 - 2016-07-16 13:42 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
 

==================== Files in the root of some directories =======
 

2016-10-08 00:26 - 2016-10-08 00:29 - 0000752 _____ () C:\Users\moxito\AppData\Roaming\.emacs

2016-11-30 19:44 - 2016-11-30 19:44 - 0000020 _____ () C:\Users\moxito\AppData\Roaming\004D5649544E41696E66

2016-11-30 19:43 - 2016-11-30 19:43 - 0000256 _____ () C:\Users\moxito\AppData\Roaming\140A0027000007

2016-12-05 20:22 - 2016-12-05 20:22 - 0000024 _____ () C:\Users\moxito\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini

2016-11-30 19:44 - 2017-01-16 21:48 - 0001209 _____ () C:\Users\moxito\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini

2017-02-13 02:41 - 2017-02-13 02:41 - 0001038 _____ () C:\Users\moxito\AppData\Roaming\ex_log.txt

2016-10-10 20:08 - 2017-02-04 16:04 - 0001269 _____ () C:\Users\moxito\AppData\Roaming\Network Meter_Settings.ini

2016-10-10 20:09 - 2016-10-10 20:09 - 0000772 _____ () C:\Users\moxito\AppData\Roaming\Stock Meter_Settings.ini

2016-09-30 18:39 - 2016-10-10 19:53 - 0000122 _____ () C:\Users\moxito\AppData\Roaming\System Monitor II_UptimeRecord.ini

2017-01-28 01:25 - 2017-01-28 01:25 - 1444872 _____ (Tencent Inc.) C:\Users\moxito\AppData\Roaming\XQ4Q.DLL

2016-08-21 16:30 - 2016-08-21 16:30 - 0000000 _____ () C:\Users\moxito\AppData\Local\Driver_11ACPresent.flag

2016-08-21 16:30 - 2016-08-21 16:30 - 0000000 _____ () C:\Users\moxito\AppData\Local\Driver_LOM_8161Present.flag

2016-12-16 23:50 - 2016-12-29 02:03 - 0000600 _____ () C:\Users\moxito\AppData\Local\PUTTY.RND

2016-09-28 19:18 - 2016-09-28 19:18 - 0007597 _____ () C:\Users\moxito\AppData\Local\Resmon.ResmonCfg

2016-10-30 02:17 - 2017-06-18 00:59 - 0000040 ___SH () C:\ProgramData\.zreglib

2016-10-11 01:09 - 2016-10-11 01:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2017-01-28 03:09 - 2017-01-28 03:09 - 0076168 _____ (Tencent) C:\ProgramData\fa5HvkT6.aIj

2016-12-15 05:53 - 2017-01-18 15:10 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log

2016-12-15 05:53 - 2017-01-14 12:59 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

2016-11-24 23:00 - 2016-11-24 23:01 - 1696960 _____ () C:\ProgramData\QQGAMEQCK2119.DLL

2016-12-05 20:10 - 2016-12-05 20:10 - 1696960 _____ () C:\ProgramData\QQGAMEQCK2205.DLL

2016-12-04 20:08 - 2016-12-08 20:16 - 1389760 _____ () C:\ProgramData\QQGameQCK2840.exe

2017-01-28 01:29 - 2017-01-28 01:29 - 0076168 _____ (Tencent) C:\ProgramData\rW2F6Ma7N5GJI83.971
 

Files to move or delete:

====================

C:\ProgramData\QQGAMEQCK2119.DLL

C:\ProgramData\QQGAMEQCK2205.DLL

C:\ProgramData\QQGameQCK2840.exe

C:\Users\moxito\psiphon3.exe
 
 

==================== Bamital & volsnap ======================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2017-06-16 17:32
 

==================== End of FRST.txt ============================

moxito

18.06.2017 00:34

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2017 01

Ran by moxito (18-06-2017 01:03:46)

Running from C:\Users\moxito\Desktop

Windows 10 Enterprise Version 1607 (X64) (2016-10-10 23:15:08)

Boot Mode: Normal

==========================================================
 
 

==================== Accounts: =============================
 

Administrator (S-1-5-21-1078665582-1449517287-1295239923-500 - Administrator - Disabled)

DefaultAccount (S-1-5-21-1078665582-1449517287-1295239923-503 - Limited - Disabled)

Guest (S-1-5-21-1078665582-1449517287-1295239923-501 - Limited - Enabled)

HomeGroupUser$ (S-1-5-21-1078665582-1449517287-1295239923-1005 - Limited - Enabled)

moxito (S-1-5-21-1078665582-1449517287-1295239923-1001 - Administrator - Enabled) => C:\Users\moxito
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: Baidu Antivirus (Enabled - Up to date) {0B023102-4312-4570-585A-1BAAA3570E16}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Baidu Antivirus (Enabled - Up to date) {B063D0E6-6528-4AFE-62EA-20D8D8D044AB}
 

==================== Installed Programs ======================
 

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

µTorrent (HKLM-x32\...\uTorrent) (Version: 2.0.4 - )

360 Browser (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\360Browser) (Version: 7.5.2.108 - 360 Security Center)

7-Zip 16.02 (HKLM-x32\...\7-Zip) (Version: 16.02 - Igor Pavlov)

8GadgetPack (HKLM-x32\...\{35C86AEB-A4C6-49E3-90B7-245F2C7FDEC7}) (Version: 21.0.0 - 8GadgetPack.net)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.153 - Adobe Systems Incorporated)

Adobe Audition 3.0 (HKLM-x32\...\Adobe Audition 3.0) (Version: 3.0 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)

Adobe Photoshop CS3 (HKLM-x32\...\Adobe_5f143314a5d434c8511097393d17397) (Version: 10.0 - Adobe Systems Incorporated)

Aegisub 3.2.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.2.2 - Aegisub Team)

Ansel (Version: 382.33 - NVIDIA Corporation) Hidden

AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.6.6.0 - SlySoft)

ApoDispatchConfigurator (Version: 2.3.1401 - Nahimic) Hidden

AudioLaunchpadConfigurator (Version: 2.3.1401 - Nahimic) Hidden

Baidu Antivirus (HKLM-x32\...\Baidu Antivirus) (Version: 5.4.3.148966 - Baidu, Inc.)

Battery Calibration (HKLM-x32\...\InstallShield_{634AC01E-49DB-4AD2-B87C-90D4DCC6AFA1}) (Version: 1.0.1607.1801 - Micro-Star International Co., Ltd.)

Battery Calibration (x32 Version: 1.0.1607.1801 - Micro-Star International Co., Ltd.) Hidden

BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 2.5.78.6323 - BlueStack Systems, Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.31 - Piriform)

CCTalk (HKLM-x32\...\CCTalk) (Version: 6.0.0.1 - www.hujiang.com, Inc.)

CheckDevicesConfigurator (Version: 2.3.1401 - Nahimic) Hidden

Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)

CPUID CPU-Z 1.77 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )

Dragon Center (HKLM-x32\...\InstallShield_{C65B26BC-5A6F-4135-9678-55A877655471}) (Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.)

Dragon Center (x32 Version: 1.2.1705.3101 - Micro-Star International Co., Ltd.) Hidden

Dragon Gaming Center (HKLM-x32\...\InstallShield_{965B16C7-0778-4C45-B7D1-83A59E6FBBCB}) (Version: 2.0.1605.2701 - Micro-Star International Co., Ltd.)

Dragon Gaming Center (x32 Version: 2.0.1605.2701 - Micro-Star International Co., Ltd.) Hidden

DVD Shrink 3.2 deutsch (DeCSS-frei) (HKLM-x32\...\DVD Shrink DE_is1) (Version:  - DVD Shrink)

Exact Audio Copy 1.1 (HKLM-x32\...\Exact Audio Copy) (Version: 1.1 - Andre Wiethoff)

Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)

FRN Client 2014 (HKLM-x32\...\FRN Client_is1) (Version:  - Free Radio Network)

FRN Server 2014 (HKLM-x32\...\FRN Server_is1) (Version:  - Free Radio Network)

Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )

Hauppauge WinTV 8 (HKLM-x32\...\Hauppauge WinTV 8) (Version: v8.0.34284 (CD 5.1 AAC) - Hauppauge Computer Works)

Help Desk (HKLM-x32\...\InstallShield_{7E8181AF-9679-49B3-B133-C265709B6927}) (Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.)

Help Desk (x32 Version: 1.0.1605.0601 - Micro-Star International Co., Ltd.) Hidden

Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)

Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden

Intel(R) Chipset Device Software (x32 Version: 10.1.1.9 - Intel(R) Corporation) Hidden

Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1153 - Intel Corporation)

Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)

Java 8 Update 112 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180112F0}) (Version: 8.0.1120.15 - Oracle Corporation)

Killer Bandwidth Control Filter Driver (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer E220x Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer Network Manager (Version: 1.1.56.1122 - Rivet Networks) Hidden

Killer Performance Suite (HKLM-x32\...\{E70DB50B-10B4-46BC-9DE2-AB8B49E061EE}) (Version: 1.1.56.1122 - Rivet Networks)

Killer Wireless-AC Drivers (Version: 1.1.56.1122 - Rivet Networks) Hidden

K-Lite Mega Codec Pack 11.9.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.9.0 - KLCP)

Kodi (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Kodi) (Version:  - XBMC-Foundation)

LauncherSetup (Version: 2.3.1401 - Nahimic) Hidden

LAV Filters 0.68.1 (HKLM-x32\...\lavfilters_is1) (Version: 0.68.1 - Hendrik Leppkes)

LenovoUsbDriver 1.1.9 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.1.9 - Lenovo)

Logitech SetPoint 6.67 (HKLM\...\sp6) (Version: 6.67.83 - Logitech)

Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)

Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)

Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

MKVToolNix 6.9.1 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 6.9.1 - Moritz Bunkus)

Nahimic 2 (HKLM-x32\...\{05c7b70a-5d25-419a-9b71-76900393b641}) (Version: 2.3.14 - Nahimic)

Nahimic2UISetup (Version: 2.3.1401 - Nahimic) Hidden

Nero 8 (HKLM-x32\...\{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}) (Version: 8.0.182 - Nero AG)

NirSoft Wireless Network Watcher (HKLM-x32\...\NirSoft Wireless Network Watcher) (Version:  - )

Nitro Reader 5 (HKLM\...\{1DF310B2-0BE7-4CD7-8FCF-54B1ADB067D3}) (Version: 5.5.6.21 - Nitro)

NVIDIA 3D Vision Treiber 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.33 - NVIDIA Corporation)

NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)

NVIDIA Grafiktreiber 382.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.33 - NVIDIA Corporation)

NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)

NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)

NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden

NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden

NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden

Oracle VM VirtualBox 5.1.10 (HKLM\...\{57682F33-488A-4065-8255-C3681A2B6F4E}) (Version: 5.1.10 - Oracle Corporation)

Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden

PDF Settings (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden

PlayReady PC Runtime amd64 (HKLM\...\{2E0C1D31-8FEC-411E-97FB-6E56BD429A98}) (Version: 1.3.10 - Microsoft Corporation)

ProductDaemonSetup (Version: 2.3.1401 - Nahimic) Hidden

ProductNSConfigurator (Version: 2.3.1401 - Nahimic) Hidden

QQ International (HKLM-x32\...\{3CA54984-A14B-42FE-9FF1-7EA90151D725}) (Version: 1.91.1369.0 - Tencent Technology(Shenzhen) Company Limited)

QQ音乐2016 (HKLM-x32\...\QQMusic) (Version: 12.97.3627.1201 - 腾讯科技（深圳）有限公司)

QTranslate 5.7.0.3 (HKLM-x32\...\QTranslate) (Version: 5.7.0.3 - QuestSoft)

QT语音 (HKLM-x32\...\QT语音) (Version: 11.43.0.17707.483 - 腾讯科技（深圳）有限公司)

Qualcomm Atheros 61x4 Bluetooth Suite (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 12.0.0.102 - Qualcomm Atheros)

QvodPlayer v3.5 (HKLM-x32\...\QvodPlayer) (Version: 3.5 - Shenzhen QVOD Technology Co.,Ltd)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.21277 - Realtek Semiconductor Corp.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8053 - Realtek Semiconductor Corp.)

Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)

SCM (HKLM\...\{E3CE9EC1-7244-4846-A383-6BF0B172917A}) (Version: 13.015.12097 - Application)

SDR-RADIO.com (V2) (HKLM-x32\...\SDR-RADIO.com (V2)) (Version:  - )

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden

SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden

SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden

SonicMapperConfigurator (Version: 2.3.1401 - Nahimic) Hidden

SteelSeries Engine 3.10.2 (HKLM\...\SteelSeries Engine 3) (Version: 3.10.2 - SteelSeries ApS)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.22.4 - Synaptics Incorporated)

TalkTV (HKLM-x32\...\{F768F6BA-F164-4599-BC26-DCCFC2F71983}_is1) (Version: 4.1.3 - TalkTV)

Technotrend Viewer (HKLM-x32\...\TT-Viewer_is1) (Version:  - CM&V)

The Bat! Professional v3.99.29 (HKLM-x32\...\{CA8D1F57-1D54-463F-A97D-9D740EBBD285}) (Version: 3.99.29 - Ritlabs)

TomTom HOME (HKLM-x32\...\{3C595537-D968-48D5-AAB1-CCB2E90FA59A}) (Version: 2.9.94 - Ihr Firmenname)

UFR II Printer Driver Uninstaller (HKLM\...\Canon UFR II Printer Driver) (Version: 5, 4, 0, 0 - Canon Inc.)

UIInstallUpgrade (Version: 2.3.1401 - Nahimic) Hidden

UltraMon (HKLM\...\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}) (Version: 3.3.0 - Realtime Soft Ltd)

Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)

Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.6 - VideoLAN)

VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden

VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 8.0.0.18997 - VMware, Inc)

VMware Workstation (x32 Version: 8.0.0.18997 - VMware, Inc.) Hidden

Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)

Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)

Windows-Treiberpaket - MediaTek Inc. (wdm_usb) Ports  (01/22/2015 3.0.1504.0) (HKLM\...\BD5E2A628C2263FAEC66A4BFF2E88B897427E4C3) (Version: 01/22/2015 3.0.1504.0 - MediaTek Inc.)

WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)

Wondershare Video Converter Ultimate(Build 9.0.0.4) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 9.0.0.4 - Wondershare Software)

XnView 2.39 (HKLM-x32\...\XnView_is1) (Version: 2.39 - Gougelet Pierre-e)

Youtube Downloader HD v. 2.9.9.30 (HKLM-x32\...\Youtube Downloader HD_is1) (Version:  - YoutubeDownloaderHD.com)

YY version 1.0 (HKLM-x32\...\{76E0BCEF-DBB1-4257-8230-6DE2310E4813}_is1) (Version: 1.0 - Joe)

YY8 (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\YY8) (Version: 8.3.0.2 - 多玩游戏网)

Zattoo Live TV (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\6e425e00e7cd59c7) (Version: 1.0.0.51 - Zattoo Europa AG)

央视影音 (HKLM-x32\...\{07F79EE3-1012-40BF-BEE7-A07EE6C284DC}_is1) (Version: 4.0.8.0 - 中国网络电视台)

搜狗拼音输入法 8.0正式版 (HKLM-x32\...\Sogou Input) (Version: 8.0.0.8381 - Sogou.com)

有道词典 (HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\有道词典) (Version: 6.3 - 网易公司)

百度云管家 (HKLM-x32\...\百度云管家) (Version: 5.4.9 - 百度在线网络技术（北京）有限公司)

腾讯QQ (HKLM-x32\...\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}) (Version: 8.6.18804.0 - 腾讯科技(深圳)有限公司)

腾讯TM2009 (HKLM-x32\...\{260706D6-56D3-41E8-9183-DC4DF54B7F4B}) (Version: 1.41.1287.0 - 腾讯科技(深圳)有限公司)
 

==================== Custom CLSID (Whitelisted): ==========================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{0B7AD8D3-094A-44DE-A348-83C6C3FA347C}\InprocServer32 -> C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Clipboarder.gadget\Release\Clipboarder64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{0E7BE950-4ACC-47CB-834B-41A8B96BBFF9}\InprocServer32 -> C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\Sidebar7.gadget\Release\Sidebar7.64.dll (Helmut Buhler)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{25815CC0-43F4-3C75-8C3A-A139D9ADE740}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{2E445E22-1A5F-4C84-B963-BB65D07C1FB3}\InprocServer32 -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{40C842B5-9E7D-4FBD-8E05-021F4B6F5CA5}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001_Classes\CLSID\{A5110465-0F43-4586-9DEC-73DCC0CBCF08}\InprocServer32 -> C:\WINDOWS\system32\kernel32.dll (Microsoft Corporation)
 

==================== Scheduled Tasks (Whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

Task: {066AC61E-1658-4034-8524-C0F15BD63338} - System32\Tasks\gsrun.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\gsrun.exe [2016-10-13] ()

Task: {06F7876A-D01A-42DE-B0BB-34D3F2C31961} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-13] (Piriform Ltd)

Task: {07B42A73-B318-4361-8F73-910851DAA954} - System32\Tasks\me.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\me.exe [2016-10-13] ()

Task: {1195CE57-9B94-42B6-BD81-89095373206D} - System32\Tasks\MeLogo_{67679FCB-7ECA-4db5-B5AE-E6B4E178D0BA} => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\me.exe [2016-10-13] ()

Task: {1574B4F0-4EB0-481D-B3D6-875944676A34} - \{057E7D47-7D0A-0A7A-7911-0E040E78110C} -> No File <==== ATTENTION

Task: {25DED191-9070-42A0-9253-062048019AE6} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-03] (NVIDIA Corporation)

Task: {32F11BBA-6316-404F-9DC7-B8F7FE491A05} - System32\Tasks\{ED9A9CD4-5A31-2B7F-2D3D-2F4634FF2C3B} => C:\ProgramData\{EB8ACCE0-5C21-7B4B-7EE8-1C19ABAD4F85}\3B2BA978-8C80-1ED3-88ED-20DA0EEA8994.exe <==== ATTENTION

Task: {3BCE144F-14C8-4842-8A53-661187BBC8A0} - System32\Tasks\Nahimic2UILauncherRun => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [2017-01-13] ()

Task: {3E407DC0-759C-44BB-88AC-AF6AC6A3A08B} - System32\Tasks\Nahimic2Svc32Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe [2017-01-13] ()

Task: {41607316-F1F1-4C25-B261-37C521ABF4CA} - System32\Tasks\Dragon_Center_updater => C:\ProgramData\MSI\Dragon [Argument = Center\DragonCenter_Updater.exe DragonCenter]

Task: {4220DF88-E589-414A-B2EA-098D3E0E6500} - System32\Tasks\MSI_Dragon Center => C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe [2017-05-31] (Micro-Star International Co., Ltd.)

Task: {47435CE5-D1F2-4C13-A77E-DEADE332ED23} - System32\Tasks\{F7B708E3-B402-CC93-0235-FB6400AF3F41} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\58bca3a8\52456f97.dll" <==== ATTENTION

Task: {49FC50FD-0B66-420F-8C7C-52B54AC07DAB} - System32\Tasks\HuanjuGameUpdate => C:\Users\moxito\AppData\Roaming\duowan\yygame\popup\bin\hjGameUpdate.exe [2017-05-21] (YY Inc.)

Task: {4E03935F-200C-45FD-9C69-7E21824D8529} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)

Task: {52CC2439-C048-4BE9-B616-C6A62EBF5D60} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)

Task: {66632B7C-EA9C-4F6B-9AA6-9122D4A185F8} - System32\Tasks\SogouImeMgr => C:\Program Files (x86)\SogouInput\SogouExe\SogouExe.exe [2016-09-02] (Sogou.com Inc.)

Task: {743767E4-92ED-4EB8-BDE6-031C7AC9E9EC} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)

Task: {77B29FB4-A203-4C87-AD47-184CA218CF3C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)

Task: {7AD8FA13-DAA9-47B8-A54D-CF5009AB44F4} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"

Task: {84F0B267-E639-40B1-8A5B-C527E0D0D998} - System32\Tasks\MSI_Dragon Gaming Center => C:\Program Files (x86)\MSI\Dragon Gaming Center\mDispatch.exe [2014-01-23] (TODO: <公司名稱>)

Task: {8D282348-DBD4-4BD7-9A44-95F8462FC27E} - System32\Tasks\yyplayer.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\yyplayer.exe [2016-10-13] ()

Task: {B86BD242-2DD2-49F3-A8FC-C7DFFF24FEF0} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)

Task: {BB0CB973-6950-4BF2-A895-DAB4D24C13C2} - System32\Tasks\Baidu Antivirus Update => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavUpdater.exe [2017-01-28] (Baidu, Inc.)

Task: {BB5B22AA-238A-4B32-8984-B8A3F29072CE} - System32\Tasks\yygamestore.exe => C:\Users\moxito\AppData\Roaming\duowan\yygamestore\Mini\3.6.0.4\yygamestore.exe [2016-10-13] ()

Task: {C54E8752-58C3-4FA0-9D33-A0404C058363} - System32\Tasks\Nahimic2Svc64Run => C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe [2017-01-13] ()

Task: {CB33CC10-7C4E-4BB2-9E8B-6E9E3DE606AD} - System32\Tasks\MSI_Help_Desk_Agent => C:\Program Files (x86)\MSI\Help Desk\MSI Update Agent.exe [2016-05-06] (Micro-Star International Co., Ltd.)

Task: {CC5DB9A6-FD83-429B-82E0-B343682013B5} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-03] (NVIDIA Corporation)

Task: {CDDE24C0-6063-4256-96AD-7C83C1F684C8} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)

Task: {D4BCAAFF-C409-468A-8CF1-FCF6B4054779} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)

Task: {F2852D36-A114-43F8-BD54-1577764A3D45} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-05-21] (Adobe Systems Incorporated)

Task: {F68E41E9-0104-4361-A8EE-6CCD3F70FFA2} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

Task: C:\WINDOWS\Tasks\HuanjuGameUpdate.job => C:\Users\moxito\AppData\Roaming\duowan\yygame\popup\bin\hjGameUpdate.exe
 

==================== Shortcuts & WMI ========================
 

(The entries could be listed to be restored or removed.)
 
 

==================== Loaded Modules (Whitelisted) ==============
 

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2017-06-16 17:51 - 2017-06-03 12:01 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-05-19 10:11 - 2015-05-19 10:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe

2016-09-27 13:26 - 2017-05-03 22:21 - 01267320 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll

2011-08-22 17:34 - 2011-08-22 17:34 - 11837440 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

2016-11-25 16:45 - 2016-11-25 16:44 - 00048568 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordStrokeHelper64.dll

2017-01-13 10:53 - 2017-01-13 10:53 - 00218296 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2DevProps.dll

2017-01-13 10:53 - 2017-01-13 10:53 - 00289976 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2OSD.dll

2017-01-13 10:49 - 2017-01-13 10:49 - 00705208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe

2017-01-13 10:50 - 2017-01-13 10:50 - 02054328 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2svc32.exe

2017-01-13 10:54 - 2017-01-13 10:54 - 00513208 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2svc64.exe

2014-09-30 02:51 - 2014-09-30 02:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

2016-11-25 16:45 - 2016-11-25 16:45 - 02515520 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

2016-11-25 16:45 - 2016-11-25 16:44 - 00192952 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoWSH.exe

2016-07-26 11:07 - 2017-06-16 22:06 - 01052192 _____ () C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe

2016-11-28 14:45 - 2015-09-27 11:25 - 00035840 _____ () C:\Users\moxito\AppData\Local\Microsoft\Windows Sidebar\Gadgets\FritzBoxTraffic1013.gadget\FritzBoxTrafficMonitorLib.dll

2017-01-16 21:50 - 2017-01-16 21:50 - 01977448 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.webrunlogin\65547\yyqlogin.exe

2017-01-28 04:16 - 2017-01-28 04:16 - 00297968 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\HipsLogger.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00370672 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BNetOp.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00540656 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\sqlite.dll

2016-12-09 16:53 - 2016-12-09 10:21 - 00368128 _____ () c:\programdata\microsoft\visualstudio\14.0\2052\msmg.dll

2017-01-28 04:16 - 2015-05-28 13:44 - 00198128 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\dark.dll

2017-01-18 15:01 - 2017-01-18 06:18 - 00443904 _____ () c:\programdata\microsoft\phone tools\corecon\12.0\3082\nonsdkaddonlangver.dll

2016-11-25 00:13 - 2011-08-23 14:04 - 00057344 _____ () C:\Program Files (x86)\WinTV\TVServer\libhdhomerun.dll

2011-08-22 17:23 - 2011-08-22 17:23 - 01222656 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll

2016-05-05 10:53 - 2017-06-16 21:39 - 00713504 _____ () C:\Program Files (x86)\Common Files\Tencent\QQProtect\Bin\qpsafeplugin.dll

2016-09-27 13:26 - 2017-05-03 22:21 - 01040504 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll

2017-01-13 10:48 - 2017-01-13 10:48 - 00189112 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2DevProps.dll

2017-01-13 10:46 - 2017-01-13 10:46 - 00262840 _____ () C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2OSD.dll

2016-11-25 16:45 - 2016-11-25 16:44 - 00042936 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordStrokeHelper32.dll

2016-10-30 19:55 - 2016-10-30 19:55 - 00108544 __RSH () C:\Program Files (x86)\SlySoft\AnyDVD\BRD.dll

2016-11-25 16:45 - 2016-11-25 16:44 - 00095936 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\CrashRpt.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 34880064 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\libcef.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 03795520 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\v8.dll

2016-11-25 16:44 - 2016-11-25 16:44 - 01577912 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\Stable\Acrobat2Dict.dll

2016-11-25 16:45 - 2016-11-25 16:45 - 01874496 _____ () C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\ffmpegsumo.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00089656 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\zlib.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00138808 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libexpatw.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00286264 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libjpegturbo.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00159288 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\libpng.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00155192 _____ () C:\Program Files (x86)\Tencent\QQIntl\Bin\lua.dll

2016-11-25 00:46 - 2016-11-25 00:46 - 00941624 _____ () C:\Program Files (x86)\Tencent\QQIntl\Plugin\com.tencent.audiovideo\Bin\TRAE.DLL

2016-11-25 00:46 - 2016-11-25 00:46 - 00495160 _____ () C:\Program Files (x86)\Tencent\QQIntl\Plugin\com.tencent.audiovideo\Bin\VP8.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 04623088 _____ () C:\Program Files (x86)\YY\8.24.0.2\QtGui4.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 01570544 _____ () C:\Program Files (x86)\YY\8.24.0.2\QtCore4.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 00034544 _____ () C:\Program Files (x86)\YY\8.24.0.2\imageformats\qgif4.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 00034544 _____ () C:\Program Files (x86)\YY\8.24.0.2\imageformats\qico4.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 00164592 _____ () C:\Program Files (x86)\YY\8.24.0.2\imageformats\qjpeg4.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 00122608 _____ () C:\Program Files (x86)\YY\8.24.0.2\imageformats\qwebp4.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 02014960 _____ () C:\Program Files (x86)\YY\8.24.0.2\udbauthsdk.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 00197360 _____ () C:\Program Files (x86)\YY\8.24.0.2\deviceinfokit.dll

2017-06-12 12:13 - 2017-06-12 12:13 - 00537328 _____ () C:\Program Files (x86)\YY\8.24.0.2\sqlite3.DLL

2017-01-28 01:12 - 2017-01-28 01:12 - 00345704 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.enthall\131584\enthall.dll

2017-05-21 20:52 - 2017-05-21 20:52 - 00682088 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gameproxy\131098\yygameproxy.dll

2016-08-23 18:25 - 2016-08-23 18:25 - 00220352 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.pip\131600\hzhwrapper.dll

2016-08-23 18:26 - 2016-08-23 18:26 - 00355008 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.vipfeelings2\196611\vipfeelingsapp.dll

2016-08-23 18:25 - 2016-08-23 18:25 - 00198848 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.garbagecleaner\196622\yygarbagecleaner.dll

2016-12-05 20:22 - 2016-12-05 20:22 - 00366184 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gamelivecard\131329\gamelivecard.dll

2017-04-12 15:05 - 2017-04-10 03:52 - 00306176 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\business\logingiftbag\logingiftbag-20170410.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 00159848 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gamesmilies\66309\yygamesmilies.dll

2016-08-23 18:25 - 2016-08-23 18:25 - 00174184 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gamechannel\197387\gamechannelapp.dll

2016-08-23 18:25 - 2016-08-23 18:25 - 00108136 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gamenotify\66312\yygamenotify.dll

2017-04-25 19:17 - 2017-04-25 19:17 - 02669160 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.vip\131115\yyvip.dll

2016-08-23 18:26 - 2016-08-23 18:26 - 00145512 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.videoondemand\65544\videoondemand.dll

2016-12-05 20:23 - 2016-12-05 20:23 - 00091240 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.yycgame\65800\yycgame.dll

2016-08-23 18:25 - 2016-08-23 18:25 - 00026304 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gamechannelbaby\65537\gamechannelbaby.dll

2016-08-23 18:26 - 2016-08-23 18:26 - 00028776 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.apphelper\66304\apphelper.dll

2016-12-05 20:22 - 2016-12-05 20:22 - 00161384 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.gamestore\198152\gamestore.dll

2017-01-16 21:50 - 2017-01-16 21:50 - 00027752 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.webrunlogin\65547\webrunlogin.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 00353384 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.yyhgl\65792\yyhgl.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 00070760 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.yyhgl\65792\browsersdk.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 00128104 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.yyhgl\65792\clientcommon.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 00062056 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.yyhgl\65792\ipctransfer.dll

2016-12-05 20:22 - 2016-12-05 20:22 - 00042088 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.yyext\65541\yyext.dll

2017-06-16 15:50 - 2017-06-16 15:50 - 00021096 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.cefdev\65554\yycefdev.dll

2017-06-16 15:49 - 2017-06-16 15:49 - 00142952 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.zhiniuassist\66320\zhiniuassist.dll

2017-01-16 21:49 - 2017-01-16 21:49 - 00068200 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.dxchecker\65545\dxchecker.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 01049192 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.entgiftflw\397824\entgiftflw.dll

2017-04-25 19:17 - 2017-04-25 19:17 - 00979560 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.entshinyshow\263168\entshinyshow.dll

2017-01-16 21:50 - 2017-01-16 21:50 - 00025704 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.entchair\68096\entchair.dll

2017-01-16 21:50 - 2017-01-16 21:50 - 00023656 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.entvote\70656\entvote.dll

2017-04-05 11:21 - 2017-04-05 11:21 - 00713320 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.dice\65537\yydice.dll

2017-01-16 21:50 - 2017-01-16 21:50 - 03043432 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.entchair\68096\entchairapp.dll

2017-01-16 21:50 - 2017-01-16 21:50 - 01057896 _____ () C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.entvote\70656\entvoteapp.dll

2017-01-28 04:16 - 2017-01-28 04:16 - 00277488 _____ () C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Pulgin_Dark_DeleteFileTip.dll

2015-06-24 02:07 - 2015-06-24 02:07 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
 

==================== Alternate Data Streams (Whitelisted) =========
 

(If an entry is included in the fixlist, only the ADS will be removed.)
 
 

==================== Safe Mode (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BavSvc => "Service"=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
 

==================== Association (Whitelisted) ===============
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 

==================== Internet Explorer trusted/restricted ===============
 

(If an entry is included in the fixlist, it will be removed from the registry.)
 
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2015-07-10 13:04 - 2017-01-28 01:43 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 

127.0.0.1       down.baidu2016.com

127.0.0.1       123.sogou.com

127.0.0.1       www.czzsyzgm.com

127.0.0.1       www.czzsyzxl.com

127.0.0.1       union.baidu2019.com
 

==================== Other Areas ============================
 

(Currently there is no automatic fix for this section.)
 

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Control Panel\Desktop\\Wallpaper -> 

DNS Servers: 192.168.178.1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.
 

==================== MSCONFIG/TASK MANAGER disabled items ==
 

HKLM\...\StartupApproved\StartupFolder: => "WinTV Recording Status.lnk"

HKLM\...\StartupApproved\Run: => "MRT"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "Malwarebytes Anti-Malware (cleanup)"

HKLM\...\StartupApproved\Run32: => "ProductUpdater"

HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\StartupFolder: => "CCTalk.lnk"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "CNTV-CBox"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "CBoxService"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "YYAssistant"

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
 

==================== FirewallRules (Whitelisted) ===============
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

FirewallRules: [{DE39C442-3DC6-4243-A674-02F31C37F9E7}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{ACFB4839-4B17-4430-B6F0-8C234D1C509B}] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [UDP Query User{CEFCF085-AC3C-4B1C-B0FF-2C51D1AD339C}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [TCP Query User{53F4CB2C-7672-4F31-A2F9-62989417793F}C:\program files (x86)\videolan\vlc\vlc.exe] => (Allow) C:\program files (x86)\videolan\vlc\vlc.exe

FirewallRules: [{43A23B75-74E8-4875-9A65-CC0CCECF0F3C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{2F86D7C7-F739-4A76-A3A9-0C34651FED92}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe

FirewallRules: [{FBA342AE-35EE-4750-910F-CE78E00118EF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe

FirewallRules: [{BB2C5D8C-7E1E-4324-AB48-78593709BE80}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{844B361F-D871-4C06-987B-462B094C2573}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{2061BD21-6061-422C-8523-065687C533FE}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe

FirewallRules: [{A359A2C1-C028-4350-A631-F496D5477FB0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{71FA7AB2-9E15-46F8-A963-D82667A03415}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe

FirewallRules: [{C48FC8B7-1DC6-4455-B699-CE06502CDB2F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{7150BA5F-B30A-4D64-B823-F89DE0A830BD}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{B310D159-F3F2-45EB-A5FE-953947A4BE1D}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{B881DE74-70F2-4EBA-8025-04098ED82486}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{C7AF81E2-2AB8-4951-8285-CFDC1AD3079B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{AEB5BA9D-F104-4486-9BB2-DE7FB73A14C9}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe

FirewallRules: [{0D600F81-A48E-4F61-8E6C-C1080833002A}] => (Block) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [{7D07C0F1-7085-4E51-B4F5-02EFB9979BD6}] => (Block) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [UDP Query User{6D500D6D-0622-493B-8922-7B6C6AC6594D}C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe] => (Allow) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [TCP Query User{0CE7BE09-640F-4DEF-9446-12028651A4B2}C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe] => (Allow) C:\program files (x86)\tencent\qtalkenglish\v4.4.72.1\bin\qtalk.exe

FirewallRules: [{3875BA83-5C8C-4DB6-9A2A-465B7C93CFDA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

FirewallRules: [{478080CB-538B-43CE-9228-EB1DFBEB573F}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{E7E6FE5A-C0F8-4573-86A1-C3BBC3E1FEE1}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{E3AC73CB-85FD-4BFE-93E7-0937E4C71984}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{55BB1B60-D077-4E19-B71F-7E53DA95C475}] => (Allow) C:\Program Files (x86)\WinTV\WinTV8\WinTV8.exe

FirewallRules: [{33751988-263F-4609-9C75-E0A3788542AC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{D53BA843-D88B-46F3-987C-7E82CA24861D}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{770B7A06-DB83-4087-9819-D33F8A3590CF}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{8D482EBE-AA6E-411A-B90A-C8FFC0CE9FC6}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\CaptureDCR.exe

FirewallRules: [{99831EB5-9E79-4FC7-B2B3-BD6C88B049FC}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{50431C4D-6CC7-4F91-9FD6-160DA53EC800}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{29441021-B130-4DCB-8A2C-98E3654EAB8E}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [{83B2C97B-D8EC-4022-A2D2-E92E7D323D85}] => (Allow) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

FirewallRules: [TCP Query User{2B248973-D5C1-4568-B90F-508D8AE0D0E6}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe

FirewallRules: [UDP Query User{D34EC77D-ABF0-40A4-8D31-1EB46795B998}C:\program files (x86)\wintv\wintv8\wintv8.exe] => (Block) C:\program files (x86)\wintv\wintv8\wintv8.exe

FirewallRules: [{DF707D42-B066-4440-A290-76C3782F7D20}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

FirewallRules: [{CBCC3D60-D1D0-45D6-B4BF-24B3FA51CC7A}] => (Allow) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

FirewallRules: [{791391FB-26F6-4455-ABAB-F0CC178163D2}] => (Allow) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

FirewallRules: [{D422F381-3BB5-46FF-A8DB-07A9F1C39410}] => (Allow) C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe

FirewallRules: [{9BD45F0A-D4CC-4CEA-84E6-0DB37326C47F}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{EC9E85AA-6E4F-4F46-ACB9-73FDA2D4D21B}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe

FirewallRules: [{77FDE012-D87A-44AD-B6D0-94B3A9B6FC22}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

FirewallRules: [{CEF220D9-C4B8-43AF-B1AD-AF5F286B2E19}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

FirewallRules: [{928F44AB-072E-40CC-BA43-E6BC9320A81B}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

FirewallRules: [{856ACEC8-3599-4335-BBCC-62BBCD61DC6D}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

FirewallRules: [{83F1A492-987E-4799-BFC4-B2190523875C}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.17\Bin\QTalk.exe

FirewallRules: [{AB07117A-6A25-427D-8370-FBA11D71F3C4}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.17\Bin\QTalk.exe

FirewallRules: [{73B22CDE-F42F-48D0-ABDE-CEBDEA261561}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{BD10F1F2-821D-4AA7-A5BB-6517CEAFD0EB}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{C2AF2505-834E-4CF7-8AD4-EFCF2489688A}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [{E0794B69-C90C-45A5-A33D-073392938B3D}] => (Allow) C:\Program Files (x86)\Tencent\QTalk\V4.6.22.17784\Bin\QTalk.exe

FirewallRules: [TCP Query User{FF9524A3-306C-4072-987A-3B52600DAE87}C:\program files (x86)\duowan\yy\yy.exe] => (Allow) C:\program files (x86)\duowan\yy\yy.exe

FirewallRules: [UDP Query User{7198139F-6FC4-485D-969C-3974742B20E1}C:\program files (x86)\duowan\yy\yy.exe] => (Allow) C:\program files (x86)\duowan\yy\yy.exe

FirewallRules: [{46AD7F9B-EA90-441C-92A4-C625FD5AFC3D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{7D63BBB3-557E-4FA0-A0B1-3311761D7245}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{004FC471-A249-4476-9233-97837F5DC187}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{E9CB61D5-2A6F-4D36-B053-46B9A4E82DD6}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{41BD44A0-3B8E-4D2F-984C-DB0A9747D92C}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{38F6F4C3-06C7-4F2C-A56A-223A528AAC34}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGTool.exe

FirewallRules: [{016D1F2C-DA2F-4B0A-B5AC-920F9726FFC1}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{2456EF25-4F38-43D0-96F8-E95CD2D91E31}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{0E1C2F32-B86C-4260-BD9C-38FCF76181A8}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{E11CDFE4-AEFB-409A-9947-2082963FDB2D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{A803234B-AF31-471F-AB88-14763ED74CBB}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{DA0F938A-CD7A-43F0-A86F-68651FBC84D8}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\PinyinUp.exe

FirewallRules: [{1B840E50-2AD0-4D3E-BDC8-366478D56844}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{E8B5E362-0CBF-409B-AECA-041D925C0C92}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{9B0C0FF5-8CF3-4601-A9A8-5FEB03062501}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{A8C0E650-29AC-4198-8ECC-3A7D52D166A4}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{5D4FE374-A1CE-49E0-AF1D-EE024A7E8DEE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{7769A548-F7A8-4E30-8C27-7978B0141D90}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGDownload.exe

FirewallRules: [{5773DC5E-741B-4A49-AFAC-5ECDDAECCBDE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{C307F899-B1CE-4AA9-BA01-4FF5450FBAF5}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{022A31EF-B2B8-4297-8E3F-675C15DE94AC}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{AE75BACB-263F-4C0F-87AA-7247D82B0CBF}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{1D5162A3-4235-4D03-B504-C4F4F7246E53}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{901D2A03-DABD-474A-8B3D-976A205B8422}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SogouCloud.exe

FirewallRules: [{2F3B86E9-CE22-4695-85F4-3B6BDFED3C5A}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{514EE4BC-9EEE-4677-B4D2-4D9E74321D29}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{ED1E880D-383C-44C1-92D3-E8CA804F9221}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{4448BD80-0766-4AF6-8BF2-10B269418FE3}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{1A995BD3-762A-4327-9D40-39043A72168A}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{4DC55797-A6D6-4594-BB8E-45CBFF359500}] => (Allow) C:\Program Files (x86)\SogouInput\Components\SogouComMgr.exe

FirewallRules: [{C2EC3A64-8BB9-4E9D-8749-82C9ED99F790}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{79E67A5E-81D2-4B24-900A-233B96A73BCD}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{F565A5A4-9F6D-4DED-B6BC-5014E9671545}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{3A531803-0279-4217-B535-4982A56D73A7}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{53783036-D1FC-440D-B36B-DF723723216D}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{BA595CB8-3A7C-478F-8D36-16E98FFF5B57}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\userNetSchedule.exe

FirewallRules: [{3ECCB7EE-F978-42BC-A9B6-325DD4BA322B}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{601CC53D-79DA-4246-B7EB-07C2D086FFD0}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{29D7ADFD-4772-4B73-9C4D-BEF485E987EE}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{99554E8E-DC9F-4433-8FC8-B9C134B75403}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{B4E4F695-34B7-4187-9F9F-E9AEEC55D094}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{90B48959-73E8-483B-9EF6-4F660EB44F70}] => (Allow) C:\Program Files (x86)\SogouInput\8.0.0.8381\SGMedalLoader.exe

FirewallRules: [{A21AA5AE-676B-4D0A-9946-9F8F5DD222B4}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{1BBF2246-CD1C-4829-AD1A-E8CAEBA612A9}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{BA93C79E-F926-497B-89EF-492E13588D7D}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{B2C4F98E-6E0C-489A-A744-6BD5BAD22C18}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{54347CA7-88C3-4931-B431-E80A289FEA32}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{368F75CF-9388-47ED-B631-65B1C9668E86}] => (Allow) C:\Users\Public\SogouInput\USBDT\OctopusDownloader.exe

FirewallRules: [{2E09659B-6EA8-4509-BC8B-89A1F52CAED7}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{F7F9C92B-2D60-4A82-833E-ECD3CB8D7997}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{50607091-02F0-4003-A9C1-3AB89E5D2947}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [{0CD70842-A679-4531-AAB3-E5E8015B373D}] => (Allow) C:\Program Files (x86)\TalkTV\Bin\TalkTV.exe

FirewallRules: [TCP Query User{DF0986B7-F5B9-4CA4-8466-7CD4AF2AE0AF}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [UDP Query User{882FA26D-CF07-4B30-82CD-8BDCC1312631}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

FirewallRules: [TCP Query User{7C43F587-F429-4292-92AF-457A3B96BA15}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe

FirewallRules: [UDP Query User{6A47CEE3-C601-4D40-938B-E151D69CCA2A}C:\windows\system32\ftp.exe] => (Allow) C:\windows\system32\ftp.exe

FirewallRules: [{5FC1A2E4-E23E-4A40-8F68-9680094BC070}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{D3B507C3-11FC-4106-A76D-846E68EC90C3}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [{4863C59D-1DEA-4C40-9654-2F0C1BE2FB76}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe

FirewallRules: [{55C29EA5-B451-4E41-83DF-E6531186E441}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe

FirewallRules: [TCP Query User{D6E5B159-2B74-4272-BAA1-7E51AB84F86C}C:\qvodplayer\qvodterminal.exe] => (Allow) C:\qvodplayer\qvodterminal.exe

FirewallRules: [UDP Query User{013196D6-20C5-4A65-8551-6D06065B5FB1}C:\qvodplayer\qvodterminal.exe] => (Allow) C:\qvodplayer\qvodterminal.exe

FirewallRules: [{8B68AAEF-669D-4F39-9BED-3160EC00A152}] => (Block) C:\qvodplayer\qvodterminal.exe

FirewallRules: [{5509BB12-DE0F-4487-9212-24E34F0F30BE}] => (Block) C:\qvodplayer\qvodterminal.exe

FirewallRules: [TCP Query User{FF62CBB6-700E-4F9C-823F-965C666AEFDF}C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe] => (Allow) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [UDP Query User{60F6CF78-C495-4A2A-8B47-575F834CEF9C}C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe] => (Allow) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [{CE84693F-1ADB-43AB-9A38-A2B0DDCB0BD6}] => (Block) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [{2B529D50-00F9-4652-BC7E-8C5985B5576D}] => (Block) C:\users\moxito\appdata\local\360browser\browser\application\360browser.exe

FirewallRules: [TCP Query User{148B2AF4-E62B-4350-925B-8BEA76CF35B3}C:\program files (x86)\cntv\cbox\bin\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [UDP Query User{04A34041-F5A8-4533-A5FD-C6118F2D79DA}C:\program files (x86)\cntv\cbox\bin\cbox.exe] => (Allow) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [{12586A64-FF12-4ECA-BB97-9D1067A5F11B}] => (Block) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [{22C4E24C-9B6C-47A9-8A26-D689334469FC}] => (Block) C:\program files (x86)\cntv\cbox\bin\cbox.exe

FirewallRules: [TCP Query User{76EFBE6B-1CAC-4061-A316-9D6E1710301A}C:\users\moxito\downloads\airspy\sdrsharp.exe] => (Allow) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [UDP Query User{CE976857-156C-43F3-B42E-582F49119166}C:\users\moxito\downloads\airspy\sdrsharp.exe] => (Allow) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [{E7CEAF8F-6ECC-478E-AF60-ED369F6364BB}] => (Block) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [{159669FB-3C82-427F-85E5-6C0405FA89B9}] => (Block) C:\users\moxito\downloads\airspy\sdrsharp.exe

FirewallRules: [TCP Query User{AE9DD382-6F3E-4994-9FA4-DA38D03EBFA3}C:\program files\sdr-radio-pro.com\sdrconsole.exe] => (Allow) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [UDP Query User{21B4A0EA-47F8-424B-974C-230C570B2E6D}C:\program files\sdr-radio-pro.com\sdrconsole.exe] => (Allow) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{D8C7869F-BC2B-4962-861A-23350B75163F}] => (Block) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{1CE19DF8-01E3-43C7-BDE4-321B25C28B45}] => (Block) C:\program files\sdr-radio-pro.com\sdrconsole.exe

FirewallRules: [{2378DA66-4690-4BE1-AA12-B2762255FED3}] => (Allow) C:\Users\moxito\AppData\Roaming\Tencent\QQ\STemp\SetupEx0\QQSetupEx.exe

FirewallRules: [{C4451068-39BD-428B-B0AE-E4CEB549A5E4}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\QQ.exe

FirewallRules: [{8283DF27-E8D8-404E-9CF8-22CBAF6061CC}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\auclt.exe

FirewallRules: [{644D8DC8-C47A-4C1D-89A7-DF5E8ACE7BE0}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maLauncher.exe

FirewallRules: [{58123EF6-29C8-4276-A308-ED2A9A86B1FC}] => (Allow) C:\Program Files (x86)\Tencent\QQ\Bin\maUpdat.exe

FirewallRules: [{97B0CABD-78AA-407D-B7A2-A86F79BED1B6}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe

FirewallRules: [{D9D9C92B-573F-4F40-ADAD-823B83F8E41F}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe

FirewallRules: [{11AB198E-D6B0-42AA-9662-F5496BBD0387}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe

FirewallRules: [{157E434D-102F-4E56-8ADF-F49896ECAB96}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QzoneMusic\QzoneMusic.exe

FirewallRules: [{DA5D3FD0-F9C0-40D0-8517-9611B98F8937}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\qqminidl.exe

FirewallRules: [{FA7BDB2A-B22C-4EFB-ADC2-7D566C0572F8}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQMiniDLUI.exe

FirewallRules: [{E770A729-2BE4-4189-BD71-0BD9967B1896}] => (Allow) C:\program files (x86)\common files\tencent\qqminidl\60\QQGameUpUI.exe

FirewallRules: [{2B08D25C-C48F-4302-9B51-2F9C1AD2F7E6}] => (Allow) C:\Users\Public\Documents\Tencent\QQGameMicro\QQGameMicro.exe

FirewallRules: [{C4455ADD-005F-4DC2-BB48-81C50375766E}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusicExternal.exe

FirewallRules: [{D3CACE26-0333-4EA3-9C55-F3AE95CAA573}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\moleplugin\tadb.exe

FirewallRules: [{21BDBBDE-297A-478F-9B2D-34C39FEA3DD5}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusic.exe

FirewallRules: [{D630DBBE-4A30-4AFD-9E28-F3583EFF4E9E}] => (Allow) C:\Program Files (x86)\Common Files\Tencent\QQMusic\QQMusicService.exe

FirewallRules: [{65BB453F-B20A-4272-9477-C6F08359162A}] => (Allow) C:\Program Files (x86)\Tencent\QQMusic\QQMusic1297.0.39.32\QQMusicUp.exe

FirewallRules: [TCP Query User{247D4396-0D31-4F31-A892-084C41B75164}C:\program files (x86)\tencent\tm2008\bin\tm.exe] => (Allow) C:\program files (x86)\tencent\tm2008\bin\tm.exe

FirewallRules: [UDP Query User{92886B66-0227-4ED8-A533-E83C7C9706EA}C:\program files (x86)\tencent\tm2008\bin\tm.exe] => (Allow) C:\program files (x86)\tencent\tm2008\bin\tm.exe

FirewallRules: [TCP Query User{5507FF27-196C-4493-9C74-B09525F5413B}C:\program files (x86)\yy\yy.exe] => (Allow) C:\program files (x86)\yy\yy.exe

FirewallRules: [UDP Query User{1112C62E-F3A6-4843-8972-62BD0CEFF9E2}C:\program files (x86)\yy\yy.exe] => (Allow) C:\program files (x86)\yy\yy.exe

FirewallRules: [{0AE31196-BBF9-44D8-981B-AB04C98CEB4C}] => (Block) C:\program files (x86)\yy\yy.exe

FirewallRules: [{8167C8B9-F43D-43EA-B143-8F332F565158}] => (Block) C:\program files (x86)\yy\yy.exe

FirewallRules: [TCP Query User{1F74AD5B-43D2-4D18-9122-78BBF7F43C8E}C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [UDP Query User{A12C75E4-10F9-41E1-BA3B-B1162AA9825B}C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe] => (Allow) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{EC1A9325-2130-47B6-90F7-212BFE14681F}] => (Block) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe

FirewallRules: [{990EB6F9-48F5-4D1C-86EE-1546944CF64C}] => (Block) C:\users\moxito\appdata\roaming\baidu\baiduyunguanjia\baidunetdisk.exe
 

==================== Restore Points =========================
 

16-06-2017 18:09:25 Windows Update
 

==================== Faulty Device Manager Devices =============
 

Name: Intel(R) Management Engine Interface 

Description: Intel(R) Management Engine Interface 

Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}

Manufacturer: Intel

Service: MEIx64

Problem: : This device cannot start. (Code10)

Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.

On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 

Name: Mi 4i

Description: Mi 4i

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 

Name: USB Device

Description: USB Device

Class Guid: 

Manufacturer: 

Service: 

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (06/18/2017 01:01:21 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/18/2017 12:59:24 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/18/2017 12:59:22 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Ausnahmecode: 0xc000027b

Fehleroffset: 0x0000000000022e27

ID des fehlerhaften Prozesses: 0x1b04

Startzeit der fehlerhaften Anwendung: 0x01d2e7bd5c27c42e

Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Berichtskennung: a61c1d78-d917-4b4e-a75b-ce71e3c2d726

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (06/18/2017 12:56:31 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/18/2017 12:56:29 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Ausnahmecode: 0xc000027b

Fehleroffset: 0x0000000000022e27

ID des fehlerhaften Prozesses: 0x2870

Startzeit der fehlerhaften Anwendung: 0x01d2e7bcf497e458

Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Berichtskennung: 30f1b450-4e46-4b89-815f-0861d50c5a43

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (06/18/2017 12:56:10 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/18/2017 12:56:09 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Ausnahmecode: 0xc000027b

Fehleroffset: 0x0000000000022e27

ID des fehlerhaften Prozesses: 0xff4

Startzeit der fehlerhaften Anwendung: 0x01d2e7bce8dc5dc4

Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Berichtskennung: 8ffba151-4a98-4526-bc30-63032f2c2b27

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 

Error: (06/18/2017 12:40:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/18/2017 12:38:54 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MSI)

Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2144927141. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 

Error: (06/18/2017 12:38:54 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Name des fehlerhaften Moduls: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85

Ausnahmecode: 0xc000027b

Fehleroffset: 0x0000000000022e27

ID des fehlerhaften Prozesses: 0x1b40

Startzeit der fehlerhaften Anwendung: 0x01d2e7ba7ffe9704

Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Pfad des fehlerhaften Moduls: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Berichtskennung: 5d0c9233-f2cc-4d84-ab4e-ac0e5ef7c54b

Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.1358_neutral_neutral_cw5n1h2txyewy

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App
 
 

System errors:

=============

Error: (06/18/2017 01:01:21 AM) (Source: DCOM) (EventID: 10010) (User: MSI)

Description: Der Server "App.AppX76q4xtxwbj16z0zkyp0pnwtt6m850rvk.mca" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (06/18/2017 12:59:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:24 AM) (Source: DCOM) (EventID: 10010) (User: MSI)

Description: Der Server "App" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 

Error: (06/18/2017 12:59:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:21 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 

Error: (06/18/2017 12:59:20 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Baidu Hook Base" wurde aufgrund folgenden Fehlers nicht gestartet: 

Ein an das System angeschlossenes Gerät funktioniert nicht.
 
 

CodeIntegrity:

===================================

  Date: 2016-10-26 14:29:14.952

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 14:20:37.498

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 13:12:20.412

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-26 03:05:20.720

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:58:24.531

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:40:48.352

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 

  Date: 2016-10-11 14:18:53.408

  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-5950HQ CPU @ 2.90GHz

Percentage of memory in use: 9%

Total physical RAM: 32723.28 MB

Available physical RAM: 29542.43 MB

Total Virtual: 67539.28 MB

Available Virtual: 64344.67 MB
 

==================== Drives ================================
 

Drive c: () (Fixed) (Total:951.82 GB) (Free:505.19 GB) NTFS

Drive d: (data) (Fixed) (Total:912.3 GB) (Free:69.36 GB) NTFS

Drive f: (XIAOMI) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (Size: 953.9 GB) (Disk ID: 524198F9)
 

Partition: GPT.
 

========================================================

Disk: 1 (Size: 931.5 GB) (Disk ID: 52419B1B)
 

Partition: GPT.
 

==================== End of Addition.txt ============================

Tician

19.06.2017 16:06

Hi,

Office ist zwar immer noch drauf, aber wir starten trotzdem durch. Höchstwahrscheinlich wirst du dir aber für dein Office hinterher einen Produktkey besorgen müssen. Alternativ wie gesagt würde sich Openoffice anbieten.

Schritt 1:
Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:
搜狗拼音输入法 8.0正式版
+alle anderen chinesischen Programme die du nicht kennst
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Schritt 2:

Deinstalliere Malwarebytes' Anti-Malware 2 über die Systemsteuerung. (Bebilderte Anleitung)
Starte den Rechner im Anschluss neu auf.
Downloade dir den MBAM Uninstaller auf deinen Desktop.
Schließe alle offenen Programme und führe den Uninstaller aus. Der Rechner muss zum Abschluss neu gestartet werden.

Schritt 3:

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 4:

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 5:

Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 6:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

moxito

20.06.2017 01:11

Die Alternativen zu Office kenne ich, es gibt nicht nur OpenOffice, sondern auch noch LibreOffice und WPS.

Zu den chinesichen Programmen:

TM 2009 - chinesischer Messenger fürs Büro,
央视影音- Cbox CNTV - chinesisches Fernsehen (CCTV),
启动有道词典 - Youdao dictionary (übersetzen unbekannter Worte),
百度网盘 - Baidu Netdisk (cloud mit 2 TB Speicherplatz),
输入法修复器 - Sougou IME (zur Eingabe chiesischer Schriftzeichen),
duoway YY, cctalk und TalkTV - Programm, das ich für den Unterricht brauche (ich unterrichte Deutsch und Englisch in China),
QQ - chinesischer Messenger (das nutzt nahezu jeder Chinese auf der Welt),
Qtranslate - sehr universelles Übersetzungsprogramm.

搜狗拼音输入法 8.0正式版 - das ist Teil der Sougou IME, die lasse ich mir lieber, da ich auch chinesisch Schreiben muß.

Diese wenigen installierten Programme chinesicher Herkunft brauche ich fast täglich!

Gruß, Moxito

Tician

20.06.2017 16:04

Hi,

alles klar, dann mach bitte mit Schritt 2 weiter.

moxito

20.06.2017 20:30

Schritt 2 und 3 erledigt, alle tencent Programme (qq, tm) sind gelöscht, das ist großer Mist. Muß jetzt alles neu installieren.
das Log bisher:

Code:

# AdwCleaner v6.047 - Bericht erstellt am 20/06/2017 um 20:47:28

# Aktualisiert am 19/05/2017 von Malwarebytes

# Datenbank : 2017-06-20.1 [Lokal]

# Betriebssystem : Windows 10 Enterprise  (X64)

# Benutzername : moxito - MSI

# Gestartet von : C:\Users\moxito\Downloads\AdwCleaner_6.047.exe

# Modus: Löschen

# Unterstützung : https://www.malwarebytes.com/support
 
 
 

***** [ Dienste ] *****
 

[-] Dienst gelöscht: tsnethlpx64

[-] Dienst gelöscht: QPCore

[-] Dienst gelöscht: QQMusicService

[-] Dienst gelöscht: TenCommProtect

[-] Dienst gelöscht: MSLN

[-] Dienst gelöscht: sogouupdate
 
 

***** [ Ordner ] *****
 

[-] Ordner gelöscht: C:\ProgramData\58bca3a8

[-] Ordner gelöscht: C:\Users\moxito\AppData\Local\Tencent

[-] Ordner gelöscht: C:\Users\moxito\AppData\LocalLow\Tencent

[-] Ordner gelöscht: C:\Users\moxito\AppData\Roaming\Tencent

[-] Ordner gelöscht: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件

[-] Ordner gelöscht: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QVOD

[-] Ordner gelöscht: C:\Program Files\Common Files\Tencent

[-] Ordner gelöscht: C:\Users\moxito\AppData\Local\VirtualStore\Program Files (x86)\QVOD

[-] Ordner gelöscht: C:\Users\moxito\AppData\Local\VirtualStore\Program Files (x86)\Tencent

[-] Ordner gelöscht: C:\QvodPlayer

[-] Ordner gelöscht: C:\Tencent

[-] Ordner gelöscht: C:\ProgramData\TXQMPC

[-] Ordner gelöscht: C:\ProgramData\Tencent

[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\TXQMPC

[#] Ordner mit Neustart gelöscht: C:\ProgramData\Application Data\Tencent

[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件

[-] Ordner gelöscht: C:\Users\Public\Documents\Tencent

[-] Ordner gelöscht: C:\Program Files (x86)\Tencent

[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\Tencent

[-] Ordner gelöscht: C:\Program Files (x86)\Common Files\freemake shared

[-] Ordner gelöscht: C:\Users\moxito\AppData\Local\Temp\Tencent

[-] Ordner gelöscht: C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\Tencent

[-] Ordner gelöscht: C:\WINDOWS\SysWOW64\sstmp
 
 

***** [ Dateien ] *****
 

[-] Datei gelöscht: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log

[#] Datei gelöscht: C:\WINDOWS\SysNative\drivers\TenCommProtect64.sys

[-] Datei gelöscht: C:\END

[-] Datei gelöscht: C:\WINDOWS\rsrcs.dll

[-] Datei gelöscht: C:\Users\Public\Documents\cfg.ini

[-] Datei gelöscht: C:\Users\Public\Documents\cc.ini

[-] Datei gelöscht: C:\Users\Public\Documents\temp.dat

[-] Datei gelöscht: C:\Users\Public\Documents\report.dat
 
 

***** [ DLL ] *****
 
 
 

***** [ WMI ] *****
 
 
 

***** [ Verknüpfungen ] *****
 
 
 

***** [ Aufgabenplanung ] *****
 
 
 

***** [ Registrierungsdatenbank ] *****
 

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\SCService

[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\scservice

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\scservice

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Classes\Tencent

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Classes\Tencent

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Baiduyunguanjia

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\metnsd

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\PCSU.SysUtils

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Tencent

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Classes\Tencent

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Baiduyunguanjia

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\BaiduYunGuanjia.torrent

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\metnsd

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\PCSU.SysUtils

[#] Schlüssel mit Neustart gelöscht: [x64] HKLM\SOFTWARE\Classes\Tencent

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\{1E9BD312-7C8C-4422-906D-897F6D7714F2}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{8FC1EE75-72B3-4A23-B987-2B1C4C8A611B}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\CLSID\{B9E49847-9822-4139-BC55-7173ED1ADA11}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{6B3732AA-F6D4-4F16-9E22-49EDC52C9514}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{B9E49847-9822-4139-BC55-7173ED1ADA11}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{6C42038D-817A-472C-8C2A-EF46F1DA576D}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{873C7DA8-195D-4D5A-B830-C5E2831901EA}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{2E0D1C92-9589-4755-BB55-7117F2155736}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\Interface\{495151D2-561C-419E-A7DC-741108602464}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{6CB9D494-2482-4277-9E45-22F36C471461}

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\TypeLib\{3157E247-2784-4028-BF0F-52D6DDC70E1B}

[-] Schlüssel gelöscht: HKU\.DEFAULT\Software\UpgSvr

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Burn4Free

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Installer

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\System Healer

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\QvodPlayer

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\AutoTime

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\SNDA

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\dlr

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\PopWnd

[-] Schlüssel gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\UpgSvr

[#] Schlüssel mit Neustart gelöscht: HKU\S-1-5-18\Software\UpgSvr

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Burn4Free

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\Installer

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\System Healer

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\QvodPlayer

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\AutoTime

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\SNDA

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\dlr

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\PopWnd

[#] Schlüssel mit Neustart gelöscht: HKCU\Software\UpgSvr

[-] Schlüssel gelöscht: HKLM\SOFTWARE\QvodPlayer

[-] Schlüssel gelöscht: HKLM\SOFTWARE\InterHop

[-] Schlüssel gelöscht: HKLM\SOFTWARE\amule-custom

[-] Schlüssel gelöscht: HKLM\SOFTWARE\mylucky123Software

[-] Schlüssel gelöscht: HKLM\SOFTWARE\HPReyos

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QvodPlayer

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Burn4Free

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\Installer

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\System Healer

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\QvodPlayer

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\AutoTime

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\SNDA

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\dlr

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\PopWnd

[#] Schlüssel mit Neustart gelöscht: [x64] HKCU\Software\UpgSvr

[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}

[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF

[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA

[-] Schlüssel gelöscht: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291

[-] Daten  wiederhergestellt: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] 

[-] Wert gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]

[-] Wert gelöscht: HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [QQ2009]

[#] Wert mit Neustart gelöscht: HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]

[#] Wert mit Neustart gelöscht: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Run [QQ2009]

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE

[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/TXSSO

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.qq.qmchext

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Classes\AppID\QMContextUninstall.DLL

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\QvodCDAudioOnArrival

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\QvodDVDMovieOnArrival

[-] Schlüssel gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\QvodMediaOnArrival

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents [qhtp]

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents [qvod]

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayCDAudioOnArrival [QvodCDAudioOnArrival]

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayDVDMovieOnArrival [QvodDVDMovieOnArrival]

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayMusicFilesOnArrival [QvodMediaOnArrival]

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\EventHandlers\PlayVideoFilesOnArrival [QvodMediaOnArrival]

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f

[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f

[#] Schlüssel mit Neustart gelöscht: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f

[-] Schlüssel gelöscht: HKCU\Software\MozillaPlugins\@1.qq.com/npqqwebgame

[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npQQGameAssist

[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/npqscall

[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QQPhotoDrawEx

[-] Schlüssel gelöscht: HKLM\SOFTWARE\MozillaPlugins\@qq.com/QzoneMusic

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]

[-] Wert gelöscht: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]

[-] Schlüssel gelöscht: HKCU\SOFTWARE\Clients\StartMenuInternet\ChromeHTML

[-] Schlüssel gelöscht: HKLM\SYSTEM\CurrentControlSet\Control\iSafeKrnlBoot
 
 

***** [ Browser ] *****
 
 
 

*************************
 

:: "Tracing" Schlüssel gelöscht

:: Winsock Einstellungen zurückgesetzt

:: Proxy Einstellungen zurückgesetzt

:: Internet Explorer Richtlinien gelöscht

:: Chrome Richtlinien gelöscht
 

*************************
 

C:\AdwCleaner\AdwCleaner[C0].txt - [12581 Bytes] - [20/06/2017 20:47:28]

C:\AdwCleaner\AdwCleaner[S0].txt - [10718 Bytes] - [20/06/2017 20:42:28]

C:\AdwCleaner\AdwCleaner[S1].txt - [11848 Bytes] - [20/06/2017 20:45:17]
 

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12803 Bytes] ##########

das Log von JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.1.3 (04.10.2017)

Operating System: Windows 10 Enterprise x64 

Ran by moxito (Administrator) on 20.06.2017 at 21:00:01,87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

File System: 6 
 

Failed to delete: C:\Program Files (x86)\sogouinput (Folder) 

Successfully deleted: C:\ProgramData\sogouinput (Folder) 

Successfully deleted: C:\ProgramData\updater (Folder) 

Successfully deleted: C:\Users\Public\thunder network (Folder) 

Successfully deleted: C:\WINDOWS\system32\Tasks\SogouImeMgr (Task)

Successfully deleted: C:\Program Files (x86)\qqmailplugin (Folder) 
 
 
 

Registry: 4 
 

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4} (Registry Key)

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945} (Registry Key)

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C9C7334B-5657-41e1-8F79-F6AACECA05F4} (Registry Key)

Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDD362CF-523B-4BC9-8FDC-58F93B6BC945} (Registry Key)
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 20.06.2017 at 21:00:51,85

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

mbam:

Code:

Malwarebytes

www.malwarebytes.com
 

-Protokolldetails-

Scan-Datum: 20.06.17

Scan-Zeit: 21:06

Protokolldatei: 

Administrator: Ja
 

-Softwaredaten-

Version: 3.1.2.1733

Komponentenversion: 1.0.141

Version des Aktualisierungspakets: 1.0.2194

Lizenz: Testversion
 

-Systemdaten-

Betriebssystem: Windows 10

CPU: x64

Dateisystem: NTFS

Benutzer: MSI\moxito
 

-Scan-Übersicht-

Scan-Typ: Bedrohungs-Scan

Ergebnis: Abgeschlossen

Gescannte Objekte: 397536

Erkannte Bedrohungen: 5

In die Quarantäne verschobene Bedrohungen: 5

Abgelaufene Zeit: 1 Min., 49 Sek.
 

-Scan-Optionen-

Speicher: Aktiviert

Start: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristik: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

-Scan-Details-

Prozess: 0

(keine bösartigen Elemente erkannt)
 

Modul: 0

(keine bösartigen Elemente erkannt)
 

Registrierungsschlüssel: 2

PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE, In Quarantäne, [9416], [408200],1.0.2194

PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\CONSOLE\TASKENG.EXE, In Quarantäne, [9416], [408199],1.0.2194
 

Registrierungswert: 3

PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_SVCHOST.EXE|WINDOWPOSITION, In Quarantäne, [9416], [408200],1.0.2194

PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\CONSOLE\%SYSTEMROOT%_SYSTEM32_WINDOWSPOWERSHELL_V1.0_POWERSHELL.EXE|WINDOWPOSITION, In Quarantäne, [9416], [408201],1.0.2194

PUP.Optional.PSScriptLoad.EncJob, HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\CONSOLE\TASKENG.EXE|WINDOWPOSITION, In Quarantäne, [9416], [408199],1.0.2194
 

Registrierungsdaten: 0

(keine bösartigen Elemente erkannt)
 

Daten-Stream: 0

(keine bösartigen Elemente erkannt)
 

Ordner: 0

(keine bösartigen Elemente erkannt)
 

Datei: 0

(keine bösartigen Elemente erkannt)
 

Physischer Sektor: 0

(keine bösartigen Elemente erkannt)
 
 

(end)

FRST Nochmal:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-06-2017 01

Ran by moxito (administrator) on MSI (20-06-2017 21:29:05)

Running from C:\Users\moxito\Desktop

Loaded Profiles: moxito (Available Profiles: moxito)

Platform: Windows 10 Enterprise Version 1607 (X64) Language: Englisch (Vereinigte Staaten)

Internet Explorer Version 11 (Default browser: "C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe" -- "%1")

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BHipsSvc.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavSvc.exe

(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe

(Hauppauge Computer Works) C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe

() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\SCM\MSIService.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\KillerService.exe

(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe

(Nitro PDF Software) C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe

(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe

(Wondershare) C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\bavhm.exe

(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe

(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe

(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Center\Dragon Center.exe

(MSI) C:\Program Files (x86)\SCM\SCM.exe

(Microsoft Corporation) C:\Windows\System32\CastSrv.exe

(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\Dragon Gaming Center\Dragon Gaming Center.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2Svc32.exe

() C:\Program Files\Nahimic\Nahimic2\UserInterface\x64\Nahimic2Svc64.exe

(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe

(QuestSoft) C:\Program Files (x86)\QTranslate\QTranslate.exe

() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\YodaoDict.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoIE.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

(Ritlabs S.R.L.) C:\Program Files (x86)\The Bat!\thebat.exe

() C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\yundetectservice.exe

(YY Inc.) C:\Program Files (x86)\YY\YY.exe

(Rivet Networks) C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe

(Baidu, Inc.) C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavTray.exe

(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe

(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(网易公司) C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\WordBook.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoWSH.exe

() C:\Users\moxito\AppData\Roaming\duowan\yy\yycomstore\2052\com.yy.webrunlogin\65547\yyqlogin.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe

() C:\Users\moxito\AppData\Local\Youdao\Dict\Application\6.3.69.8341\YoudaoDictHelper.exe

(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe

(Tencent) C:\Program Files (x86)\Tencent\QQIntl\Bin\TXPlatform.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe

(Qihu 360 Software Co., Ltd.) C:\Users\moxito\AppData\Local\360Browser\Browser\Application\360browser.exe
 

==================== Registry (Whitelisted) ====================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9198080 2017-02-06] (Realtek Semiconductor)

HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3113592 2015-08-26] (Logitech, Inc.)

HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)

HKLM\...\Run: [SCM] => C:\Program Files (x86)\SCM\SCM.exe [297984 2015-12-09] (MSI)

HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart

HKLM\...\Run: [Nahimic2UILauncher] => C:\Program Files\Nahimic\Nahimic2\UserInterface\Nahimic2UILauncher.exe [705208 2017-01-13] ()

HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)

HKLM-x32\...\Run: [Baidu Antivirus] => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavTray.exe [1998832 2017-01-28] (Baidu, Inc.)

HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [103536 2011-08-22] (VMware, Inc.)

HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe [1971856 2016-11-18] ()

HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [ctfmon] => C:\WINDOWS\system32\ctfmon.exe [10752 2016-07-16] (Microsoft Corporation)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [9604008 2015-12-12] (SlySoft, Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [QTranslate] => C:\Program Files (x86)\QTranslate\QTranslate.exe [642048 2016-05-12] (QuestSoft)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YYAssistant] => C:\Program Files (x86)\YY\8.24.0.2\\yyassistant.exe [335600 2017-06-12] (YY Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YodaoDict] => C:\Users\moxito\AppData\Local\Youdao\Dict\Application\YodaoDict.exe [5552192 2016-11-25] (网易公司)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [thebat_startup] => C:\Program Files (x86)\The Bat!\thebat.exe [11954536 2007-10-31] (Ritlabs S.R.L.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-11-29] (TomTom)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [TM] => "C:\Program Files (x86)\Tencent\TM2008\Bin\TM.exe" /background

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [BaiduYunGuanjia] => C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\baidunetdisk.exe [7757856 2017-06-16] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [BaiduYunDetect] => C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\YunDetectService.exe [1052192 2017-06-16] ()

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YfftPack] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\moxito\AppData\Local\Ambworks\wpnlefjp.dll <===== ATTENTION

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [YY] => C:\Program Files (x86)\YY\YY.exe [151792 2017-06-12] (YY Inc.)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Run: [QQ2009] => C:\Program Files (x86)\Tencent\QQIntl\Bin\QQ.exe [97976 2017-06-20] (Tencent)

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1

ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavShx64.dll [2017-01-28] (Baidu, Inc.)

ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} =>  -> No File

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Killer Network Manager.lnk [2016-12-09]

ShortcutTarget: Killer Network Manager.lnk -> C:\Program Files\Killer Networking\Network Manager\NetworkManager.exe (Rivet Networks)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-06-16]

ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2017-02-11]

ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}\IcoUltraMon.ico ()

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinTV Recording Status.lnk [2016-12-09]

ShortcutTarget: WinTV Recording Status.lnk -> C:\Program Files (x86)\WinTV\WinTV8\WinTVTray.exe (Hauppauge Computer Works, Inc.)

Startup: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CCTalk.lnk [2016-12-09]

ShortcutTarget: CCTalk.lnk -> C:\Users\moxito\AppData\Roaming\Hujiang\Setup\PreInst\CCLaunch.exe (Hujiang)

Startup: C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar704.lnk [2017-06-20]

ShortcutTarget: Sidebar704.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4

Tcpip\..\Interfaces\{1f590c30-fd8d-44ea-ae52-5c965539d833}: [DhcpNameServer] 82.163.143.157

Tcpip\..\Interfaces\{38ff234b-697a-4a3c-99af-17abf95b27e9}: [DhcpNameServer] 192.168.178.1

Tcpip\..\Interfaces\{ddecc736-557e-44c0-b1c3-dbe0f06f526f}: [DhcpNameServer] 82.163.143.157
 

Internet Explorer:

==================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131261445025659793&GUID=D8CC01CB-AEB0-4853-A5B1-0C8D1E99C72E

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = 

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2017-04-11] (Microsoft Corporation)

BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_112\bin\ssv.dll [2016-11-25] (Oracle Corporation)

BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_112\bin\jp2ssv.dll [2016-11-25] (Oracle Corporation)

BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)

BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll [2016-11-18] (Wondershare)

BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2015-08-26] (Logitech, Inc.)

BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2017-02-23] (Microsoft Corporation)

BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)

Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)

DPF: HKLM-x32 {1E525898-EE12-4002-9374-82D15147F762} hxxp://player.cntv.cn/flashplayer/config/plugins/wCNTVLive212.dll

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)

Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
 

FireFox:

========

FF ProfilePath: C:\Users\moxito\AppData\Roaming\TomTom\HOME\Profiles\crxg47tn.default [2017-04-04]

FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2017-02-08] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2016-12-09] [not signed]

FF HKLM-x32\...\Firefox\Extensions: [WSVCU@Wondershare.com] - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi

FF Extension: (Wondershare Video Converter Ultimate) - C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017-02-12]

FF HKU\S-1-5-21-1078665582-1449517287-1295239923-1001\...\Firefox\Extensions: [dict@www.youdao.com] - C:\Users\moxito\AppData\Local\Youdao\Dict\Application\stable\extensions\firefox => not found

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_131.dll [2017-06-18] ()

FF Plugin: @java.com/DTPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\dtplugin\npDeployJava1.dll [2016-11-25] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.112.2 -> C:\Program Files\Java\jre1.8.0_112\bin\plugin2\npjp2.dll [2016-11-25] (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_131.dll [2017-06-18] ()

FF Plugin-x32: @baidu.com/YunWebDetectPlugin -> C:\Users\moxito\AppData\Roaming\baidu\BaiduYunGuanjia\npYunWebDetect.dll [2017-06-16] (Baidu.com, Inc.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)

FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-11-15] (Microsoft Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)

FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 5\npnitromozilla.dll [2016-03-03] (Nitro PDF)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-18] (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-18] (NVIDIA Corporation)

FF Plugin-x32: @qq.com/npchrome -> C:\Program Files (x86)\Common Files\Tencent\Npchrome\npchrome.dll [2017-06-20] (Tencent)

FF Plugin-x32: @qq.com/npqscall -> C:\Program Files (x86)\Common Files\Tencent\NPQSCALL\npqscall.dll [2017-06-20] (Tencent)

FF Plugin-x32: @qq.com/QQMiniDLPlugin -> C:\Program Files (x86)\Common Files\Tencent\QQMiniDL\60\Browser\npXFMiniDLPlugin.dll [No File]

FF Plugin-x32: @tencent.com/npQQMailWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\npQQMailWebKit.dll [No File]

FF Plugin-x32: @tencent.com/nptxftnWebKit,version=1.0.0.1 -> C:\Program Files (x86)\QQMailPlugin\nptxftnWebKit.dll [No File]

FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.2.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2017-05-24] (VideoLAN)

FF Plugin HKU\S-1-5-21-1078665582-1449517287-1295239923-1001: duowan.com/Checker -> C:\Program Files (x86)\Common Files\duowan\yy\YYSSO\1.0.0.8\npChecker.dll [2016-11-21] (广州多玩信息技术有限公司)

FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-11-15] (Microsoft Corporation)
 

==================== Services (Whitelisted) ====================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [315472 2015-06-29] (Windows (R) Win 7 DDK provider)

R2 BavSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BavSvc.exe [2791312 2017-01-28] (Baidu, Inc.)

S3 BdSandboxSrv; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdSandboxSrv64.exe [264688 2017-01-28] (Baidu, Inc.)

R2 BHipsSvc; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BHipsSvc.exe [531232 2017-01-28] (Baidu, Inc.)

S3 BstHdAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Service.exe [486936 2016-11-23] (BlueStack Systems, Inc.)

S3 BstHdLogRotatorSvc; C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe [470552 2016-11-23] (BlueStack Systems, Inc.)

S3 BstHdPlusAndroidSvc; C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe [511512 2016-11-23] (BlueStack Systems, Inc.)

S3 ehRecvr; C:\WINDOWS\ehome\ehRecvr.exe [713728 2015-09-02] (Microsoft Corporation) [File not signed]

S3 ehSched; C:\WINDOWS\ehome\ehsched.exe [177152 2015-09-02] (Microsoft Corporation) [File not signed]

S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2016-08-21] (Macrovision Europe Ltd.) [File not signed]

R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed]

R2 HauppaugeTVServer; C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [586536 2016-10-10] (Hauppauge Computer Works)

S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)

S3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]

R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]

R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [223008 2015-06-24] (Intel Corporation)

R2 Killer Service V2; C:\Program Files\Killer Networking\Network Manager\KillerService.exe [451072 2015-10-06] (Rivet Networks) [File not signed]

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)

R2 MCRL; C:\ProgramData\Microsoft\VisualStudio\14.0\2052\msmg.dll [368128 2016-12-09] () [File not signed]

S3 Mcx2Svc; C:\WINDOWS\system32\Mcx2Svc.dll [83968 2015-09-05] (Microsoft Corporation) [File not signed]

R2 Micro Star SCM; C:\Program Files (x86)\SCM\MSIService.exe [160768 2015-12-09] (Micro-Star International Co., Ltd.) [File not signed]

R2 MSI_ActiveX_Service; C:\Program Files (x86)\MSI\Dragon Center\MSI_ActiveX_Service.exe [62392 2017-04-24] (Micro-Star INT'L CO., LTD.)

R2 NitroReaderDriverReadSpool5; C:\Program Files\Nitro\Reader 5\NitroPDFReaderDriverService5x64.exe [327328 2016-03-03] (Nitro PDF Software)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [382248 2007-08-03] (Nero AG)

R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)

S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)

R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-18] (NVIDIA Corporation)

R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-05-18] (NVIDIA Corporation)

S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246888 2016-06-07] (Synaptics Incorporated)

R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [79872 2011-08-22] (VMware, Inc.) [File not signed]

R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [11837440 2011-08-22] () [File not signed]

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)

R2 WsAppService; C:\Program Files (x86)\Wondershare\WAF\2.3.1.204\WsAppService.exe [437392 2016-11-16] (Wondershare)

R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)

S3 QTService; C:\Program Files (x86)\Tencent\QTalk\QTService.dll [X]
 

===================== Drivers (Whitelisted) ======================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

R3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)

R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2015-12-02] (SlySoft, Inc.)

R3 BdApiUtil; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdApiUtil64.sys [116968 2017-01-28] (Baidu, Inc.)

S3 bdark64; C:\Windows\system32\drivers\bdark64.sys [78792 2015-05-28] ()

R3 BdCameraProtect; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\BdCameraProtect64.sys [25032 2017-01-28] (Baidu, Inc.)

S3 BdSandbox; C:\Windows\System32\drivers\BdSandbox.sys [236920 2015-03-05] (Baidu, Inc.)

R1 Bfilter; C:\Windows\System32\drivers\Bfilter.sys [61896 2016-08-21] (Baidu, Inc.)

R1 BfLwf; C:\WINDOWS\system32\DRIVERS\bwcW10x64.sys [141896 2015-09-30] (Rivet Networks, LLC.)

R1 Bfmon; C:\Windows\System32\drivers\Bfmon.sys [38344 2016-08-21] (Baidu, Inc.)

S0 Bhbase; C:\WINDOWS\System32\drivers\Bhbase.sys [83144 2017-01-28] (Baidu, Inc.)

R1 Bnbase; C:\WINDOWS\System32\drivers\bnbasex64.sys [62792 2016-08-21] (Baidu, Inc.)

R1 Bndef; C:\Windows\System32\drivers\bndef64.sys [485672 2016-08-21] (Baidu, Inc.)

R3 Bnmon; C:\Program Files (x86)\Baidu Security\Baidu Antivirus\5.4.3.148966.1\Bnmon64.sys [82376 2017-01-28] (Baidu, Inc.)

R1 Bprotect; C:\Windows\System32\drivers\Bprotect.sys [262088 2016-08-21] (Baidu, Inc.)

S3 BstHdDrv; C:\Program Files (x86)\Bluestacks\HD-Hypervisor-amd64.sys [152672 2016-11-23] (BlueStack Systems)

S3 BstkDrv; C:\Program Files (x86)\Bluestacks\BstkDrv.sys [270904 2016-11-08] (Bluestack System Inc. )

S3 BTHPORT; C:\WINDOWS\System32\drivers\BTHport.sys [967168 2016-11-11] (Microsoft Corporation) [File not signed]

S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-27] (Samsung Electronics Co., Ltd.)

R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-05-25] ()

R3 flex1500; C:\WINDOWS\system32\drivers\flex1500.sys [265312 2012-11-29] (Jungo)

R3 flex1500; C:\Windows\SysWOW64\drivers\flex1500.sys [265312 2012-11-29] (Jungo)

R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)

R3 KillerEth; C:\WINDOWS\System32\drivers\e2xw10x64.sys [162456 2016-08-21] (Qualcomm Atheros, Inc.)

S3 libusbK; C:\WINDOWS\System32\drivers\libusbK.sys [47200 2016-12-27] (hxxp://libusb-win32.sourceforge.net)

R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188312 2017-06-20] (Malwarebytes)

R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-06-20] (Malwarebytes)

R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [44960 2017-06-20] (Malwarebytes)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [252832 2017-06-20] (Malwarebytes)

R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-06-20] (Malwarebytes)

S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()

R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)

R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvmii.inf_amd64_69ca8597af61d80b\nvlddmkm.sys [14458264 2017-05-19] (NVIDIA Corporation)

S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-05-03] (NVIDIA Corporation)

R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)

R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-05-18] (NVIDIA Corporation)

R3 Qcamain10x64; C:\WINDOWS\System32\drivers\Qcamain10x64.sys [2336768 2016-07-16] (Qualcomm Atheros, Inc.)

R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [752856 2015-05-29] (Realsil Semiconductor Corporation)

R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-06-07] (Synaptics Incorporated)

R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46440 2017-04-06] (SteelSeries ApS)

R3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45896 2017-05-12] (SteelSeries ApS)

R3 ssps2; C:\WINDOWS\System32\drivers\ssps2.sys [38720 2016-11-03] (SteelSeries ApS)

S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-27] (Samsung Electronics Co., Ltd.)

S3 SundtekMTV; C:\WINDOWS\system32\DRIVERS\sundtekmtv64.sys [365776 2015-12-10] (Sundtek Electronics)

R3 TT4650_SRV_64; C:\WINDOWS\system32\drivers\ttConnect4650_64.sys [436736 2015-11-24] (CityCom GmbH)

U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()

R1 VBoxNetAdp; C:\WINDOWS\System32\drivers\VBoxNetAdp6.sys [132120 2016-11-21] (Oracle Corporation)

R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [206416 2016-11-21] (Oracle Corporation)

S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)

S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)

S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

R3 WINIO; C:\Program Files (x86)\MSI\Dragon Center\winio64.sys [15160 2015-06-11] ()

S1 eougywyt; \??\C:\WINDOWS\system32\drivers\eougywyt.sys [X]

S3 GSVxDrv; \??\C:\Program Files\YYBox\drivers\GSVxDrv\GSVxDrv.sys [X]

U2 QQMicroGameBoxService; no ImagePath

S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 

==================== One Month Created files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2017-06-20 21:28 - 2017-06-20 21:28 - 00000000 ____D C:\Users\moxito\Desktop\FRST-OlderVersion

2017-06-20 21:25 - 2017-06-20 21:25 - 00000000 ____D C:\Users\Public\Documents\Tencent

2017-06-20 21:25 - 2017-06-20 21:25 - 00000000 ____D C:\Users\moxito\AppData\Local\Google

2017-06-20 21:25 - 2017-06-20 21:25 - 00000000 ____D C:\Program Files (x86)\Tencent

2017-06-20 21:22 - 2017-06-20 21:27 - 00000000 ____D C:\Users\moxito\AppData\Roaming\Tencent

2017-06-20 21:04 - 2017-06-20 21:11 - 00252832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2017-06-20 21:04 - 2017-06-20 21:11 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys

2017-06-20 21:04 - 2017-06-20 21:11 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys

2017-06-20 21:04 - 2017-06-20 21:11 - 00044960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2017-06-20 21:04 - 2017-06-20 21:04 - 00188312 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys

2017-06-20 21:04 - 2017-06-20 21:04 - 00001872 _____ C:\Users\Public\Desktop\Malwarebytes.lnk

2017-06-20 21:04 - 2017-06-20 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes

2017-06-20 21:04 - 2017-06-20 21:04 - 00000000 ____D C:\ProgramData\Malwarebytes

2017-06-20 21:04 - 2017-06-20 21:04 - 00000000 ____D C:\Program Files\Malwarebytes

2017-06-20 21:04 - 2017-05-25 11:58 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys

2017-06-20 21:03 - 2017-06-20 21:04 - 64232976 _____ (Malwarebytes ) C:\Users\moxito\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.141-1.0.2092.exe

2017-06-20 21:00 - 2017-06-20 21:00 - 00001582 _____ C:\Users\moxito\Desktop\JRT.txt

2017-06-20 20:58 - 2017-06-20 20:58 - 01663672 _____ (Malwarebytes) C:\Users\moxito\Downloads\JRT.exe

2017-06-20 20:54 - 2017-06-20 20:56 - 00000000 ____D C:\Users\moxito\AppData\Local\F524E5C1-49AC-4835-B859-6FDC260E6394

2017-06-20 20:53 - 2017-06-20 21:11 - 00000486 _____ C:\WINDOWS\Tasks\HuanjuGameUpdate.job

2017-06-20 20:53 - 2017-06-20 20:53 - 00003588 _____ C:\WINDOWS\System32\Tasks\HuanjuGameUpdate

2017-06-20 20:49 - 2017-06-20 21:11 - 00000000 _____ C:\Users\Public\Documents\temp.dat

2017-06-20 20:47 - 2017-06-20 20:47 - 00000000 ____D C:\Users\moxito\AppData\Local\PeerDistRepub

2017-06-20 20:41 - 2017-06-20 20:47 - 00000000 ____D C:\AdwCleaner

2017-06-20 20:41 - 2017-06-20 20:41 - 04110280 _____ C:\Users\moxito\Downloads\AdwCleaner_6.047.exe

2017-06-20 20:37 - 2017-06-20 20:37 - 00566128 _____ (Malwarebytes) C:\Users\moxito\Downloads\mbam-clean-2.3.0.1001.exe

2017-06-19 17:59 - 2017-06-19 17:59 - 00187408 _____ C:\WINDOWS\jUaJ.tIEvC

2017-06-19 17:59 - 2017-06-19 17:59 - 00106512 _____ C:\WINDOWS\HMOuyegwd9.Xw2Am

2017-06-19 02:52 - 2017-06-19 02:52 - 00143376 _____ C:\WINDOWS\59.T477k

2017-06-18 21:33 - 2017-06-18 21:33 - 00002811 _____ C:\Users\moxito\Desktop\RtkNGUI64.exe - Verknüpfung.lnk

2017-06-18 21:19 - 2017-06-18 21:27 - 00000000 ____D C:\Users\moxito\Desktop\Software & Treiber

2017-06-18 20:46 - 2017-06-18 20:46 - 00000000 ____D C:\ProgramData\Nahimic22.3.14

2017-06-18 20:34 - 2017-06-18 20:34 - 00450352 _____ (Microsoft Corporation) C:\Users\moxito\Downloads\FixitCenter_Run.exe

2017-06-18 20:31 - 2017-06-18 20:31 - 15549025 _____ C:\Users\moxito\Downloads\Microsoft_Fix-it-Paket.zip

2017-06-18 20:25 - 2017-06-18 20:25 - 00271376 _____ C:\WINDOWS\jaA3nrCQa91Ph1W.68S97

2017-06-18 19:59 - 2017-04-21 23:53 - 00029376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll

2017-06-18 19:59 - 2017-04-21 23:53 - 00018600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll

2017-06-18 19:59 - 2017-04-21 23:50 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll

2017-06-18 19:59 - 2017-04-21 23:50 - 00018592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll

2017-06-18 19:59 - 2017-04-11 20:27 - 00993632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2017-06-18 19:59 - 2017-04-11 20:27 - 00690008 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll

2017-06-18 19:59 - 2017-03-15 20:15 - 00987840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2017-06-18 19:59 - 2017-03-15 20:15 - 00485576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll

2017-06-18 19:43 - 2017-06-18 19:44 - 02296696 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2017-06-18 18:48 - 2017-06-20 21:25 - 00000000 ____D C:\Users\moxito\AppData\Local\CrashDumps

2017-06-18 05:54 - 2017-06-18 05:54 - 00000000 ____D C:\Users\moxito\AppData\Local\Apps\2.0

2017-06-18 01:01 - 2017-06-20 21:29 - 00031834 _____ C:\Users\moxito\Desktop\FRST.txt

2017-06-18 00:17 - 2017-06-18 01:03 - 00074146 _____ C:\Users\moxito\Desktop\Addition.txt

2017-06-18 00:01 - 2017-06-18 00:01 - 02388709 _____ C:\HEADERS

2017-06-17 23:44 - 2017-06-17 23:47 - 00000000 ___HD C:\$WINDOWS.~BT

2017-06-17 23:30 - 2017-06-17 23:30 - 00000000 ____D C:\Program Files\Synaptics

2017-06-17 19:05 - 2017-06-17 19:25 - 00000000 ____D C:\ESD

2017-06-17 19:05 - 2017-06-17 19:05 - 00000000 ___HD C:\$Windows.~WS

2017-06-17 18:36 - 2017-06-17 18:36 - 00079064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\tvwoetih.sys

2017-06-17 16:43 - 2017-06-17 16:43 - 05265000 _____ C:\Users\moxito\Downloads\psiphon3.exe

2017-06-17 00:14 - 2017-06-20 21:29 - 00000000 ____D C:\FRST

2017-06-17 00:13 - 2017-06-20 21:28 - 02439680 _____ (Farbar) C:\Users\moxito\Desktop\FRST64.exe

2017-06-16 23:23 - 2017-06-16 23:25 - 00000000 ____D C:\WINDOWS\Minidump

2017-06-16 23:04 - 2017-06-16 23:04 - 09598376 _____ (Piriform Ltd) C:\Users\moxito\Downloads\ccsetup531.exe

2017-06-16 22:42 - 2017-06-16 22:42 - 00000000 ___SD C:\WINDOWS\UpdateAssistantV2

2017-06-16 22:07 - 2017-06-16 22:07 - 00003654 _____ C:\WINDOWS\System32\Tasks\Dragon_Center_updater

2017-06-16 22:07 - 2017-06-16 22:07 - 00003016 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Center

2017-06-16 19:06 - 2017-06-16 19:06 - 81963976 _____ C:\Users\moxito\Downloads\SteelSeriesEngine3.10.2Setup.exe

2017-06-16 17:59 - 2017-06-03 11:23 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2017-06-16 17:59 - 2017-06-03 11:22 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcorehc.dll

2017-06-16 17:58 - 2017-06-03 12:50 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2017-06-16 17:58 - 2017-06-03 12:50 - 00192856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll

2017-06-16 17:58 - 2017-06-03 12:11 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll

2017-06-16 17:58 - 2017-06-03 12:06 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2017-06-16 17:58 - 2017-06-03 11:58 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2017-06-16 17:58 - 2017-06-03 11:55 - 00780640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2017-06-16 17:58 - 2017-06-03 11:52 - 01021784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2017-06-16 17:58 - 2017-06-03 11:52 - 00607072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2017-06-16 17:58 - 2017-06-03 11:52 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2017-06-16 17:58 - 2017-06-03 11:49 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2017-06-16 17:58 - 2017-06-03 11:44 - 01412640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll

2017-06-16 17:58 - 2017-06-03 11:44 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2017-06-16 17:58 - 2017-06-03 11:39 - 05686272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll

2017-06-16 17:58 - 2017-06-03 11:33 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll

2017-06-16 17:58 - 2017-06-03 11:32 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll

2017-06-16 17:58 - 2017-06-03 11:31 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll

2017-06-16 17:58 - 2017-06-03 11:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2017-06-16 17:58 - 2017-06-03 11:28 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll

2017-06-16 17:58 - 2017-06-03 11:28 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll

2017-06-16 17:58 - 2017-06-03 11:26 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2017-06-16 17:58 - 2017-06-03 11:26 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBrokerUI.dll

2017-06-16 17:58 - 2017-06-03 11:22 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2017-06-16 17:58 - 2017-06-03 11:22 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll

2017-06-16 17:58 - 2017-06-03 11:20 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2017-06-16 17:58 - 2017-06-03 11:19 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe

2017-06-16 17:58 - 2017-06-03 11:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 18364928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2017-06-16 17:58 - 2017-06-03 11:15 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll

2017-06-16 17:58 - 2017-06-03 11:12 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 12187648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 02643968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll

2017-06-16 17:58 - 2017-06-03 11:08 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2017-06-16 17:58 - 2017-06-03 11:06 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2017-06-16 17:58 - 2017-06-03 11:05 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2017-06-16 17:58 - 2017-06-03 11:05 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hnetcfg.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 02006528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll

2017-06-16 17:58 - 2017-06-03 11:04 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe

2017-06-16 17:58 - 2017-06-03 11:03 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll

2017-06-16 17:58 - 2017-06-03 11:02 - 02997760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys

2017-06-16 17:58 - 2017-06-03 10:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2017-06-16 17:58 - 2017-03-04 08:22 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2017-06-16 17:58 - 2017-03-04 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2017-06-16 17:58 - 2017-03-04 08:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2017-06-16 17:58 - 2016-09-07 06:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll

2017-06-16 17:53 - 2017-06-03 11:14 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll

2017-06-16 17:53 - 2017-06-03 10:52 - 03403264 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll

2017-06-16 17:53 - 2017-06-03 10:50 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll

2017-06-16 17:53 - 2017-06-03 10:49 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe

2017-06-16 17:52 - 2017-06-03 12:14 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ImplatSetup.dll

2017-06-16 17:52 - 2017-06-03 12:11 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys

2017-06-16 17:52 - 2017-06-03 12:09 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll

2017-06-16 17:52 - 2017-06-03 12:08 - 07783256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2017-06-16 17:52 - 2017-06-03 11:59 - 01181024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2017-06-16 17:52 - 2017-06-03 11:59 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2017-06-16 17:52 - 2017-06-03 11:53 - 00404824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2017-06-16 17:52 - 2017-06-03 11:51 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2017-06-16 17:52 - 2017-06-03 11:51 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2017-06-16 17:52 - 2017-06-03 11:50 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2017-06-16 17:52 - 2017-06-03 11:49 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2017-06-16 17:52 - 2017-06-03 11:49 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys

2017-06-16 17:52 - 2017-06-03 11:48 - 00857952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2017-06-16 17:52 - 2017-06-03 11:48 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2017-06-16 17:52 - 2017-06-03 11:45 - 22220864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2017-06-16 17:52 - 2017-06-03 11:44 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll

2017-06-16 17:52 - 2017-06-03 11:39 - 02532192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2017-06-16 17:52 - 2017-06-03 11:16 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll

2017-06-16 17:52 - 2017-06-03 11:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll

2017-06-16 17:52 - 2017-06-03 11:14 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2017-06-16 17:52 - 2017-06-03 11:14 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2017-06-16 17:52 - 2017-06-03 11:11 - 00353792 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2017-06-16 17:52 - 2017-06-03 11:10 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll

2017-06-16 17:52 - 2017-06-03 11:10 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBrokerUI.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcorehc.dll

2017-06-16 17:52 - 2017-06-03 11:09 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll

2017-06-16 17:52 - 2017-06-03 11:08 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll

2017-06-16 17:52 - 2017-06-03 11:07 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2017-06-16 17:52 - 2017-06-03 11:07 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2017-06-16 17:52 - 2017-06-03 11:03 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2017-06-16 17:52 - 2017-06-03 10:56 - 13091840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2017-06-16 17:52 - 2017-06-03 10:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2017-06-16 17:52 - 2017-06-03 10:53 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2017-06-16 17:52 - 2017-06-03 10:52 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2017-06-16 17:52 - 2017-06-03 10:51 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2017-06-16 17:52 - 2017-06-03 10:50 - 04744704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 03615744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2017-06-16 17:52 - 2017-06-03 10:49 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 02318848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2017-06-16 17:52 - 2017-06-03 10:49 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2017-06-16 17:52 - 2017-06-03 10:48 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2017-06-16 17:52 - 2017-06-03 10:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2017-06-16 17:52 - 2017-06-03 10:46 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll

2017-06-16 17:52 - 2017-05-25 07:56 - 00038752 _____ (Microsoft Corporation) C:\WINDOWS\system32\OOBEUpdater.exe

2017-06-16 17:52 - 2017-03-04 08:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll

2017-06-16 17:51 - 2017-06-03 12:16 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2017-06-16 17:51 - 2017-06-03 12:14 - 01564512 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 01214816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00629088 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00544096 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00334176 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00233824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2017-06-16 17:51 - 2017-06-03 12:14 - 00096608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe

2017-06-16 17:51 - 2017-06-03 12:14 - 00034648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2017-06-16 17:51 - 2017-06-03 12:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2017-06-16 17:51 - 2017-06-03 11:59 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2017-06-16 17:51 - 2017-06-03 11:54 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2017-06-16 17:51 - 2017-06-03 11:50 - 00381792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2017-06-16 17:51 - 2017-06-03 11:48 - 01112416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2017-06-16 17:51 - 2017-06-03 11:48 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe

2017-06-16 17:51 - 2017-06-03 11:48 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe

2017-06-16 17:51 - 2017-06-03 11:40 - 01566552 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll

2017-06-16 17:51 - 2017-06-03 11:40 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2017-06-16 17:51 - 2017-06-03 11:39 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe

2017-06-16 17:51 - 2017-06-03 11:22 - 07217152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll

2017-06-16 17:51 - 2017-06-03 11:18 - 22569984 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2017-06-16 17:51 - 2017-06-03 11:16 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll

2017-06-16 17:51 - 2017-06-03 11:15 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys

2017-06-16 17:51 - 2017-06-03 11:14 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2017-06-16 17:51 - 2017-06-03 11:10 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll

2017-06-16 17:51 - 2017-06-03 11:08 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2017-06-16 17:51 - 2017-06-03 11:08 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2017-06-16 17:51 - 2017-06-03 11:07 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\HNetCfgClient.dll

2017-06-16 17:51 - 2017-06-03 11:06 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll

2017-06-16 17:51 - 2017-06-03 11:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll

2017-06-16 17:51 - 2017-06-03 11:00 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2017-06-16 17:51 - 2017-06-03 10:58 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdProxy.dll

2017-06-16 17:51 - 2017-06-03 10:52 - 00975872 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe

2017-06-16 17:51 - 2017-06-03 10:52 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll

2017-06-16 17:51 - 2017-06-03 10:51 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe

2017-06-16 17:51 - 2017-06-03 10:49 - 02475520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll

2017-06-16 17:51 - 2017-06-03 10:49 - 01845248 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll

2017-06-16 17:51 - 2017-06-03 10:49 - 00351744 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetcfg.dll

2017-06-16 17:51 - 2017-06-03 08:08 - 00080078 _____ C:\WINDOWS\system32\normidna.nls

2017-06-06 00:55 - 2017-06-06 00:55 - 00000000 ____D C:\Users\moxito\AppData\Roaming\RenewSoftware.com

2017-06-06 00:04 - 2017-06-06 00:04 - 4083853312 _____ C:\Users\moxito\Downloads\Win10_English_x64.iso

2017-06-05 23:23 - 2017-06-05 23:23 - 00004184 _____ C:\WINDOWS\System32\Tasks\{ED9A9CD4-5A31-2B7F-2D3D-2F4634FF2C3B}

2017-06-05 23:23 - 2017-06-05 23:23 - 00003884 _____ C:\WINDOWS\System32\Tasks\{F7B708E3-B402-CC93-0235-FB6400AF3F41}

2017-06-05 23:22 - 2017-06-05 23:22 - 01611944 _____ (Secure Download Ltd. ) C:\Users\moxito\Downloads\Registry_Activation

2017-06-05 23:21 - 2017-06-05 23:21 - 00000000 ____D C:\ProgramData\Caphyon

2017-05-24 16:31 - 2017-05-24 16:31 - 00187408 _____ C:\WINDOWS\3LQJZeRfB62pV.9W5pn

2017-05-24 16:31 - 2017-05-24 16:31 - 00053264 _____ C:\WINDOWS\FXu4.S5k12

2017-05-24 16:29 - 2017-05-18 07:21 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe

2017-05-24 16:26 - 2017-05-18 09:35 - 40201848 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 35390072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 35282040 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 28624504 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 11056456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 10551072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 03797112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438233.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01606592 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438233.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01278528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 01056704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00993912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00993872 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00964032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00688968 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00612272 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00583800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll

2017-05-24 16:26 - 2017-05-18 09:35 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll

2017-05-22 21:10 - 2017-05-22 21:10 - 00095248 _____ C:\WINDOWS\Yfn76w2d9ICq.19CwO

2017-05-22 16:08 - 2017-05-22 16:08 - 00163856 _____ C:\WINDOWS\ok9734e.2DWmr

2017-05-22 00:22 - 2017-05-22 00:22 - 00001101 _____ C:\Users\moxito\Desktop\百度网盘.lnk

2017-05-22 00:22 - 2017-05-22 00:22 - 00000000 ____D C:\Users\moxito\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\百度网盘

2017-05-21 22:53 - 2017-05-21 22:53 - 00004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2017-05-03 22:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll

2017-05-21 22:53 - 2017-05-03 22:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll

2017-05-21 22:32 - 2017-05-21 22:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\BaiduYunKernel

2017-05-21 22:32 - 2017-05-21 22:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\BaiduYunGuanjia

2017-05-21 20:51 - 2017-05-21 20:51 - 00002116 _____ C:\Users\Public\Desktop\Nahimic 2.lnk

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nahimic 2

2017-05-21 20:51 - 2017-05-21 20:51 - 00000000 ____D C:\Program Files\Nahimic

2017-05-21 20:51 - 2017-02-06 10:31 - 72520712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat

2017-05-21 20:51 - 2017-02-06 10:31 - 10187598 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT

2017-05-21 20:51 - 2017-02-06 10:31 - 03503048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03410832 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03299816 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03203584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03122656 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 03014656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl

2017-05-21 20:51 - 2017-02-06 10:31 - 02830480 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 02190984 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01435136 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01382232 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01353816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 01003504 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDHF64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00984912 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00965024 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00962120 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00873456 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00866088 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SEHDHF32.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00859912 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00855232 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00726624 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00689880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00532376 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00517504 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00467152 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00387312 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00381408 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00343704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00341144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00321712 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00258856 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00231912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00221968 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00214824 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00209536 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00192976 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00166200 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00158688 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00110976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00090912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00088344 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00088320 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll

2017-05-21 20:51 - 2017-02-06 10:31 - 00075536 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 07172912 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 07096184 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 06264632 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 05593608 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 05347000 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 02444688 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 02202624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01965808 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01959600 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01780616 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01591056 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01508928 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01133584 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 01003856 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00743960 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00727432 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00708304 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00680512 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00504304 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00447712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00445392 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00441264 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00416504 _____ (Harman) C:\WINDOWS\system32\HMUI.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00378384 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00366120 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\HMAPO.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00362048 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00360344 _____ (Harman) C:\WINDOWS\system32\HMClariFi.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00327448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00310416 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00272712 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00253896 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00253856 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00252872 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00203832 _____ (Harman) C:\WINDOWS\system32\HMHVS.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ_Voice.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00190928 _____ (Harman) C:\WINDOWS\system32\HMEQ.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00179592 _____ (Harman) C:\WINDOWS\system32\HMLimiter.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00154360 _____ (Harman) C:\WINDOWS\system32\HarmanAudioInterface.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00151784 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00134192 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00122312 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00118584 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00105304 _____ C:\WINDOWS\system32\audioLibVc.dll

2017-05-21 20:51 - 2017-02-06 10:30 - 00084608 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
 

==================== One Month Modified files and folders ========
 

(If an entry is included in the fixlist, the file/folder will be moved.)
 

2017-06-20 21:26 - 2016-12-01 02:10 - 00000000 ____D C:\Users\moxito\AppData\LocalLow\SogouPY

2017-06-20 21:25 - 2016-11-25 00:46 - 00002094 _____ C:\Users\Public\Desktop\Tencent QQ.lnk

2017-06-20 21:25 - 2016-08-21 20:02 - 00000000 ____D C:\Users\moxito\Documents\Tencent Files

2017-06-20 21:23 - 2016-08-21 20:02 - 00018760 _____ C:\WINDOWS\SysWOW64\QQVistaHelper.dll

2017-06-20 21:16 - 2016-08-21 16:12 - 00000000 ____D C:\ProgramData\NVIDIA

2017-06-20 21:15 - 2016-11-25 16:32 - 00000000 ____D C:\Users\moxito\AppData\Roaming\The Bat!

2017-06-20 21:15 - 2016-10-11 11:04 - 03399696 _____ C:\WINDOWS\system32\perfh007.dat

2017-06-20 21:15 - 2016-10-11 11:04 - 00957568 _____ C:\WINDOWS\system32\perfc007.dat

2017-06-20 21:15 - 2016-08-21 17:36 - 00000000 ____D C:\Users\moxito\AppData\Local\Sidebar7

2017-06-20 21:15 - 2016-08-21 15:19 - 07127782 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2017-06-20 21:14 - 2016-10-30 02:17 - 00000040 ___SH C:\ProgramData\.zreglib

2017-06-20 21:11 - 2016-11-27 00:25 - 00000000 ____D C:\ProgramData\VMware

2017-06-20 21:11 - 2016-10-11 01:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2017-06-20 21:00 - 2016-12-01 02:10 - 00000000 ____D C:\Program Files (x86)\SogouInput

2017-06-20 20:49 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI

2017-06-20 20:47 - 2016-10-11 12:58 - 00000000 ____D C:\WINDOWS\system32\log

2017-06-20 20:47 - 2016-09-28 17:46 - 00000008 __RSH C:\ProgramData\ntuser.pol

2017-06-20 20:47 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF

2017-06-20 20:37 - 2016-10-11 01:10 - 00000000 ____D C:\Users\moxito

2017-06-20 20:36 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps

2017-06-20 20:36 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness

2017-06-20 05:32 - 2016-10-11 01:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2017-06-18 20:48 - 2016-10-11 01:13 - 00002502 _____ C:\WINDOWS\System32\Tasks\MSI_Dragon Gaming Center

2017-06-18 20:37 - 2016-08-21 17:10 - 00000000 ____D C:\Users\moxito\AppData\Local\ClassicShell

2017-06-18 20:00 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp

2017-06-18 19:55 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF

2017-06-18 19:46 - 2016-08-21 22:03 - 00000000 ____D C:\Users\moxito\AppData\Roaming\vlc

2017-06-18 02:17 - 2017-04-26 02:17 - 20645376 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe

2017-06-18 02:17 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed

2017-06-18 00:37 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Performance

2017-06-17 23:55 - 2016-10-11 01:14 - 00003780 _____ C:\WINDOWS\diagwrn.xml

2017-06-17 23:55 - 2016-10-11 01:14 - 00001908 _____ C:\WINDOWS\diagerr.xml

2017-06-17 23:47 - 2016-10-13 18:41 - 00000000 ____D C:\WINDOWS\Panther

2017-06-17 23:20 - 2016-08-21 17:08 - 00000000 ____D C:\ProgramData\BavSvc_exe

2017-06-17 22:41 - 2017-02-11 13:53 - 00000000 ____D C:\Users\moxito\AppData\Roaming\XnView

2017-06-17 19:58 - 2016-12-01 01:43 - 00000000 ____D C:\Users\moxito\Downloads\div. Windows

2017-06-17 18:56 - 2016-11-29 18:50 - 00000000 ____D C:\Users\moxito\AppData\Roaming\Psiphon3

2017-06-17 18:29 - 2016-11-29 18:50 - 05265000 _____ C:\Users\moxito\psiphon3.exe

2017-06-17 02:44 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache

2017-06-17 02:12 - 2016-08-21 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2017-06-16 23:36 - 2016-08-21 16:55 - 00000000 ____D C:\Users\moxito\AppData\Roaming\steelseries-engine-3-client

2017-06-16 23:29 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2017-06-16 23:18 - 2016-11-25 00:13 - 00000000 ____D C:\ProgramData\Hauppauge

2017-06-16 23:08 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\tracing

2017-06-16 23:04 - 2016-08-21 16:58 - 00000823 _____ C:\Users\Public\Desktop\CCleaner.lnk

2017-06-16 23:02 - 2016-10-11 01:13 - 00002220 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC

2017-06-16 22:45 - 2016-08-21 15:17 - 00000000 __RHD C:\Users\Public\AccountPictures

2017-06-16 22:43 - 2016-09-28 18:06 - 00000000 ____D C:\Program Files\Microsoft Silverlight

2017-06-16 22:43 - 2016-09-28 18:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser

2017-06-16 22:42 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences

2017-06-16 22:39 - 2016-11-25 17:35 - 00000000 ____D C:\Users\moxito\AppData\Roaming\uTorrent

2017-06-16 22:17 - 2016-08-21 15:41 - 00000000 ____D C:\WINDOWS\system32\MRT

2017-06-16 22:15 - 2016-09-28 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2017-06-16 22:15 - 2016-08-21 15:41 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2017-06-16 22:08 - 2016-09-27 14:20 - 00000000 ____D C:\ProgramData\MSI

2017-06-16 22:07 - 2016-09-27 14:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI

2017-06-16 22:07 - 2016-08-21 16:30 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2017-06-16 19:08 - 2016-08-21 16:53 - 00000000 ____D C:\WINDOWS\Cnxt

2017-06-16 19:07 - 2016-08-21 16:53 - 00000000 ____D C:\ProgramData\Conexant

2017-06-16 15:49 - 2017-04-25 19:16 - 00000000 ____D C:\Program Files (x86)\YY

2017-06-06 00:36 - 2016-10-12 17:33 - 00000000 ____D C:\WINDOWS\PCHEALTH

2017-06-06 00:35 - 2016-08-22 16:31 - 00000000 ____D C:\Program Files (x86)\FormatFactory

2017-06-05 23:35 - 2016-12-15 05:59 - 00000000 ____D C:\Program Files (x86)\VulkanRT

2017-06-05 23:34 - 2016-12-11 17:10 - 00000000 ____D C:\Program Files (x86)\Intel

2017-06-05 23:33 - 2016-09-27 14:09 - 00000000 ____D C:\Program Files (x86)\MSI

2017-06-03 08:36 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2017-06-03 08:36 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2017-05-24 16:29 - 2016-10-11 01:09 - 00000000 ____D C:\ProgramData\NVIDIA Corporation

2017-05-24 16:29 - 2016-09-15 19:33 - 00000000 ____D C:\Temp

2017-05-24 16:18 - 2016-09-28 16:42 - 00000000 ____D C:\Users\moxito\Documents\temp

2017-05-21 22:53 - 2017-02-07 15:54 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-12-15 05:53 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:13 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}

2017-05-21 22:53 - 2016-10-11 01:09 - 00000000 ____D C:\Program Files\NVIDIA Corporation

2017-05-21 22:53 - 2016-09-27 13:26 - 00001449 _____ C:\Users\Public\Desktop\GeForce Experience.lnk

2017-05-21 22:53 - 2016-08-21 15:39 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

2017-05-21 22:32 - 2016-08-22 17:03 - 00000000 ____D C:\Users\moxito\AppData\Roaming\baidu

2017-05-21 20:51 - 2016-10-11 01:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2017-05-21 20:51 - 2016-10-11 01:09 - 00000000 ____D C:\WINDOWS\system32\DAX2

2017-05-21 20:51 - 2016-08-21 15:43 - 00000000 ____D C:\ProgramData\Package Cache

2017-05-21 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
 

==================== Files in the root of some directories =======
 

2016-10-08 00:26 - 2016-10-08 00:29 - 0000752 _____ () C:\Users\moxito\AppData\Roaming\.emacs

2016-11-30 19:44 - 2016-11-30 19:44 - 0000020 _____ () C:\Users\moxito\AppData\Roaming\004D5649544E41696E66

2016-11-30 19:43 - 2016-11-30 19:43 - 0000256 _____ () C:\Users\moxito\AppData\Roaming\140A0027000007

2016-12-05 20:22 - 2016-12-05 20:22 - 0000024 _____ () C:\Users\moxito\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE31.ini

2016-11-30 19:44 - 2017-01-16 21:48 - 0001209 _____ () C:\Users\moxito\AppData\Roaming\D3D5D3C0-0F3D-40c1-9973-CEB7C072AE32.ini

2017-02-13 02:41 - 2017-02-13 02:41 - 0001038 _____ () C:\Users\moxito\AppData\Roaming\ex_log.txt

2016-10-10 20:08 - 2017-02-04 16:04 - 0001269 _____ () C:\Users\moxito\AppData\Roaming\Network Meter_Settings.ini

2016-10-10 20:09 - 2016-10-10 20:09 - 0000772 _____ () C:\Users\moxito\AppData\Roaming\Stock Meter_Settings.ini

2016-09-30 18:39 - 2016-10-10 19:53 - 0000122 _____ () C:\Users\moxito\AppData\Roaming\System Monitor II_UptimeRecord.ini

2017-01-28 01:25 - 2017-01-28 01:25 - 1444872 _____ (Tencent Inc.) C:\Users\moxito\AppData\Roaming\XQ4Q.DLL

2016-10-30 02:17 - 2017-06-20 21:14 - 0000040 ___SH () C:\ProgramData\.zreglib

2016-10-11 01:09 - 2016-10-11 01:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2017-01-28 03:09 - 2017-01-28 03:09 - 0076168 _____ (Tencent) C:\ProgramData\fa5HvkT6.aIj

2016-12-15 05:53 - 2017-01-18 15:10 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log

2016-12-15 05:53 - 2017-01-14 12:59 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

2016-11-24 23:00 - 2016-11-24 23:01 - 1696960 _____ () C:\ProgramData\QQGAMEQCK2119.DLL

2016-12-05 20:10 - 2016-12-05 20:10 - 1696960 _____ () C:\ProgramData\QQGAMEQCK2205.DLL

2016-12-04 20:08 - 2016-12-08 20:16 - 1389760 _____ () C:\ProgramData\QQGameQCK2840.exe

2017-01-28 01:29 - 2017-01-28 01:29 - 0076168 _____ (Tencent) C:\ProgramData\rW2F6Ma7N5GJI83.971
 

Files to move or delete:

====================

C:\ProgramData\QQGAMEQCK2119.DLL

C:\ProgramData\QQGAMEQCK2205.DLL

C:\ProgramData\QQGameQCK2840.exe

C:\Users\moxito\psiphon3.exe
 
 

Some files in TEMP:

====================

2017-06-20 21:29 - 2017-06-20 21:29 - 0031096 _____ (Tencent) C:\Users\moxito\AppData\Local\Temp\qqsafeud.exe
 

==================== Bamital & volsnap ======================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2017-06-19 02:49
 

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

Alle Zeitangaben in WEZ +1. Es ist jetzt 00:47 Uhr.

Seite 1 von 2

100 Beiträge dieses Themas auf einer Seite anzeigen

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131