Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infection with Sasquor Browser Modifier


  • Please log in to reply
23 replies to this topic

#1 NeisAEL

NeisAEL

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 07 May 2016 - 10:39 AM

Hello,

 
I'll get straight to the point. I've been downloading a program (an installer to be specific) which included a malware installer of some sort. The program started multiple processes and tried to take control of my UAC (disabling it), which I prevented, and closing the suspicious processes via Task Manager. At this point I have to say that I'm not a newcomer to computers or software in general, I fixed several instances of malware infection myself, but I require help on this one. After running a quick search on Windows Defender, it removed several files and requested to restart my computer. On restart, a process called "chromewebbrowser.exe) located in "C:\Windows\" wanted to be executed, which I prevented aswell. Windows Defender called it a "Sasquor Browser Modifier". Since this process didnt come up in the WD (Windows Defender) search, I don't know if I have overlooked anything else.
 
Here are my FRST logs:
 
 
 
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016
durchgeführt von Alexander (Administrator) auf ALEXANDER-PC (07-05-2016 17:24:41)
Gestartet von C:\Users\Alexander\Downloads
Geladene Profile: Alexander & DefaultAppPool (Verfügbare Profile: Alexander & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
() C:\Users\Alexander\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Disc Soft Ltd) D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Dropbox, Inc.) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4701184 2014-11-24] (VIA)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [chromebrowser] => "C:\WINDOWS\chromebrowser.exe"
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Dropbox Update] => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Amazon Music] => C:\Users\Alexander\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3f95284e-8b08-4a20-9c62-31cc4b61a5df}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4319e6a8-3bad-4f2e-a957-01e8d92f7ce0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{9fa39968-67b9-4cf6-a661-a131e34098f3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9fa39968-67b9-4cf6-a661-a131e34098f3}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E307A6F9-60A1-45CE-BD83-B342268BBBC5}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{e337dfca-3e16-48c7-8bf5-8bf57ceaff25}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071286460691&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071290611233&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> DefaultScope {D7058754-68C9-45F1-8EE9-4DDCC7A870C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331172&octid=EB_ORIGINAL_CTID&ISID=ME875EF9A-EDAC-4AE0-91EA-040342225EA3&SearchSource=58&CUI=&UM=6&UP=SP841C1D0C-8217-4BDA-88FA-58BB84933C50&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0EtAtDyB0AyC0FzytCtBtCtDtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1920991486&ir=
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> {D7058754-68C9-45F1-8EE9-4DDCC7A870C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO-x32: Kein Name -> {5081D2D4-1637-404c-B74F-50526718257D} -> Keine Datei
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  Keine Datei
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} -  Keine Datei
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} -  Keine Datei
 
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\tm67lia8.default
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Keine Datei]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Keine Datei]
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll [2006-08-09] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll [2006-08-09] ( )
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-12] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-05] ()
FF Extension: New Tab by Yahoo - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2016-01-07]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => nicht gefunden
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0EtAtDyB0AyC0FzytCtBtCtDtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1920991486&ir=","hxxp://www.awesomehp.com/?type=hp&ts=1393444493&from=vtt&uid=395049983_1052576_B82C1210"
CHR Session Restore: Default -> ist aktiviert.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (ProxFlow) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2016-05-06]
CHR Extension: (Google Drive) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Turn Off the Lights) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2016-03-26]
CHR Extension: (YouTube) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Adblock Plus) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-10]
CHR Extension: (Google-Suche) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Tampermonkey) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-04-12]
CHR Extension: (Google Docs Offline) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Twitch Live) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2014-09-17]
CHR Extension: (New XKit) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\inobiceghmpkaklcknpniboilbjmlald [2015-11-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Enhanced Steam) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2016-04-08]
CHR Extension: (Google Mail) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-01-28]
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-10-31] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-05-01] ()
S2 skusenzecultMdlservice; C:\Program Files (x86)\Skusenzecult\skusenzecultMdlservice.exe [1000088 2016-05-06] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [809456 2015-12-07] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-03-21] (Advanced Micro Devices)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-04] (AVG Technologies)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-11] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-12-05] (Echobit, LLC)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; kein ImagePath
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-05-07 17:24 - 2016-05-07 17:25 - 00023296 _____ C:\Users\Alexander\Downloads\FRST.txt
2016-05-07 17:24 - 2016-05-07 17:24 - 00000000 ____D C:\FRST
2016-05-07 17:23 - 2016-05-07 17:23 - 02379264 _____ (Farbar) C:\Users\Alexander\Downloads\FRST64.exe
2016-05-07 17:09 - 2016-05-07 17:09 - 00000000 ____D C:\Program Files (x86)\yesbnd
2016-05-07 16:56 - 2016-05-07 16:56 - 00008972 _____ C:\WINDOWS\System32\Tasks\Skusenzecult Module
2016-05-07 16:56 - 2016-05-07 16:56 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-05-07 16:56 - 2016-05-07 16:56 - 00000000 ____D C:\Program Files (x86)\Skusenzecult
2016-05-01 19:41 - 2016-05-01 19:41 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\PunkBuster
2016-05-01 17:02 - 2016-05-01 17:02 - 00000838 _____ C:\Users\Alexander\Desktop\Scrapland.lnk
2016-05-01 17:02 - 2016-05-01 17:02 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Scrapland
2016-05-01 01:15 - 2016-05-01 01:15 - 02106295 _____ C:\Users\Alexander\Downloads\matchmaking_server_picker_44b.zip
2016-05-01 01:15 - 2016-05-01 01:15 - 00000000 ____D C:\Program Files\mmpicker
2016-04-30 19:54 - 2016-04-30 19:54 - 00000000 ____D C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2016-04-30 19:54 - 2016-04-30 19:54 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-04-29 01:47 - 2016-05-02 22:57 - 00019118 _____ C:\Users\Alexander\Desktop\Roadtrip Amerika.odt
2016-04-29 01:36 - 2016-04-29 01:47 - 00010301 _____ C:\Users\Alexander\Desktop\Lebenslauf Arbeitsamt - Kopie.odt
2016-04-28 22:18 - 2016-04-28 22:18 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Ubisoft
2016-04-28 02:39 - 2016-04-28 02:39 - 00000920 _____ C:\Users\Public\Desktop\Sleeping Dogs.lnk
2016-04-28 02:23 - 2016-04-28 02:24 - 03878112 _____ (Husdawg, LLC) C:\Users\Alexander\Downloads\Detection (1).exe
2016-04-27 04:24 - 2016-04-27 04:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman - Arkham City
2016-04-27 01:30 - 2016-04-27 01:30 - 00459541 _____ C:\Users\Alexander\Downloads\ScriptHookV_SDK_1.0.617.1a.zip
2016-04-27 01:15 - 2016-04-27 01:15 - 00918895 _____ C:\Users\Alexander\Downloads\3e0d39-LUA.zip
2016-04-27 01:09 - 2016-04-27 01:10 - 00926072 _____ C:\Users\Alexander\Downloads\ScriptHookV_1.0.678.1.zip
2016-04-27 01:06 - 2016-04-27 01:06 - 00009635 _____ C:\Users\Alexander\Downloads\4d5009-HeistModUpdate171.zip
2016-04-25 14:38 - 2016-04-25 14:38 - 00001164 _____ C:\Users\Public\Desktop\Batman Arkham Asylum GOTY.lnk
2016-04-25 14:38 - 2016-04-25 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocksteady Studios
2016-04-25 02:24 - 2016-04-25 02:24 - 00001018 _____ C:\Users\Alexander\Desktop\Batman Arkham Knight.lnk
2016-04-25 02:24 - 2016-04-25 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2016-04-24 21:42 - 2016-04-24 21:42 - 00001120 _____ C:\Users\Alexander\Desktop\Murdered - Soul Suspect.lnk
2016-04-24 21:42 - 2016-04-24 21:42 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Murdered - Soul Suspect
2016-04-24 20:52 - 2016-04-24 21:31 - 17141991 _____ (The qBittorrent project) C:\Users\Alexander\Downloads\qbittorrent_3.3.4_setup.exe
2016-04-24 03:07 - 2016-04-24 03:09 - 00000000 ____D C:\Users\Alexander\Desktop\test
2016-04-24 03:02 - 2016-04-24 03:04 - 334415392 _____ (AMD Inc.) C:\Users\Alexander\Downloads\non-whql-64bit-radeon-software-crimson-16.4.1-win10-win8.1-win7-apr4.exe
2016-04-24 02:47 - 2016-04-24 02:47 - 00000000 ____D C:\Program Files (x86)\directx
2016-04-24 02:36 - 2016-04-24 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
2016-04-24 02:36 - 1999-12-17 08:13 - 00086016 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2016-04-23 16:06 - 2016-04-23 16:06 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\dvdcss
2016-04-23 16:05 - 2016-04-23 16:05 - 31095769 _____ C:\Users\Alexander\Downloads\asd.rar
2016-04-23 16:05 - 2016-04-23 16:05 - 00000000 ____D C:\Users\Alexander\Desktop\asdf
2016-04-22 02:40 - 2016-04-22 02:40 - 00000000 ____D C:\Users\Alexander\Desktop\Cloud Downloader 2.9
2016-04-22 02:39 - 2016-04-22 02:39 - 05553741 _____ C:\Users\Alexander\Downloads\CloudDownloaderVersion_2.9.zip
2016-04-20 22:10 - 2016-05-03 01:17 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 22:10 - 2016-05-03 01:17 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 22:10 - 2016-04-20 22:10 - 00987728 _____ (Google Inc.) C:\Users\Alexander\Downloads\ChromeSetup.exe
2016-04-20 22:09 - 2016-05-07 17:14 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 22:09 - 2016-05-07 17:07 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 22:09 - 2016-04-20 22:09 - 00004200 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-20 22:09 - 2016-04-20 22:09 - 00003968 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-20 22:06 - 2016-04-20 22:09 - 00987728 _____ (Google Inc.) C:\Users\Alexander\Desktop\ChromeSetup.exe
2016-04-19 19:22 - 2016-04-19 19:22 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OBS
2016-04-15 02:21 - 2016-04-15 02:21 - 00000818 _____ C:\Users\Public\Desktop\Launcher The Stanley Parable.lnk
2016-04-15 02:21 - 2016-04-15 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Stanley Parable
2016-04-15 00:17 - 2016-04-15 00:17 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 14:32 - 2016-04-13 14:32 - 00129759 _____ C:\Users\Alexander\Downloads\151124-Anforderungen-Sportest.pdf
2016-04-13 14:32 - 2016-04-13 14:32 - 00046807 _____ C:\Users\Alexander\Downloads\141208-Informationsblatt-Sehfaehigkeit2.pdf
2016-04-13 14:32 - 2016-04-13 14:32 - 00037667 _____ C:\Users\Alexander\Downloads\Polizeiarztliche-Untersuchung.pdf
2016-04-13 14:02 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 14:02 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 14:02 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 14:02 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 14:02 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 14:02 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 14:02 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 14:02 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 14:02 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 14:02 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 14:02 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 14:02 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 14:02 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 14:02 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 14:02 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 14:02 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 14:02 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 14:02 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 14:02 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 14:02 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 14:02 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 14:02 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 14:02 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 14:02 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 14:02 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 14:02 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 14:02 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 14:02 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 14:02 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 14:02 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 14:01 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 14:01 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 14:01 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 14:01 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 14:01 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 14:01 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 14:01 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 14:01 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 14:01 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 14:01 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 14:01 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 14:01 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 14:01 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 14:01 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 14:01 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 14:01 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 14:01 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 14:01 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 14:01 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 14:01 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 14:01 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 14:01 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 14:01 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 14:01 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 14:01 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 14:01 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 14:01 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 14:01 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 14:01 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 14:01 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 14:01 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 14:01 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 14:01 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 14:01 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 14:01 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 14:01 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 14:01 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 14:01 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 14:01 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 14:01 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 14:01 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 14:01 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 14:01 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 14:01 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 14:01 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 14:01 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 14:01 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 14:01 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 14:01 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 14:01 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 14:01 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 14:01 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 14:01 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 14:01 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 14:01 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 14:01 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 14:01 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 14:01 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 14:01 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 14:01 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 14:01 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 14:01 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 14:01 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 14:01 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 14:01 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 14:01 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 14:01 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 14:01 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 14:01 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 14:01 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 14:01 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 14:01 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 14:01 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 14:01 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 14:01 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 14:01 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 14:01 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 14:01 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 14:01 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 14:01 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 14:01 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 14:01 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 14:01 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 14:01 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 14:01 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 14:01 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 14:01 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 14:01 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 14:01 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 14:01 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 14:01 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 14:01 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 14:01 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 14:01 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 14:01 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 14:01 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 14:01 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 14:01 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 14:01 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 14:01 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 14:01 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 14:01 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 14:01 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 14:01 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 14:01 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 14:01 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 14:01 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 14:01 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 14:01 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 14:01 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 14:01 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 14:01 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 14:01 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 14:01 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 14:01 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 14:01 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 14:01 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 14:01 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 14:01 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 14:01 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 14:01 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 14:01 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 14:01 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 14:01 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 14:01 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 14:01 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 14:01 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 14:01 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 14:01 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 14:01 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 14:00 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 14:00 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 14:00 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 14:00 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 14:00 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 14:00 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 14:00 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 14:00 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 14:00 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 14:00 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 14:00 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 14:00 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 14:00 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 14:00 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 14:00 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 14:00 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 14:00 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 14:00 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 14:00 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 14:00 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 14:00 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 14:00 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 14:00 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 14:00 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 14:00 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 14:00 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 14:00 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 14:00 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 14:00 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 14:00 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 14:00 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 14:00 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 14:00 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 14:00 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 14:00 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 14:00 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 14:00 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 14:00 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 14:00 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 14:00 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 14:00 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 14:00 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 14:00 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 14:00 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 14:00 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 14:00 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 14:00 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 14:00 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 14:00 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 14:00 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 14:00 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 14:00 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 14:00 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 14:00 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 14:00 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 14:00 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 14:00 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 14:00 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 14:00 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 14:00 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 14:00 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 14:00 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 14:00 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 14:00 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 14:00 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 14:00 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 14:00 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 14:00 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 14:00 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 14:00 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 14:00 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 14:00 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 14:00 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 14:00 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 14:00 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 14:00 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 14:00 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 14:00 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 14:00 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 14:00 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 14:00 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 14:00 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 14:00 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 14:00 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 14:00 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 14:00 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 14:00 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 14:00 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 18:22 - 2016-04-12 18:22 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-10 19:47 - 2016-04-10 19:47 - 42269960 _____ C:\Users\Alexander\Downloads\SDA1.0.5.zip
2016-04-10 19:45 - 2016-04-10 19:45 - 00401751 _____ C:\Users\Alexander\Downloads\SteamDesktopAuthenticator-master.zip
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-05-07 17:25 - 2015-06-20 13:40 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA.job
2016-05-07 17:09 - 2014-12-16 02:35 - 00000000 ___RD C:\Users\Alexander\Dropbox
2016-05-07 17:07 - 2016-03-09 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-07 17:06 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-07 16:50 - 2015-01-30 02:17 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\qBittorrent
2016-05-07 15:19 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-07 11:15 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-06 20:24 - 2015-06-20 13:40 - 00001188 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core.job
2016-05-03 16:49 - 2015-12-10 20:20 - 00000080 _____ C:\Users\Alexander\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-03 15:15 - 2015-09-08 10:46 - 00000000 ____D C:\Users\Alexander\AppData\Local\Packages
2016-05-03 02:52 - 2016-03-09 13:56 - 00000000 ____D C:\Users\Alexander
2016-05-01 22:16 - 2014-11-13 22:45 - 00000000 ____D C:\ProgramData\Ubisoft
2016-05-01 19:41 - 2015-02-02 23:03 - 00189248 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-01 19:41 - 2015-02-02 23:03 - 00075136 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-05-01 19:28 - 2013-07-18 18:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-01 17:02 - 2015-02-22 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-04-29 03:12 - 2015-01-26 01:57 - 01939968 _____ (Microsoft) C:\Users\Alexander\Desktop\Matchmaking Server Picker.exe
2016-04-28 22:17 - 2013-09-01 01:11 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-04-28 18:47 - 2013-10-26 12:12 - 00000000 ____D C:\Users\Alexander\Documents\WB Games
2016-04-28 02:39 - 2014-01-30 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
2016-04-25 18:15 - 2013-06-13 14:48 - 00000000 ____D C:\Users\Alexander\Documents\Square Enix
2016-04-25 14:09 - 2016-03-09 13:55 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-25 14:09 - 2015-10-30 20:35 - 00888008 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-25 14:09 - 2015-10-30 20:35 - 00197092 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-25 14:09 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-25 02:26 - 2016-03-25 21:23 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-04-24 22:56 - 2015-01-30 02:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\qBittorrent
2016-04-24 21:45 - 2013-06-25 22:18 - 00000000 ____D C:\Users\Alexander\Documents\My Games
2016-04-24 18:08 - 2015-03-24 16:48 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2016-04-22 09:57 - 2013-06-12 14:37 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 22:09 - 2014-03-04 16:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-19 21:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 00:19 - 2014-12-16 02:33 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Dropbox
2016-04-15 00:18 - 2015-06-20 13:40 - 00000000 ____D C:\Users\Alexander\AppData\Local\Dropbox
2016-04-14 22:53 - 2016-02-18 02:26 - 00000841 _____ C:\Users\Alexander\Desktop\Uplay.lnk
2016-04-14 21:28 - 2013-09-01 01:11 - 00000000 ____D C:\Users\Alexander\AppData\Local\Ubisoft Game Launcher
2016-04-14 15:07 - 2016-03-09 13:50 - 00250168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 21:31 - 2013-06-13 05:25 - 00000000 ____D C:\Users\Alexander\AppData\Local\AMD
2016-04-13 16:22 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:20 - 2014-10-02 15:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:15 - 2014-10-02 15:54 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 18:20 - 2016-03-09 13:53 - 00000000 ____D C:\Program Files\AMD
2016-04-12 18:11 - 2014-09-03 20:17 - 00000000 ____D C:\AMD
2016-04-08 21:31 - 2016-04-05 02:40 - 00000000 ____D C:\Users\Alexander\Desktop\Neuer Ordner
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2015-02-12 18:54 - 2015-02-12 18:56 - 0000034 _____ () C:\Users\Alexander\AppData\Roaming\AdobeWLCMCache.dat
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Alexander\AppData\Roaming\DKDEMK
2015-02-27 02:43 - 2015-02-27 02:43 - 1986000 _____ (Cinema PlusV26.02) C:\Users\Alexander\AppData\Roaming\DKDEMK.exe
2002-08-08 06:11 - 2002-08-08 06:11 - 0319488 ____R () C:\Users\Alexander\AppData\Roaming\MafiaSetup.exe
2013-10-28 21:06 - 2013-10-28 21:06 - 0007602 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
 
Einige Dateien in TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Alexander\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe
C:\Users\Alexander\AppData\Local\Temp\frag.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
 
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2016-05-03 15:19
 
==================== Ende von FRST.txt ============================
 
There might be no problem at all remaining on my computer, I just wanted to be sure.
 
Thanks in advance,
 
NeisAEL

 

Attached File  Addition.txt   69.14KB   10 downloads


Edited by NeisAEL, 07 May 2016 - 03:03 PM.


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 07 May 2016 - 10:34 PM

Hello NeisAEL and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   10.46KB   8 downloads and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:
Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

==========================================================================
How are the PC and browsers running now and any issue ?

Are there still septoms ? Please  write detailed.
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 08:02 AM

The only problem I encountered was after running the fixlist, I cannot open my start menu anymore, or right click anything in the taskbar anymore. Right-clicking the taskbar itself works, but i cannot rightclick folders or open programs anymore. And I cannot open my startmenu anymore, when clicking nothing happens.

 

Here are the logs:

 

 

Fixlog.txt

----------------------------

 

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-05-2016
durchgeführt von Alexander (2016-05-08 14:17:54) Run:1
Gestartet von C:\Users\Alexander\Desktop\frst
Geladene Profile: Alexander (Verfügbare Profile: Alexander & DefaultAppPool)
Start-Modus: Normal
==============================================
 
fixlist Inhalt:
*****************
 
start
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [chromebrowser] => "C:\WINDOWS\chromebrowser.exe"
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Policies\Explorer: [HideSCAHealth] 1
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071286460691&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071286460691&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071290611233&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
{D7058754-68C9-45F1-8EE9-4DDCC7A870C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331172&octid=EB_ORIGINAL_CTID&ISID=ME875EF9A-EDAC-4AE0-91EA-040342225EA3&SearchSource=58&CUI=&UM=6&UP=SP841C1D0C-8217-4BDA-88FA-58BB84933C50&q={searchTerms}&SSPV=
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0EtAtDyB0AyC0FzytCtBtCtDtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1920991486&ir=
SearchScopes: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000 -> {D7058754-68C9-45F1-8EE9-4DDCC7A870C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO-x32: Kein Name -> {5081D2D4-1637-404c-B74F-50526718257D} -> Keine Datei
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -  Keine Datei
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} -  Keine Datei
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} -  Keine Datei
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Keine Datei]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll [Keine Datei]
FF Plugin-x32: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll [2006-08-09] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: @thrixxx.com/WebLaunch -> C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll [2006-08-09] ( )
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll [2013-06-05] ()
FF Extension: New Tab by Yahoo - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2016-01-07]
FF HKLM\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => nicht gefunden
FF HKLM-x32\...\Firefox\Extensions: [{5081D2D4-1637-404c-B74F-50526718257D}] - C:\Program Files\shopperz\Firefox => nicht gefunden
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0EtAtDyB0AyC0FzytCtBtCtDtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1920991486&ir=","hxxp://www.awesomehp.com/?type=hp&ts=1393444493&from=vtt&uid=395049983_1052576_B82C1210"
CHR Session Restore: Default -> ist aktiviert.
CHR HKLM-x32\...\Chrome\Extension: [kpdmjodecdegfglgaapafjleomjjlpnh] - hxxps://clients2.google.com/service/update2/crx
S2 skusenzecultMdlservice; C:\Program Files (x86)\Skusenzecult\skusenzecultMdlservice.exe [1000088 2016-05-06] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-09-04] (AVG Technologies)
U3 idsvc; kein ImagePath
2016-05-07 17:09 - 2016-05-07 17:09 - 00000000 ____D C:\Program Files (x86)\yesbnd
2016-05-07 16:56 - 2016-05-07 16:56 - 00008972 _____ C:\WINDOWS\System32\Tasks\Skusenzecult Module
2016-05-07 16:56 - 2016-05-07 16:56 - 00000000 ____D C:\Program Files (x86)\Skusenzecult
2016-05-01 17:02 - 2016-05-01 17:02 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Scrapland
2016-05-01 01:15 - 2016-05-01 01:15 - 00000000 ____D C:\Program Files\mmpicker
2016-04-30 19:54 - 2016-04-30 19:54 - 00000000 ____D C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
C:\Users\Alexander\AppData\Roaming\Ubisoft
2016-04-24 21:42 - 2016-04-24 21:42 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Murdered - Soul Suspect
 C:\Users\Alexander\AppData\Roaming\dvdcss
 C:\Users\Alexander\AppData\Roaming\OBS
C:\Users\Alexander\AppData\Roaming\qBittorrent
2016-05-03 16:49 - 2015-12-10 20:20 - 00000080 _____ C:\Users\Alexander\AppData\Local???????????????????
2016-05-03 15:15 - 2015-09-08 10:46 - 00000000 ____D C:\Users\Alexander\AppData\Local\Packages
C:\Users\Alexander\AppData\Roaming\vlc
2015-02-12 18:54 - 2015-02-12 18:56 - 0000034 _____ () C:\Users\Alexander\AppData\Roaming\AdobeWLCMCache.dat
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Alexander\AppData\Roaming\DKDEMK
2015-02-27 02:43 - 2015-02-27 02:43 - 1986000 _____ (Cinema PlusV26.02) C:\Users\Alexander\AppData\Roaming\DKDEMK.exe
2002-08-08 06:11 - 2002-08-08 06:11 - 0319488 ____R () C:\Users\Alexander\AppData\Roaming\MafiaSetup.exe
2013-10-28 21:06 - 2013-10-28 21:06 - 0007602 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Alexander\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe
C:\Users\Alexander\AppData\Local\Temp\frag.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
Task: {342550CB-7F88-4632-B550-CFAEF78EA54D} - \CCleanerSkipUAC -> Keine Datei <==== ACHTUNG
Task: {48340C15-07D4-40D3-A0D3-42EAB90E34DE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Keine Datei <==== ACHTUNG
Task: {6545B6A8-5ECC-4A4E-AA86-77B5E42A5EA1} - System32\Tasks\WINshell Event Logging => C:\Users\ALEXAN~1\AppData\Local\Temp\Dscp1.exe <==== ACHTUNG
Task: {65EC9F60-167F-4798-AE34-F3413717D472} - System32\Tasks\Skusenzecult Module => C:\Program Files (x86)\Skusenzecult\skusenzecultMdltask.exe [2016-05-06] ()
Task: {7422F1B8-4C2B-4977-A973-405AF7E6BC51} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {812C4751-2053-42D7-9F18-3B83B6211B26} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {86926C62-64A0-49F2-8539-0DFC5B10F8D7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Keine Datei <==== ACHTUNG
Task: {8E5A1F21-370E-4DDE-8E1B-176EF0716D1F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {8FC2023F-C2C9-4D11-BC49-A69400817611} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Keine Datei <==== ACHTUNG
Task: {9AFFC207-8C33-4FC6-882D-65C7B01C794C} - System32\Tasks\arg3002 => C:\PROGRA~2\TabNav\arg3002.exe <==== ACHTUNG
Task: {B2B98129-324C-4719-A864-18B504E9C52B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Keine Datei <==== ACHTUNG
Task: {B2CBA399-C60B-4ACA-9148-AF7F9DB6A72D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Keine Datei <==== ACHTUNG
Task: {CF97AAAA-3701-457B-AB14-1ECCCD8D4CE6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {D0AD199B-4369-444A-BFD0-03ECB958C307} - System32\Tasks\WINshell Event Notification => C:\Users\ALEXAN~1\AppData\Local\Temp\SBCint2.exe <==== ACHTUNG
Task: {D6299520-FA18-421F-9D14-9CA9FC32FF35} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {EC804693-088F-4699-A693-6706E2350397} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Keine Datei <==== ACHTUNG
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DKDEMK.job => C:\Users\Alexander\AppData\Roaming\DKDEMK.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core.job => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA.job => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Users\Alexander\Desktop\me3_readness_level_cheat.rar:com.dropbox.attributes [168]
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Emptytemp:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ip reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh winsock reset
Reboot:
 
 
 
 
*****************
 
Wiederherstellungspunkt wurde erfolgreich erstellt.
Prozess erfolgreich geschlossen.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\chromebrowser => Wert erfolgreich entfernt
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideSCAHealth => Wert erfolgreich entfernt
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
Der Vorgang wurde erfolgreich beendet.
 
 
 
========= Ende von Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
Der Vorgang wurde erfolgreich beendet.
 
 
 
========= Ende von Reg: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
"HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Schlüssel erfolgreich entfernt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich entfernt
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich entfernt
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => Wert erfolgreich wiederhergestellt
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
{D7058754-68C9-45F1-8EE9-4DDCC7A870C9} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1 => Fehler: Kein automatisierter Fix für diesen Eintrag gefunden.
"HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Schlüssel nicht gefunden. 
"HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Schlüssel nicht gefunden. 
"HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D7058754-68C9-45F1-8EE9-4DDCC7A870C9}" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{D7058754-68C9-45F1-8EE9-4DDCC7A870C9} => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5081D2D4-1637-404c-B74F-50526718257D}" => Schlüssel erfolgreich entfernt
HKCR\Wow6432Node\CLSID\{5081D2D4-1637-404c-B74F-50526718257D} => Schlüssel nicht gefunden. 
"HKCR\PROTOCOLS\Handler\viprotocol" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} => Schlüssel nicht gefunden. 
"HKCR\PROTOCOLS\Filter\video/mp4" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{20C75730-7C25-476B-95DC-C65810F9E489} => Schlüssel nicht gefunden. 
"HKCR\PROTOCOLS\Filter\video/x-flv" => Schlüssel erfolgreich entfernt
HKCR\CLSID\{20C75730-7C25-476B-95DC-C65810F9E489} => Schlüssel nicht gefunden. 
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4" => Schlüssel erfolgreich entfernt
"HKLM\Software\Wow6432Node\MozillaPlugins\@thrixxx.com/WebLaunch" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll => erfolgreich verschoben
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => erfolgreich verschoben
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => nicht gefunden.
"HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\MozillaPlugins\@thrixxx.com/WebLaunch" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll => nicht gefunden.
"HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\MozillaPlugins\ubisoft.com/uplaypc" => Schlüssel erfolgreich entfernt
C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll => erfolgreich verschoben
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi => erfolgreich verschoben
HKLM\Software\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => Wert erfolgreich entfernt
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{5081D2D4-1637-404c-B74F-50526718257D} => Wert erfolgreich entfernt
Chrome StartupUrls => erfolgreich entfernt
Chrome Session Restore: => nicht gefunden.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpdmjodecdegfglgaapafjleomjjlpnh" => Schlüssel erfolgreich entfernt
skusenzecultMdlservice => Dienst erfolgreich entfernt
avgtp => Dienst konnte nicht gestoppt werden.
avgtp => Dienst erfolgreich entfernt
idsvc => Dienst erfolgreich entfernt
C:\Program Files (x86)\yesbnd => erfolgreich verschoben
"C:\WINDOWS\System32\Tasks\Skusenzecult Module" => nicht gefunden.
"C:\Program Files (x86)\Skusenzecult" => nicht gefunden.
C:\Users\Alexander\AppData\Roaming\Scrapland => erfolgreich verschoben
C:\Program Files\mmpicker => erfolgreich verschoben
C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\Ubisoft => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\Murdered - Soul Suspect => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\dvdcss => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\OBS => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\qBittorrent => erfolgreich verschoben
 
=========== "C:\Users\Alexander\AppData\Local???????????????????" ==========
 
C:\Users\Alexander\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦 => erfolgreich verschoben
 
========= Ende -> "C:\Users\Alexander\AppData\Local???????????????????" ========
 
 
"C:\Users\Alexander\AppData\Local\Packages" Ordner verschieben:
 
Konnte nicht verschoben werden "C:\Users\Alexander\AppData\Local\Packages" => ist geplant bei Neustart verschoben zu werden.
 
C:\Users\Alexander\AppData\Roaming\vlc => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\AdobeWLCMCache.dat => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\DKDEMK => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\DKDEMK.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Roaming\MafiaSetup.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Temp\dotnetfx 3.5 sp1.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Temp\frag.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe => erfolgreich verschoben
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{342550CB-7F88-4632-B550-CFAEF78EA54D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{342550CB-7F88-4632-B550-CFAEF78EA54D}" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48340C15-07D4-40D3-A0D3-42EAB90E34DE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48340C15-07D4-40D3-A0D3-42EAB90E34DE}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6545B6A8-5ECC-4A4E-AA86-77B5E42A5EA1}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6545B6A8-5ECC-4A4E-AA86-77B5E42A5EA1}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\WINshell Event Logging => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Logging" => Schlüssel erfolgreich entfernt
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65EC9F60-167F-4798-AE34-F3413717D472} => Schlüssel nicht gefunden. 
C:\WINDOWS\System32\Tasks\Skusenzecult Module => nicht gefunden.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Skusenzecult Module => Schlüssel nicht gefunden. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7422F1B8-4C2B-4977-A973-405AF7E6BC51}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7422F1B8-4C2B-4977-A973-405AF7E6BC51}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{812C4751-2053-42D7-9F18-3B83B6211B26}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{812C4751-2053-42D7-9F18-3B83B6211B26}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{86926C62-64A0-49F2-8539-0DFC5B10F8D7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{86926C62-64A0-49F2-8539-0DFC5B10F8D7}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E5A1F21-370E-4DDE-8E1B-176EF0716D1F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E5A1F21-370E-4DDE-8E1B-176EF0716D1F}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FC2023F-C2C9-4D11-BC49-A69400817611}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FC2023F-C2C9-4D11-BC49-A69400817611}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AFFC207-8C33-4FC6-882D-65C7B01C794C}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AFFC207-8C33-4FC6-882D-65C7B01C794C}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\arg3002 => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\arg3002" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2B98129-324C-4719-A864-18B504E9C52B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2B98129-324C-4719-A864-18B504E9C52B}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2CBA399-C60B-4ACA-9148-AF7F9DB6A72D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2CBA399-C60B-4ACA-9148-AF7F9DB6A72D}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CF97AAAA-3701-457B-AB14-1ECCCD8D4CE6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF97AAAA-3701-457B-AB14-1ECCCD8D4CE6}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D0AD199B-4369-444A-BFD0-03ECB958C307}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D0AD199B-4369-444A-BFD0-03ECB958C307}" => Schlüssel erfolgreich entfernt
C:\WINDOWS\System32\Tasks\WINshell Event Notification => erfolgreich verschoben
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WINshell Event Notification" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D6299520-FA18-421F-9D14-9CA9FC32FF35}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D6299520-FA18-421F-9D14-9CA9FC32FF35}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC804693-088F-4699-A693-6706E2350397}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC804693-088F-4699-A693-6706E2350397}" => Schlüssel erfolgreich entfernt
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => Schlüssel erfolgreich entfernt
C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => erfolgreich verschoben
C:\WINDOWS\Tasks\DKDEMK.job => erfolgreich verschoben
C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core.job => erfolgreich verschoben
C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA.job => erfolgreich verschoben
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => erfolgreich verschoben
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => erfolgreich verschoben
C:\Users\Alexander\Desktop\me3_readness_level_cheat.rar => ":com.dropbox.attributes" ADS erfolgreich entfernt.
 
========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
Der Vorgang wurde erfolgreich beendet.
 
 
 
========= Ende von Reg: =========
 
 
========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========
 
Der Vorgang wurde erfolgreich beendet.
 
 
 
========= Ende von Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= Ende von CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows-IP-Konfiguration
 
Der DNS-Aufl�sungscache wurde geleert.
 
========= Ende von CMD: =========
 
 
=========  ipconfig /release =========
 
 
Windows-IP-Konfiguration
 
Es kann kein Vorgang auf Ethernet ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.
 
Ethernet-Adapter Ethernet:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
 
Ethernet-Adapter LAN-Verbindung:
 
   Verbindungsspezifisches DNS-Suffix: 
   Verbindungslokale IPv6-Adresse  . : fe80::fc3d:97dd:1b1e:34af%3
   Standardgateway . . . . . . . . . : 
 
========= Ende von CMD: =========
 
 
=========  ipconfig /renew =========
 
 
Windows-IP-Konfiguration
 
Es kann kein Vorgang auf Ethernet ausgef�hrt werden, solange dessen Medium nicht
verbunden ist.
 
Ethernet-Adapter Ethernet:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
 
Ethernet-Adapter LAN-Verbindung:
 
   Verbindungsspezifisches DNS-Suffix: fritz.box
   Verbindungslokale IPv6-Adresse  . : fe80::fc3d:97dd:1b1e:34af%3
   IPv4-Adresse  . . . . . . . . . . : 192.168.178.25
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : 192.168.178.1
 
========= Ende von CMD: =========
 
 
=========  netsh advfirewall reset =========
 
OK.
 
 
========= Ende von CMD: =========
 
 
=========  netsh advfirewall set allprofiles state ON =========
 
OK.
 
 
========= Ende von CMD: =========
 
 
=========  netsh int ip reset =========
 
Global wird zur�ckgesetzt... OK
Schnittstelle wird zur�ckgesetzt... OK
Unicastadresse wird zur�ckgesetzt... OK
Nachbar wird zur�ckgesetzt... OK
Pfad wird zur�ckgesetzt... OK
Route wird zur�ckgesetzt... OK
 wird zur�ckgesetzt... Fehler
Zugriff verweigert
 
 wird zur�ckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlie�en.
 
 
========= Ende von CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
 wird zur�ckgesetzt... Fehler
Zugriff verweigert
 
Es sind keine vom Benutzer festgelegten Einstellungen zum Zur�cksetzen vorhanden.
 
 
========= Ende von CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Schnittstelle wird zur�ckgesetzt... OK
Nachbar wird zur�ckgesetzt... OK
Pfad wird zur�ckgesetzt... OK
 wird zur�ckgesetzt... Fehler
Zugriff verweigert
 
 wird zur�ckgesetzt... OK
 wird zur�ckgesetzt... OK
Starten Sie den Computer neu, um die Aktion abzuschlie�en.
 
 
========= Ende von CMD: =========
 
 
=========  netsh winsock reset =========
 
 
Der Winsock-Katalog wurde zur�ckgesetzt.
Sie m�ssen den Computer neu starten, um den Vorgang abzuschlie�en.
 
 
========= Ende von CMD: =========
 
EmptyTemp: => 1.5 GB temporäre Dateien entfernt.
 
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2016-05-08 14:20:32)
 
C:\Users\Alexander\AppData\Local\Packages => ist erfolgreich verschoben
 
==== Ende von Fixlog 14:20:32 ====
 
 
 
 
 
 
 
 
 
 
 
 
 
AdwCleaner
----------------------------
 

# AdwCleaner v5.115 - Bericht erstellt am 08/05/2016 um 14:27:52
# Aktualisiert am 01/05/2016 von Xplode
# Datenbank : 2016-05-08.3 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Alexander - ALEXANDER-PC
# Gestartet von : C:\Users\Alexander\Downloads\adwcleaner_5.115.exe
# Option : Suchlauf
# Unterstützung : http://toolslib.net/forum
 
***** [ Dienste ] *****
 
 
***** [ Ordner ] *****
 
Ordner gefunden : C:\ProgramData\AVG Secure Search
Ordner gefunden : C:\ProgramData\AVG Security Toolbar
Ordner gefunden : C:\ProgramData\LolliScan
Ordner gefunden : C:\ProgramData\avg web tuneup
Ordner gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\clean2PC
Ordner gefunden : C:\Program Files (x86)\avg web tuneup
Ordner gefunden : C:\Users\Alexander\AppData\Local\YSearchUtil
Ordner gefunden : C:\Users\Alexander\AppData\Local\avg web tuneup
Ordner gefunden : C:\Users\Alexander\AppData\Local\28050
Ordner gefunden : C:\Users\Alexander\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
Ordner gefunden : C:\Users\Alexander\AppData\LocalLow\avg web tuneup
 
***** [ Dateien ] *****
 
Datei gefunden : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
Datei gefunden : C:\WINDOWS\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb
Datei gefunden : C:\Users\Alexander\daemonprocess.txt
 
***** [ DLL ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Verknüpfungen ] *****
 
 
***** [ Aufgabenplanung ] *****
 
 
***** [ Registrierungsdatenbank ] *****
 
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel gefunden : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
Schlüssel gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel gefunden : HKLM\SOFTWARE\Classes\s
Schlüssel gefunden : HKLM\SOFTWARE\3aa107f0-3d64-4e62-ae8f-502a27922a9b
Schlüssel gefunden : HKLM\SOFTWARE\e3f85d93-661f-406b-8e46-2fdc60bc3bd5
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel gefunden : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{B5C4833B-847B-49CD-8EBE-CDD9B43C882F}
Schlüssel gefunden : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel gefunden : HKCU\Software\GlobalUpdate
Schlüssel gefunden : HKCU\Software\OCS
Schlüssel gefunden : HKCU\Software\Tutorials
Schlüssel gefunden : HKCU\Software\TutoTag
Schlüssel gefunden : HKCU\Software\VIS
Schlüssel gefunden : HKCU\Software\Mail.Ru
Schlüssel gefunden : HKCU\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Schlüssel gefunden : HKCU\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz
Schlüssel gefunden : HKCU\Software\AppDataLow\Software\Mail.Ru
Schlüssel gefunden : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Crossrider
Schlüssel gefunden : HKLM\SOFTWARE\GlobalUpdate
Schlüssel gefunden : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel gefunden : HKLM\SOFTWARE\MyBestOffersToday
Schlüssel gefunden : HKLM\SOFTWARE\SPPDCOM
Schlüssel gefunden : HKLM\SOFTWARE\Tutorials
Schlüssel gefunden : HKLM\SOFTWARE\AVG Tuneup
Schlüssel gefunden : HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Schlüssel gefunden : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel gefunden : [x64] HKLM\SOFTWARE\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Schlüssel gefunden : HKU\.DEFAULT\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel gefunden : HKU\.DEFAULT\Software\InstalledBrowserExtensions
Schlüssel gefunden : HKU\.DEFAULT\Software\powerpack
Schlüssel gefunden : HKU\.DEFAULT\Software\Tutorials
Schlüssel gefunden : HKU\.DEFAULT\Software\TutoTag
Schlüssel gefunden : HKU\.DEFAULT\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Schlüssel gefunden : HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\GlobalUpdate
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\OCS
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Tutorials
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\TutoTag
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\VIS
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Mail.Ru
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Classes\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel gefunden : HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\AppDataLow\Software\Mail.Ru
Schlüssel gefunden : HKU\S-1-5-18\Software\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}
Schlüssel gefunden : HKU\S-1-5-18\Software\InstalledBrowserExtensions
Schlüssel gefunden : HKU\S-1-5-18\Software\powerpack
Schlüssel gefunden : HKU\S-1-5-18\Software\Tutorials
Schlüssel gefunden : HKU\S-1-5-18\Software\TutoTag
Schlüssel gefunden : HKU\S-1-5-18\Software\{A16B1AF7-982D-40C3-B5C1-633E1A6A6678}
Schlüssel gefunden : HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
 
***** [ Internetbrowser ] *****
 
[C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gefunden : hxxp://start.mysearchdial.com/?f=1&a=irmsd1103&cd=2XzuyEtN2Y1L1QzutDtD0F0F0EtAtDyB0AyC0FzytCtBtCtDtN0D0Tzu0SyBtDyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1920991486&ir=
[C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] gefunden : hxxp://www.awesomehp.com/?type=hp&ts=1393444493&from=vtt&uid=395049983_1052576_B82C1210
[C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gefunden : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gefunden : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] gefunden : pflphaooapbgpeakohlggbpidpppgdff
 
*************************
 
C:\AdwCleaner\AdwCleaner[R0].txt - [3615 Bytes] - [26/02/2014 22:10:10]
C:\AdwCleaner\AdwCleaner[R1].txt - [6958 Bytes] - [03/10/2014 16:07:36]
C:\AdwCleaner\AdwCleaner[R2].txt - [7018 Bytes] - [03/10/2014 16:10:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [2716 Bytes] - [26/02/2014 22:18:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [12810 Bytes] - [08/05/2016 14:27:52]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12884 Bytes] ##########
 
 
 
 
 
 
 
 
 
 
JRT.txt
--------------------------------
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Pro x64 
Ran by Alexander (Administrator) on 08.05.2016 at 14:33:51,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\ProgramData\605f1a69c84b4bf29d74746dd6217eb9 (Folder) 
Successfully deleted: C:\user.js (File) 
Successfully deleted: C:\Users\Alexander\AppData\Local\crashrpt (Folder) 
Successfully deleted: C:\Users\Alexander\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Alexander\AppData\Roaming\3909 (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2016 at 14:35:59,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
 
 
 
 
 
 
 
 
ZHPCleaner
-----------------------------
 

~ ZHPCleaner v2016.5.6.63 by Nicolas Coolman (2016/05/06)
~ Run by Alexander (Administrator)  (08/05/2016 14:42:40)
~ State version : Version OK
~ Type : Reparatur
~ Report : C:\Users\Alexander\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alexander\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10586)
 
 
---\\  Dienst. (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\  Browser. (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\ Datei Host. (1)
~ die Hostdatei ist legitim. (1)
 
 
---\\  Geplante Tasks (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\  Explorer (Ordner, Dateien). (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\  Registrierung (Schlüssel, Werte, Daten). (11)
GELOSCHT key*: [X64] HKLM\SOFTWARE\Wow6432Node\CinemaP-1.4cV26.02-nv []  =>PUP.Optional.CrossRider
GELOSCHT key*: [X64] HKLM\SOFTWARE\Wow6432Node\CinemaP-1.4cV26.02-nv-ie []  =>PUP.Optional.CrossRider
GELOSCHT key*: HKEY_USERS\.DEFAULT\Software\CinemaP-1.4cV26.02-nv []  =>PUP.Optional.CrossRider
GELOSCHT key*: HKEY_USERS\.DEFAULT\Software\CinemaP-1.4cV26.02-nv-ie []  =>PUP.Optional.CrossRider
GELOSCHT key*: [X64] HKLM\SOFTWARE\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library]  =>PUP.Optional.OpenCandy
GELOSCHT key*: [X64] HKLM\SOFTWARE\Wow6432Node\CinemaP-1.4cV26.02 []  =>PUP.Optional.CrossRider
GELOSCHT key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{1112F282-7099-4624-A439-DB29D6551552} [OCComSDK 1.0 Type Library]  =>PUP.Optional.OpenCandy
GELOSCHT key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect
GELOSCHT key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} [C:\Program Files (x86)\globalUpdate\Update (Not File)]  =>PUP.Optional.GlobalUpdate
GELOSCHT key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} [C:\Program Files (x86)\globalUpdate\Update\1.3.25.0 (Not File)]  =>PUP.Optional.GlobalUpdate
GELOSCHT key*: HKCU\SOFTWARE\88F98413F6C65959B8827D69740CD1B4 []  =>Hijacker.Browser
 
 
---\\  Zusammenfassung der Elemente gefunden auf Ihrer workstation (5)
http://www.nicolascoolman.fr/?p=197  =>PUP.Optional.OpenCandy
 
 
---\\  Ein anderes löschen. (9)
~ Registersleutel Tracing Geloscht (9)
~ Entfernen die alten Berichte ZHPCleaner. (0)
 
 
---\\Reparieren Check
~ Reparatur erfolgreich abgeschlossen.
~ dieser Browser fehlt (Opera Software)
 
 
---\\Statistiken
~ Elemente gescannt : 414
~ Einträge gefunden : 0
~ Elemente abgesagt : 0
~ Elemente repariert : 11
 
 
~ End of clean in 00h00mn15s
~====================
ZHPCleaner-[R]-08052016-14_42_55.txt
ZHPCleaner-[S]-08052016-14_41_46.txt
 
 
 
 
 
 
 
 
 
 
Zemana Log
-------------------------
 

Zemana AntiMalware 2.20.2.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016.5.8
Operating System       : Windows 10 64-bit
Processor              : 6X AMD Phenom™ II X6 1045T Processor
BIOS Mode              : Legacy
CUID                   : 00F4ECCA27FD9243BB08EE
Scan Type              : Smart Scan
Duration               : 1m 40s
Scanned Objects        : 10948
Detected Objects       : 6
Excluded Objects       : 0
Read Level             : Normal
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
VeriSign Class 3 Code Signing 2009-2 CA
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\5557C0953FBD9F93745B214FB2483E9369B597F0\Blob = 190000000100000010000000C763A218002B666458293666AF69E0960F000000010000001400000003F55B4DB5C35C83945318021724039001E009DA0300000001000000140000005557C0953FBD9F93745B214FB2483E9369B597F0140000000100000014000000B9ADA723835784199FC276D5825FA7C23E48FF322000000001000000E7040000308204E3308203CBA0030201020210109F1DAAAFB83315A6B64A6EED82D816300D06092A864886F70D01010505003081B6310B300906035504061302555331173015060355040A130E566572695369676E2C20496E632E311F301D060355040B1316566572695369676E205472757374204E6574776F726B313B3039060355040B13325465726D73206F66207573652061742068747470733A2F2F7777772E766572697369676E2E636F6D2F7270612028632930393130302E06035504031327566572695369676E20436C617373203320436F6465205369676E696E6720323030392D32204341301E170D3039313130343030303030305A170D3132313130333233353935395A3081A0310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65204369747931143012060355040A140B445420536F6674204C7464313E303C060355040B13354469676974616C20494420436C6173732033202D204D6963726F736F667420536F6674776172652056616C69646174696F6E207632311430120603550403140B445420536F6674204C746430819F300D06092A864886F70D010101050003818D003081890281810098D43C8BDBF9ABF7B0628E0F5C146E0A20D1177F550643082387488EE46B0270ECF7BD62C4C5F14D3FA8568F9CCEEA469BF325CEA2065E76369298C78194B8252461C5E59E24A024947858009AFD811564366E756A85089E52C116B191829AE93AEC4747D99F2301A3DEFC43266B466F4F19293658594BD9A98BE92D245B2F2F0203010001A38201833082017F30090603551D1304023000300E0603551D0F0101FF04040302078030440603551D1F043D303B3039A037A0358633687474703A2F2F637363332D323030392D322D63726C2E766572697369676E2E636F6D2F435343332D323030392D322E63726C30440603551D20043D303B3039060B6086480186F84501071703302A302806082B06010505070201161C68747470733A2F2F7777772E766572697369676E2E636F6D2F72706130130603551D25040C300A06082B06010505070303307506082B0601050507010104693067302406082B060105050730018618687474703A2F2F6F6373702E766572697369676E2E636F6D303F06082B060105050730028633687474703A2F2F637363332D323030392D322D6169612E766572697369676E2E636F6D2F435343332D323030392D322E636572301F0603551D2304183016801497D06BA82670C8A13F941F082DC4359BA4A11EF2301106096086480186F84201010404030204103016060A2B06010401823702011B040830060101000101FF300D06092A864886F70D010105050003820101006B0B1C2813CAE3A009B57810C2DA153DB4342DA632717A0374BAE9A489F87877DAEF4A72A960BAFD1A41E2A08C6B17BD39DEA86D5C52DDB4CAA00A57DF07F3766103DE0D8FF3C8396D86C9F8BAB4C90F13A13212CED23339697F48B67541173AF9B17D83C5178982D556F4C56BBCB1A764B2CF70667B95AAF44C4A12E74D3BA4BB93FB9FA414AF5638E89CCEE9A40C47857C61FF8C57551BE1959E60C10DE477AD52457CBA23DB9753BF5FB5E2C31F13619AACA720A2C287DBE0D91C29F5D8862E203476D126A4922FFDC5FDB63EFFEA611582485AF7F28209C4BB133ED0CA06316DEA5FB40058F94B52245DEAF8DD5173CC18955870F6388C73EC8135699D89
 
GlobalSign CodeSigning CA - G2
Status             : Scanned
Object             : HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Root CA
Cleaning Action    : Delete
Related Objects    :
                Registry Entry - HKLM\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\2EE8D6982CEDAA5666E9B5F55535A36E3A3932A2\Blob = 190000000100000010000000C84538EE0D3FBA9AFB3B1CAE2067EA9E0F00000001000000140000009EF9494BA4967B969E1061163DD655AAC1F8EFF60300000001000000140000002EE8D6982CEDAA5666E9B5F55535A36E3A3932A2140000000100000014000000937F80F06D9A1B5779B9BA11A27914D06E52C3922000000001000000C0040000308204BC308203A4A00302010202121121356405609AB95F8DDB13164B82F96DE5300D06092A864886F70D01010505003051310B300906035504061302424531193017060355040A1310476C6F62616C5369676E206E762D7361312730250603550403131E476C6F62616C5369676E20436F64655369676E696E67204341202D204732301E170D3132303532393137353230325A170D3135303533303137353230325A308188310B300906035504061302425A310F300D0603550408130642656C697A65311430120603550407130B42656C697A65206369747931163014060355040A130D4469736320536F6674204C7464311630140603550403130D4469736320536F6674204C74643122302006092A864886F70D010901161366696E707240646973632D736F66742E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100BE8F3BCF9AE445DBC426AEA6FAAFA55A2BC9970F33D6B07C0DC723F7AA5723B6089A2913FDC3C0E86A9E9683DB416ECAF4A108D110BA5B6F462DEF825E810AFA540DFA11D524B99297C37F36429A891A0B612A4E7A2742673AF6F76F72C9C1467A3861254C27CD45A65D413743E57FDE2D2D43A23FA3DDA9F1FD4B1CC6F1E069CDBDFCAC1FFC71D7DF74F87E3CC9BAB7473916302F439546634B47DAFF625FD92BFC6A435ED4B7C063C19F8066357BDD1A919FDE5DF5D04B54D1FC3973A4ACB2891076388B2A3D8D2CD452577CE860A1EFD6E5D5A906CCB0D65AB9AF9EF9A3F5B9A43A315DF56D55CA534190B250787351CA6F045200175D0DF3F82F9F6CD0DD0203010001A382015430820150300E0603551D0F0101FF040403020780304C0603551D2004453043304106092B06010401A03201323034303206082B06010505070201162668747470733A2F2F7777772E676C6F62616C7369676E2E636F6D2F7265706F7369746F72792F30090603551D130402300030130603551D25040C300A06082B06010505070303303E0603551D1F043730353033A031A02F862D687474703A2F2F63726C2E676C6F62616C7369676E2E636F6D2F67732F6773636F64657369676E67322E63726C305006082B0601050507010104443042304006082B060105050730028634687474703A2F2F7365637572652E676C6F62616C7369676E2E636F6D2F6361636572742F6773636F64657369676E67322E637274301D0603551D0E04160414937F80F06D9A1B5779B9BA11A27914D06E52C392301F0603551D23041830168014086ED8B69C8ABFED3ED7C3745DCC801FA82F507A300D06092A864886F70D0101050500038201010039D923CA8BACB7A13AEB2C1114A92E27353871F58AC1DD9D0B7E930F795C7D86CB2BE9FD0F30FD0449D3029A0E6B1350432D29B012CA85A627C8A92F239D380084BCFA456629BDC20243553F4E3AD43EB714F580793C6B955319FC0CE47326F9E6B0EA1610EFDCA100895F23D2527779A6A13B22BD54A7B4A0C57A655768ACE3ACD87B91EAC4B42B1057BA017865B7E027B919175607DF73CFD1AEF66E296181A5B28B54A329910C80619D0329D3B46E98D62574E37E10135DC4A26F3F7FE256F09F93839B6692E04233B7626CDA00773A214C474F645AFF7DBAB6343A4CBE9FACDE015D89B19945698475315D04F6A17BF0D2F5A41916E629DC91C87F7E3692
 
Chrome Shortcut
Status             : Scanned
Object             : --app-id=iiljidcefnbhbpamageahhblhbbhhopm
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : Suspicious Browser Setting
Cleaning Action    : Repair
Related Objects    :
                Browser Setting - Chrome Shortcut
 
Samsung Android USB Composite Device Treiber - CHIP-Installer.exe
Status             : Scanned
Object             : %userprofile%\downloads\samsung android usb composite device treiber - chip-installer.exe
MD5                : 7764D71ADD8FF6DD52C0F47E1D38C07C
Publisher          : CHIP Digital GmbH
Size               : 1475080
Version            : 1.1.6.3
Detection          : PUA:Win32/CHIP.AdsDownloader!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\samsung android usb composite device treiber - chip-installer.exe
 
Nvidia PhysX System Software - CHIP-Installer.exe
Status             : Scanned
Object             : %userprofile%\downloads\nvidia physx system software - chip-installer.exe
MD5                : 0641CD85590368F2C6B00CBB4B2545E6
Publisher          : CHIP Digital GmbH
Size               : 1466656
Version            : 1.1.5.6
Detection          : PUA:Win32/CHIP.AdsDownloader!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\nvidia physx system software - chip-installer.exe
 
Display Driver Uninstaller DDU - CHIP-Installer.exe
Status             : Scanned
Object             : %userprofile%\downloads\display driver uninstaller ddu - chip-installer.exe
MD5                : 42095E8D11E1AD98B800EC6881F80241
Publisher          : CHIP Digital GmbH
Size               : 1466656
Version            : 1.1.5.6
Detection          : PUA:Win32/CHIP.AdsDownloader!Ep
Cleaning Action    : Quarantine
Related Objects    :
                File - %userprofile%\downloads\display driver uninstaller ddu - chip-installer.exe
 
 
Cleaning Result
-------------------------------------------------------
Cleaned               : 6
Reported as safe      : 0
Failed                : 0
 

-------------------------------------------------------

 

I haven't encountered any more problems except the start menu thing, if you could help me resolve it then we should be all done. The help is really appreciated, thank you.

 

Best regards,

 

NeisAEL


Edited by NeisAEL, 08 May 2016 - 08:04 AM.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 08 May 2016 - 12:08 PM

The only problem I encountered was after running the fixlist, I cannot open my start menu anymore, or right click anything in the taskbar anymore. Right-clicking the taskbar itself works, but i cannot rightclick folders or open programs anymore. And I cannot open my startmenu anymore, when clicking nothing happens.

Please do the following;

 

FRST Script:

 Please download this attached Attached File  Fixlist 1.txt   767bytes   4 downloads  and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

=======================================================

 

Please PC restart now.
How is now ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 12:22 PM

Problem still persists, sadly. Still unable to open my start menu or rightclick on any open folder in my taskbar (note: I can right click on icons in the bottom right and I can right click on the start menu itself, but i cannot open it. I can right click on the empty taskbar aswell)

 

 

fixlog.txt

-------------------------------------

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-05-2016

durchgeführt von Alexander (2016-05-08 19:17:54) Run:2
Gestartet von C:\Users\Alexander\Desktop\frst
Geladene Profile: Alexander (Verfügbare Profile: Alexander & DefaultAppPool)
Start-Modus: Normal
==============================================
 
fixlist Inhalt:
*****************
RestoreQuarantine: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071286460691&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
RestoreQuarantine: HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071286460691&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
RestoreQuarantine: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131071071290611233&GUID=98446DE1-7DD5-4DD9-ACE5-8F3BF15F26C9
RestoreQuarantine: SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
RestoreQuarantine: C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
*****************
 
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Wert erfolgreich wiederhergestellt
HKU\RestoreQuarantine: S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Fehler beim Setzen des Wertes
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Wert erfolgreich wiederhergestellt
RestoreQuarantine: C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP=> Wiederherstellung aus der Quarantäne abgeschlossen.
 
==== Ende von Fixlog 19:17:54 ====

Edited by NeisAEL, 08 May 2016 - 12:22 PM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 08 May 2016 - 01:02 PM

Please now try again

 

FRST Script:

 Please download this attached Attached File  Fixlist.txt   47bytes   4 downloads  and save it in the same directory as FRST

  • Close any open browsers or any other programs that are open
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

=======================================================

Please PC restart now. And how is now problem ?

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 01:16 PM

Now its working again, thank you. But didn't we restore some of the malicious files now?


Edited by NeisAEL, 08 May 2016 - 01:19 PM.


#8 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 08 May 2016 - 01:25 PM

Now its working again, thank you. But didn't we restore some of the malicious files now?

Yes.

But, no problem.

 

Please do step1,2,3,4,5 again and PC restart. And post a fresh FRST Logs for my check.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 02:05 PM

I ran all the programs again and did two FRST logs, one before I've done everything and one after because I didnt know if you wanted one before or after. Also, I have not executed any fixlist.txt with FRST either. Here are the logs.

 

 

 

FRST before

-------------------------------------------------------------

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016
durchgeführt von Alexander (Administrator) auf ALEXANDER-PC (08-05-2016 20:28:23)
Gestartet von C:\Users\Alexander\Desktop\frst
Geladene Profile: Alexander (Verfügbare Profile: Alexander & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Zemana Ltd.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Users\Alexander\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Disc Soft Ltd) D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(Dropbox, Inc.) C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4701184 2014-11-24] (VIA)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Dropbox Update] => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Amazon Music] => C:\Users\Alexander\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3f95284e-8b08-4a20-9c62-31cc4b61a5df}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4319e6a8-3bad-4f2e-a957-01e8d92f7ce0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{9fa39968-67b9-4cf6-a661-a131e34098f3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9fa39968-67b9-4cf6-a661-a131e34098f3}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E307A6F9-60A1-45CE-BD83-B342268BBBC5}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{e337dfca-3e16-48c7-8bf5-8bf57ceaff25}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\tm67lia8.default
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-12] (Unity Technologies ApS)
FF Extension: New Tab by Yahoo - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2016-01-07]
 
Chrome: 
=======
CHR Session Restore: Default -> ist aktiviert.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-05-08]
CHR Extension: (Twitch Live) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2016-05-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (DarkDrifter) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\oigcilimikkifjheejpiecojccneegdc [2016-05-07]
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-10-31] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-05-01] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [809456 2015-12-07] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-03-21] (Advanced Micro Devices)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-11] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-12-05] (Echobit, LLC)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202656 2016-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-05-08] (Zemana Ltd.)
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-05-08 20:27 - 2016-05-08 20:27 - 00000000 ____D C:\Users\Alexander\Desktop\Fixing
2016-05-08 20:12 - 2016-05-08 20:12 - 00000047 _____ C:\Users\Alexander\Downloads\Fixlist (3).txt
2016-05-08 20:04 - 2016-05-08 20:15 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\qBittorrent
2016-05-08 19:16 - 2016-05-08 19:16 - 00000767 _____ C:\Users\Alexander\Downloads\Fixlist 1.txt
2016-05-08 18:22 - 2016-05-08 18:22 - 00000080 _____ C:\Users\Alexander\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-08 17:04 - 2016-05-08 17:04 - 00010706 _____ C:\Users\Alexander\Downloads\Fixlist (2).txt
2016-05-08 17:01 - 2016-05-08 17:01 - 00000000 ____D C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2016-05-08 15:20 - 2016-05-08 15:20 - 00010706 _____ C:\Users\Alexander\Downloads\Fixlist (1).txt
2016-05-08 14:47 - 2016-05-08 20:22 - 00000407 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-08 14:47 - 2016-05-08 20:21 - 00025439 _____ C:\WINDOWS\ZAM.krnl.trace
2016-05-08 14:47 - 2016-05-08 14:47 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-05-08 14:47 - 2016-05-08 14:47 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-05-08 14:47 - 2016-05-08 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-05-08 14:46 - 2016-05-08 14:46 - 00000000 ____D C:\Users\Alexander\AppData\Local\Zemana
2016-05-08 14:45 - 2016-05-08 14:46 - 05479312 _____ ( ) C:\Users\Alexander\Downloads\Zemana.AntiMalware.Setup.exe
2016-05-08 14:36 - 2016-05-08 14:42 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\ZHP
2016-05-08 14:22 - 2016-05-08 20:15 - 00000000 ____D C:\Users\Alexander\AppData\Local\Packages
2016-05-08 14:15 - 2016-05-08 14:15 - 00010706 _____ C:\Users\Alexander\Downloads\Fixlist.txt
2016-05-08 02:29 - 2016-05-08 03:02 - 00000017 _____ C:\Users\Alexander\Desktop\Neues Textdokument (2).txt
2016-05-07 22:01 - 2016-05-07 22:01 - 00070802 _____ C:\Users\Alexander\Downloads\Addition (1).txt
2016-05-07 21:21 - 2016-05-07 21:21 - 00901178 _____ C:\Users\Alexander\Downloads\Pixelvision2-master.zip
2016-05-07 21:17 - 2016-05-07 21:17 - 00000160 _____ C:\Users\Alexander\Documents\runprocess_log.txt
2016-05-07 19:33 - 2016-05-07 19:33 - 00000900 _____ C:\Users\Public\Desktop\Half-Life 2.lnk
2016-05-07 19:33 - 2016-05-07 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life 2
2016-05-07 19:10 - 2016-05-07 19:10 - 00014509 _____ C:\Users\Alexander\Downloads\[kat.cr]half.life.2.2004.pc.cpul.torrent
2016-05-07 18:57 - 2016-05-07 18:57 - 00070879 _____ C:\Users\Alexander\Downloads\Addition.txt
2016-05-07 17:31 - 2016-05-08 20:28 - 00000000 ____D C:\Users\Alexander\Desktop\frst
2016-05-07 17:24 - 2016-05-08 20:28 - 00000000 ____D C:\FRST
2016-05-07 17:09 - 2016-05-07 17:09 - 00000000 ____D C:\Program Files (x86)\yesbnd
2016-05-07 16:56 - 2016-05-07 16:56 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-05-01 19:41 - 2016-05-01 19:41 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\PunkBuster
2016-05-01 17:02 - 2016-05-01 17:02 - 00000838 _____ C:\Users\Alexander\Desktop\Scrapland.lnk
2016-05-01 17:02 - 2016-05-01 17:02 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Scrapland
2016-05-01 01:15 - 2016-05-01 01:15 - 02106295 _____ C:\Users\Alexander\Downloads\matchmaking_server_picker_44b.zip
2016-05-01 01:15 - 2016-05-01 01:15 - 00000000 ____D C:\Program Files\mmpicker
2016-04-30 19:54 - 2016-04-30 19:54 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-04-29 01:47 - 2016-05-02 22:57 - 00019118 _____ C:\Users\Alexander\Desktop\Roadtrip Amerika.odt
2016-04-29 01:36 - 2016-04-29 01:47 - 00010301 _____ C:\Users\Alexander\Desktop\Lebenslauf Arbeitsamt - Kopie.odt
2016-04-28 22:18 - 2016-04-28 22:18 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Ubisoft
2016-04-28 02:39 - 2016-04-28 02:39 - 00000920 _____ C:\Users\Public\Desktop\Sleeping Dogs.lnk
2016-04-28 02:23 - 2016-04-28 02:24 - 03878112 _____ (Husdawg, LLC) C:\Users\Alexander\Downloads\Detection (1).exe
2016-04-27 04:24 - 2016-04-27 04:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman - Arkham City
2016-04-27 01:30 - 2016-04-27 01:30 - 00459541 _____ C:\Users\Alexander\Downloads\ScriptHookV_SDK_1.0.617.1a.zip
2016-04-27 01:15 - 2016-04-27 01:15 - 00918895 _____ C:\Users\Alexander\Downloads\3e0d39-LUA.zip
2016-04-27 01:09 - 2016-04-27 01:10 - 00926072 _____ C:\Users\Alexander\Downloads\ScriptHookV_1.0.678.1.zip
2016-04-27 01:06 - 2016-04-27 01:06 - 00009635 _____ C:\Users\Alexander\Downloads\4d5009-HeistModUpdate171.zip
2016-04-25 14:38 - 2016-04-25 14:38 - 00001164 _____ C:\Users\Public\Desktop\Batman Arkham Asylum GOTY.lnk
2016-04-25 14:38 - 2016-04-25 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocksteady Studios
2016-04-25 02:24 - 2016-04-25 02:24 - 00001018 _____ C:\Users\Alexander\Desktop\Batman Arkham Knight.lnk
2016-04-25 02:24 - 2016-04-25 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2016-04-24 21:42 - 2016-04-24 21:42 - 00001120 _____ C:\Users\Alexander\Desktop\Murdered - Soul Suspect.lnk
2016-04-24 21:42 - 2016-04-24 21:42 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Murdered - Soul Suspect
2016-04-24 20:52 - 2016-04-24 21:31 - 17141991 _____ (The qBittorrent project) C:\Users\Alexander\Downloads\qbittorrent_3.3.4_setup.exe
2016-04-24 03:07 - 2016-04-24 03:09 - 00000000 ____D C:\Users\Alexander\Desktop\test
2016-04-24 03:02 - 2016-04-24 03:04 - 334415392 _____ (AMD Inc.) C:\Users\Alexander\Downloads\non-whql-64bit-radeon-software-crimson-16.4.1-win10-win8.1-win7-apr4.exe
2016-04-24 02:47 - 2016-04-24 02:47 - 00000000 ____D C:\Program Files (x86)\directx
2016-04-24 02:36 - 2016-04-24 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
2016-04-24 02:36 - 1999-12-17 08:13 - 00086016 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2016-04-23 16:06 - 2016-04-23 16:06 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\dvdcss
2016-04-23 16:05 - 2016-04-23 16:05 - 31095769 _____ C:\Users\Alexander\Downloads\asd.rar
2016-04-23 16:05 - 2016-04-23 16:05 - 00000000 ____D C:\Users\Alexander\Desktop\asdf
2016-04-22 02:40 - 2016-04-22 02:40 - 00000000 ____D C:\Users\Alexander\Desktop\Cloud Downloader 2.9
2016-04-22 02:39 - 2016-04-22 02:39 - 05553741 _____ C:\Users\Alexander\Downloads\CloudDownloaderVersion_2.9.zip
2016-04-20 22:10 - 2016-05-03 01:17 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 22:10 - 2016-05-03 01:17 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 22:10 - 2016-04-20 22:10 - 00987728 _____ (Google Inc.) C:\Users\Alexander\Downloads\ChromeSetup.exe
2016-04-20 22:09 - 2016-05-08 20:20 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 22:09 - 2016-05-08 14:14 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 22:09 - 2016-04-20 22:09 - 00004200 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-20 22:09 - 2016-04-20 22:09 - 00003968 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-20 22:06 - 2016-04-20 22:09 - 00987728 _____ (Google Inc.) C:\Users\Alexander\Desktop\ChromeSetup.exe
2016-04-19 19:22 - 2016-04-19 19:22 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OBS
2016-04-15 02:21 - 2016-04-15 02:21 - 00000818 _____ C:\Users\Public\Desktop\Launcher The Stanley Parable.lnk
2016-04-15 02:21 - 2016-04-15 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Stanley Parable
2016-04-15 00:17 - 2016-04-15 00:17 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 14:32 - 2016-04-13 14:32 - 00129759 _____ C:\Users\Alexander\Downloads\151124-Anforderungen-Sportest.pdf
2016-04-13 14:32 - 2016-04-13 14:32 - 00046807 _____ C:\Users\Alexander\Downloads\141208-Informationsblatt-Sehfaehigkeit2.pdf
2016-04-13 14:32 - 2016-04-13 14:32 - 00037667 _____ C:\Users\Alexander\Downloads\Polizeiarztliche-Untersuchung.pdf
2016-04-13 14:02 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 14:02 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 14:02 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 14:02 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 14:02 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 14:02 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 14:02 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 14:02 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 14:02 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 14:02 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 14:02 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 14:02 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 14:02 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 14:02 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 14:02 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 14:02 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 14:02 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 14:02 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 14:02 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 14:02 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 14:02 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 14:02 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 14:02 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 14:02 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 14:02 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 14:02 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 14:02 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 14:02 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 14:02 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 14:02 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 14:01 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 14:01 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 14:01 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 14:01 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 14:01 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 14:01 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 14:01 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 14:01 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 14:01 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 14:01 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 14:01 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 14:01 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 14:01 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 14:01 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 14:01 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 14:01 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 14:01 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 14:01 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 14:01 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 14:01 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 14:01 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 14:01 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 14:01 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 14:01 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 14:01 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 14:01 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 14:01 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 14:01 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 14:01 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 14:01 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 14:01 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 14:01 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 14:01 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 14:01 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 14:01 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 14:01 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 14:01 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 14:01 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 14:01 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 14:01 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 14:01 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 14:01 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 14:01 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 14:01 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 14:01 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 14:01 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 14:01 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 14:01 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 14:01 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 14:01 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 14:01 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 14:01 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 14:01 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 14:01 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 14:01 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 14:01 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 14:01 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 14:01 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 14:01 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 14:01 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 14:01 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 14:01 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 14:01 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 14:01 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 14:01 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 14:01 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 14:01 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 14:01 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 14:01 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 14:01 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 14:01 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 14:01 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 14:01 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 14:01 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 14:01 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 14:01 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 14:01 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 14:01 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 14:01 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 14:01 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 14:01 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 14:01 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 14:01 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 14:01 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 14:01 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 14:01 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 14:01 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 14:01 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 14:01 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 14:01 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 14:01 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 14:01 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 14:01 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 14:01 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 14:01 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 14:01 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 14:01 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 14:01 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 14:01 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 14:01 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 14:01 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 14:01 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 14:01 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 14:01 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 14:01 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 14:01 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 14:01 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 14:01 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 14:01 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 14:01 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 14:01 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 14:01 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 14:01 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 14:01 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 14:01 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 14:01 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 14:01 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 14:01 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 14:01 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 14:01 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 14:01 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 14:01 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 14:01 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 14:01 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 14:01 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 14:01 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 14:01 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 14:01 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 14:01 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 14:01 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 14:00 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 14:00 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 14:00 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 14:00 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 14:00 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 14:00 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 14:00 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 14:00 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 14:00 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 14:00 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 14:00 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 14:00 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 14:00 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 14:00 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 14:00 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 14:00 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 14:00 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 14:00 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 14:00 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 14:00 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 14:00 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 14:00 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 14:00 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 14:00 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 14:00 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 14:00 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 14:00 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 14:00 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 14:00 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 14:00 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 14:00 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 14:00 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 14:00 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 14:00 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 14:00 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 14:00 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 14:00 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 14:00 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 14:00 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 14:00 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 14:00 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 14:00 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 14:00 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 14:00 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 14:00 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 14:00 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 14:00 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 14:00 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 14:00 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 14:00 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 14:00 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 14:00 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 14:00 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 14:00 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 14:00 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 14:00 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 14:00 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 14:00 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 14:00 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 14:00 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 14:00 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 14:00 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 14:00 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 14:00 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 14:00 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 14:00 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 14:00 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 14:00 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 14:00 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 14:00 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 14:00 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 14:00 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 14:00 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 14:00 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 14:00 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 14:00 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 14:00 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 14:00 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 14:00 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 14:00 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 14:00 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 14:00 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 14:00 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 14:00 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 14:00 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 14:00 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 14:00 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 14:00 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 18:22 - 2016-04-12 18:22 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-10 19:47 - 2016-04-10 19:47 - 42269960 _____ C:\Users\Alexander\Downloads\SDA1.0.5.zip
2016-04-10 19:45 - 2016-04-10 19:45 - 00401751 _____ C:\Users\Alexander\Downloads\SteamDesktopAuthenticator-master.zip
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-05-08 20:25 - 2015-06-20 13:40 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA.job
2016-05-08 20:24 - 2015-06-20 13:40 - 00001188 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core.job
2016-05-08 20:21 - 2014-12-16 02:35 - 00000000 ___RD C:\Users\Alexander\Dropbox
2016-05-08 20:20 - 2016-03-09 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-08 20:19 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-08 18:22 - 2013-08-18 12:50 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-05-08 18:21 - 2015-04-14 01:25 - 00000000 ____D C:\Program Files\Rockstar Games
2016-05-08 14:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-08 14:29 - 2016-03-09 13:56 - 00000000 ____D C:\Users\Alexander
2016-05-08 14:29 - 2014-02-26 22:10 - 00000000 ____D C:\AdwCleaner
2016-05-08 14:26 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-08 14:18 - 2014-10-19 17:58 - 00000000 ____D C:\Users\Alexander\AppData\LocalLow\Temp
2016-05-01 22:16 - 2014-11-13 22:45 - 00000000 ____D C:\ProgramData\Ubisoft
2016-05-01 19:41 - 2015-02-02 23:03 - 00189248 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-01 19:41 - 2015-02-02 23:03 - 00075136 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-05-01 19:28 - 2013-07-18 18:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-01 17:02 - 2015-02-22 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-04-29 03:12 - 2015-01-26 01:57 - 01939968 _____ (Microsoft) C:\Users\Alexander\Desktop\Matchmaking Server Picker.exe
2016-04-28 22:17 - 2013-09-01 01:11 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-04-28 18:47 - 2013-10-26 12:12 - 00000000 ____D C:\Users\Alexander\Documents\WB Games
2016-04-28 02:39 - 2014-01-30 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
2016-04-25 18:15 - 2013-06-13 14:48 - 00000000 ____D C:\Users\Alexander\Documents\Square Enix
2016-04-25 14:09 - 2016-03-09 13:55 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-25 14:09 - 2015-10-30 20:35 - 00888008 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-25 14:09 - 2015-10-30 20:35 - 00197092 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-25 14:09 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-25 02:26 - 2016-03-25 21:23 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-04-24 22:56 - 2015-01-30 02:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\qBittorrent
2016-04-24 21:45 - 2013-06-25 22:18 - 00000000 ____D C:\Users\Alexander\Documents\My Games
2016-04-24 18:08 - 2015-03-24 16:48 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2016-04-22 09:57 - 2013-06-12 14:37 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 22:09 - 2014-03-04 16:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-19 21:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 00:19 - 2014-12-16 02:33 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Dropbox
2016-04-15 00:18 - 2015-06-20 13:40 - 00000000 ____D C:\Users\Alexander\AppData\Local\Dropbox
2016-04-14 22:53 - 2016-02-18 02:26 - 00000841 _____ C:\Users\Alexander\Desktop\Uplay.lnk
2016-04-14 21:28 - 2013-09-01 01:11 - 00000000 ____D C:\Users\Alexander\AppData\Local\Ubisoft Game Launcher
2016-04-14 15:07 - 2016-03-09 13:50 - 00250168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 21:31 - 2013-06-13 05:25 - 00000000 ____D C:\Users\Alexander\AppData\Local\AMD
2016-04-13 16:22 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:20 - 2014-10-02 15:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:15 - 2014-10-02 15:54 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 18:20 - 2016-03-09 13:53 - 00000000 ____D C:\Program Files\AMD
2016-04-12 18:11 - 2014-09-03 20:17 - 00000000 ____D C:\AMD
2016-04-08 21:31 - 2016-04-05 02:40 - 00000000 ____D C:\Users\Alexander\Desktop\Neuer Ordner
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2015-02-12 18:54 - 2015-02-12 18:56 - 0000034 _____ () C:\Users\Alexander\AppData\Roaming\AdobeWLCMCache.dat
2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Alexander\AppData\Roaming\DKDEMK
2015-02-27 02:43 - 2015-02-27 02:43 - 1986000 _____ (Cinema PlusV26.02) C:\Users\Alexander\AppData\Roaming\DKDEMK.exe
2002-08-08 06:11 - 2002-08-08 06:11 - 0319488 _____ () C:\Users\Alexander\AppData\Roaming\MafiaSetup.exe
2013-10-28 21:06 - 2013-10-28 21:06 - 0007602 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
 
Einige Dateien in TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Alexander\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe
C:\Users\Alexander\AppData\Local\Temp\frag.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
 
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2016-05-03 15:19
 

 

==================== Ende von FRST.txt ============================
 
 
 
 
 
 
 
AdwCleaner
----------------------------------------
 
# AdwCleaner v5.115 - Bericht erstellt am 08/05/2016 um 20:32:30
# Aktualisiert am 01/05/2016 von Xplode
# Datenbank : 2016-05-08.4 [Server]
# Betriebssystem : Windows 10 Pro  (X64)
# Benutzername : Alexander - ALEXANDER-PC
# Gestartet von : C:\Users\Alexander\Desktop\Fixing\adwcleaner_5.115.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum
 
***** [ Dienste ] *****
 
 
***** [ Ordner ] *****
 
[-] Ordner gelöscht : C:\Program Files (x86)\yesbnd
 
***** [ Dateien ] *****
 
[-] Datei gelöscht : C:\Users\Alexander\AppData\Roaming\DKDEMK
[-] Datei gelöscht : C:\Users\Alexander\AppData\Roaming\DKDEMK.exe
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Verknüpfungen ] *****
 
 
***** [ Aufgabenplanung ] *****
 
[-] Geplante Aufgabe gelöscht : DKDEMK
 
***** [ Registrierungsdatenbank ] *****
 
 
***** [ Internetbrowser ] *****
 
 
*************************
 
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [12343 Bytes] - [08/05/2016 14:29:30]
C:\AdwCleaner\AdwCleaner[C2].txt - [1103 Bytes] - [08/05/2016 20:32:30]
C:\AdwCleaner\AdwCleaner[R0].txt - [3615 Bytes] - [26/02/2014 22:10:10]
C:\AdwCleaner\AdwCleaner[R1].txt - [6958 Bytes] - [03/10/2014 16:07:36]
C:\AdwCleaner\AdwCleaner[R2].txt - [7018 Bytes] - [03/10/2014 16:10:18]
C:\AdwCleaner\AdwCleaner[S0].txt - [2716 Bytes] - [26/02/2014 22:18:26]
C:\AdwCleaner\AdwCleaner[S1].txt - [12972 Bytes] - [08/05/2016 14:27:52]
C:\AdwCleaner\AdwCleaner[S2].txt - [1493 Bytes] - [08/05/2016 20:31:14]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1615 Bytes] ##########
 
 
 
 
 
JRT.txt hasn't found anything. Came up clean.
 
 
 
ZHPCleaner
------------------------------------------
 

~ ZHPCleaner v2016.5.6.63 by Nicolas Coolman (2016/05/06)
~ Run by Alexander (Administrator)  (08/05/2016 20:44:07)
~ State version : Version OK
~ Type : Reparatur
~ Report : C:\Users\Alexander\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Alexander\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 10586)
 
 
---\\  Dienst. (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\  Browser. (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\ Datei Host. (1)
~ die Hostdatei ist legitim. (1)
 
 
---\\  Geplante Tasks (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\  Explorer (Ordner, Dateien). (1)
VERSCHIEBEN Datei: C:\Users\Alexander\AppData\Roaming\MafiaSetup.exe [Copyright © 2002 - MafiaInstallShield MFC Application]  =>PUP.Optional.Pirrit
 
 
---\\  Registrierung (Schlüssel, Werte, Daten). (0)
~ Alle bösartigen oder unnötige Element gefunden.
 
 
---\\  Zusammenfassung der Elemente gefunden auf Ihrer workstation (1)
http://www.nicolascoolman.fr/?p=914  =>PUP.Optional.Pirrit
 
 
---\\  Ein anderes löschen. (6)
~ Registersleutel Tracing Geloscht (6)
~ Entfernen die alten Berichte ZHPCleaner. (0)
 
 
---\\Reparieren Check
~ Reparatur erfolgreich abgeschlossen.
~ dieser Browser fehlt (Opera Software)
 
 
---\\Statistiken
~ Elemente gescannt : 403
~ Einträge gefunden : 0
~ Elemente abgesagt : 0
~ Elemente repariert : 1
 
 
~ End of clean in 00h00mn03s
~====================
ZHPCleaner-[R]-08052016-14_42_55.txt
ZHPCleaner-[R]-08052016-20_44_10.txt
ZHPCleaner-[S]-08052016-14_41_46.txt
ZHPCleaner-[S]-08052016-20_43_38.txt
 
 

 

 

 

 

Zemana hasn't found anything either

 

 

 

 

FRST Log after

------------------------------------------

 

 

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:07-05-2016
durchgeführt von Alexander (Administrator) auf ALEXANDER-PC (08-05-2016 20:56:15)
Gestartet von C:\Users\Alexander\Desktop\frst
Geladene Profile: Alexander (Verfügbare Profile: Alexander & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Chrome)
Start-Modus: Normal
 
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Zemana Ltd.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.168_none_76587b40265ca57e\TiWorker.exe
(Zemana Ltd.) D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\CMICNFG3.dll,CMICtrlWnd
HKLM\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [4701184 2014-11-24] (VIA)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-04-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [ZAM] => D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Steam] => D:\Games\Steam\steam.exe [3077712 2016-04-30] (Valve Corporation)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [DAEMON Tools Lite] => D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Dropbox Update] => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Run: [Amazon Music] => C:\Users\Alexander\AppData\Local\Amazon Music\Amazon Music Helper.exe [5887808 2015-07-21] ()
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-04-15]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Nicht auf der Ausnahmeliste) ====================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{3f95284e-8b08-4a20-9c62-31cc4b61a5df}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{4319e6a8-3bad-4f2e-a957-01e8d92f7ce0}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{9fa39968-67b9-4cf6-a661-a131e34098f3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{9fa39968-67b9-4cf6-a661-a131e34098f3}: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{E307A6F9-60A1-45CE-BD83-B342268BBBC5}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{e337dfca-3e16-48c7-8bf5-8bf57ceaff25}: [DhcpNameServer] 192.168.43.1
 
Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
 
FireFox:
========
FF ProfilePath: C:\Users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\tm67lia8.default
FF Session Restore: -> ist aktiviert.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-29] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-29] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll [Keine Datei]
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2617271622-2672243655-3591071018-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Alexander\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-04-12] (Unity Technologies ApS)
FF Extension: New Tab by Yahoo - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2016-01-07]
 
Chrome: 
=======
CHR Session Restore: Default -> ist aktiviert.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.885\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.94\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-05-08]
CHR Extension: (Twitch Live) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\iiljidcefnbhbpamageahhblhbbhhopm [2016-05-08]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-08]
CHR Extension: (DarkDrifter) - C:\Users\Alexander\AppData\Local\Google\Chrome\User Data\Default\Extensions\oigcilimikkifjheejpiecojccneegdc [2016-05-07]
 
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1345056 2016-02-11] ()
S3 Origin Client Service; D:\Origin\OriginClientService.exe [2119688 2016-03-29] (Electronic Arts)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-10-31] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2016-05-01] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
S3 TunngleService; D:\Program Files (x86)\Tunngle\TnglCtrl.exe [809456 2015-12-07] (Tunngle.net GmbH)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAMSvc; D:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [13317960 2016-04-27] (Zemana Ltd.)
 
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [23240 2016-03-21] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102400 2016-03-21] (Advanced Micro Devices)
S3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1155072 2009-12-01] (C-Media Inc)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-11] (Disc Soft Ltd)
S3 EvolveVirtualAdapter; C:\Windows\System32\drivers\evolve.sys [21656 2015-12-05] (Echobit, LLC)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202656 2016-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202656 2016-05-08] (Zemana Ltd.)
 
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
 
==================== Ein Monat: Erstellte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-05-08 20:44 - 2016-05-08 20:44 - 00001791 _____ C:\Users\Alexander\Desktop\ZHPCleaner.txt
2016-05-08 20:38 - 2016-05-08 20:38 - 00000921 _____ C:\Users\Alexander\Desktop\ZHPCleaner.lnk
2016-05-08 20:37 - 2016-05-08 20:37 - 00000550 _____ C:\Users\Alexander\Desktop\JRT.txt
2016-05-08 20:27 - 2016-05-08 20:34 - 00000000 ____D C:\Users\Alexander\Desktop\Fixing
2016-05-08 20:12 - 2016-05-08 20:12 - 00000047 _____ C:\Users\Alexander\Downloads\Fixlist (3).txt
2016-05-08 20:04 - 2016-05-08 20:15 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\qBittorrent
2016-05-08 19:16 - 2016-05-08 19:16 - 00000767 _____ C:\Users\Alexander\Downloads\Fixlist 1.txt
2016-05-08 18:22 - 2016-05-08 18:22 - 00000080 _____ C:\Users\Alexander\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2016-05-08 17:04 - 2016-05-08 17:04 - 00010706 _____ C:\Users\Alexander\Downloads\Fixlist (2).txt
2016-05-08 17:01 - 2016-05-08 17:01 - 00000000 ____D C:\WINDOWS\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2016-05-08 15:20 - 2016-05-08 15:20 - 00010706 _____ C:\Users\Alexander\Downloads\Fixlist (1).txt
2016-05-08 14:47 - 2016-05-08 20:55 - 00034440 _____ C:\WINDOWS\ZAM.krnl.trace
2016-05-08 14:47 - 2016-05-08 20:53 - 00000551 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-05-08 14:47 - 2016-05-08 14:47 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-05-08 14:47 - 2016-05-08 14:47 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-05-08 14:47 - 2016-05-08 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2016-05-08 14:46 - 2016-05-08 14:46 - 00000000 ____D C:\Users\Alexander\AppData\Local\Zemana
2016-05-08 14:45 - 2016-05-08 14:46 - 05479312 _____ ( ) C:\Users\Alexander\Downloads\Zemana.AntiMalware.Setup.exe
2016-05-08 14:36 - 2016-05-08 20:49 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\ZHP
2016-05-08 14:22 - 2016-05-08 20:15 - 00000000 ____D C:\Users\Alexander\AppData\Local\Packages
2016-05-08 14:15 - 2016-05-08 14:15 - 00010706 _____ C:\Users\Alexander\Downloads\Fixlist.txt
2016-05-08 02:29 - 2016-05-08 03:02 - 00000017 _____ C:\Users\Alexander\Desktop\Neues Textdokument (2).txt
2016-05-07 22:01 - 2016-05-07 22:01 - 00070802 _____ C:\Users\Alexander\Downloads\Addition (1).txt
2016-05-07 21:21 - 2016-05-07 21:21 - 00901178 _____ C:\Users\Alexander\Downloads\Pixelvision2-master.zip
2016-05-07 21:17 - 2016-05-07 21:17 - 00000160 _____ C:\Users\Alexander\Documents\runprocess_log.txt
2016-05-07 19:33 - 2016-05-07 19:33 - 00000900 _____ C:\Users\Public\Desktop\Half-Life 2.lnk
2016-05-07 19:33 - 2016-05-07 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Half-Life 2
2016-05-07 19:10 - 2016-05-07 19:10 - 00014509 _____ C:\Users\Alexander\Downloads\[kat.cr]half.life.2.2004.pc.cpul.torrent
2016-05-07 18:57 - 2016-05-07 18:57 - 00070879 _____ C:\Users\Alexander\Downloads\Addition.txt
2016-05-07 17:31 - 2016-05-08 20:56 - 00000000 ____D C:\Users\Alexander\Desktop\frst
2016-05-07 17:24 - 2016-05-08 20:56 - 00000000 ____D C:\FRST
2016-05-07 16:56 - 2016-05-07 16:56 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-05-01 19:41 - 2016-05-01 19:41 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\PunkBuster
2016-05-01 17:02 - 2016-05-01 17:02 - 00000838 _____ C:\Users\Alexander\Desktop\Scrapland.lnk
2016-05-01 17:02 - 2016-05-01 17:02 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Scrapland
2016-05-01 01:15 - 2016-05-01 01:15 - 02106295 _____ C:\Users\Alexander\Downloads\matchmaking_server_picker_44b.zip
2016-05-01 01:15 - 2016-05-01 01:15 - 00000000 ____D C:\Program Files\mmpicker
2016-04-30 19:54 - 2016-04-30 19:54 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2016-04-29 01:47 - 2016-05-02 22:57 - 00019118 _____ C:\Users\Alexander\Desktop\Roadtrip Amerika.odt
2016-04-29 01:36 - 2016-04-29 01:47 - 00010301 _____ C:\Users\Alexander\Desktop\Lebenslauf Arbeitsamt - Kopie.odt
2016-04-28 22:18 - 2016-04-28 22:18 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Ubisoft
2016-04-28 02:39 - 2016-04-28 02:39 - 00000920 _____ C:\Users\Public\Desktop\Sleeping Dogs.lnk
2016-04-28 02:23 - 2016-04-28 02:24 - 03878112 _____ (Husdawg, LLC) C:\Users\Alexander\Downloads\Detection (1).exe
2016-04-27 04:24 - 2016-04-27 04:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Batman - Arkham City
2016-04-27 01:30 - 2016-04-27 01:30 - 00459541 _____ C:\Users\Alexander\Downloads\ScriptHookV_SDK_1.0.617.1a.zip
2016-04-27 01:15 - 2016-04-27 01:15 - 00918895 _____ C:\Users\Alexander\Downloads\3e0d39-LUA.zip
2016-04-27 01:09 - 2016-04-27 01:10 - 00926072 _____ C:\Users\Alexander\Downloads\ScriptHookV_1.0.678.1.zip
2016-04-27 01:06 - 2016-04-27 01:06 - 00009635 _____ C:\Users\Alexander\Downloads\4d5009-HeistModUpdate171.zip
2016-04-25 14:38 - 2016-04-25 14:38 - 00001164 _____ C:\Users\Public\Desktop\Batman Arkham Asylum GOTY.lnk
2016-04-25 14:38 - 2016-04-25 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rocksteady Studios
2016-04-25 02:24 - 2016-04-25 02:24 - 00001018 _____ C:\Users\Alexander\Desktop\Batman Arkham Knight.lnk
2016-04-25 02:24 - 2016-04-25 02:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\by.xatab
2016-04-24 21:42 - 2016-04-24 21:42 - 00001120 _____ C:\Users\Alexander\Desktop\Murdered - Soul Suspect.lnk
2016-04-24 21:42 - 2016-04-24 21:42 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Murdered - Soul Suspect
2016-04-24 20:52 - 2016-04-24 21:31 - 17141991 _____ (The qBittorrent project) C:\Users\Alexander\Downloads\qbittorrent_3.3.4_setup.exe
2016-04-24 03:07 - 2016-04-24 03:09 - 00000000 ____D C:\Users\Alexander\Desktop\test
2016-04-24 03:02 - 2016-04-24 03:04 - 334415392 _____ (AMD Inc.) C:\Users\Alexander\Downloads\non-whql-64bit-radeon-software-crimson-16.4.1-win10-win8.1-win7-apr4.exe
2016-04-24 02:47 - 2016-04-24 02:47 - 00000000 ____D C:\Program Files (x86)\directx
2016-04-24 02:36 - 2016-04-24 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Postal 2
2016-04-24 02:36 - 1999-12-17 08:13 - 00086016 _____ (MindVision Software) C:\WINDOWS\unvise32.exe
2016-04-23 16:06 - 2016-04-23 16:06 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\dvdcss
2016-04-23 16:05 - 2016-04-23 16:05 - 31095769 _____ C:\Users\Alexander\Downloads\asd.rar
2016-04-23 16:05 - 2016-04-23 16:05 - 00000000 ____D C:\Users\Alexander\Desktop\asdf
2016-04-22 02:40 - 2016-04-22 02:40 - 00000000 ____D C:\Users\Alexander\Desktop\Cloud Downloader 2.9
2016-04-22 02:39 - 2016-04-22 02:39 - 05553741 _____ C:\Users\Alexander\Downloads\CloudDownloaderVersion_2.9.zip
2016-04-20 22:10 - 2016-05-03 01:17 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-20 22:10 - 2016-05-03 01:17 - 00002252 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-20 22:10 - 2016-04-20 22:10 - 00987728 _____ (Google Inc.) C:\Users\Alexander\Downloads\ChromeSetup.exe
2016-04-20 22:09 - 2016-05-08 20:33 - 00001138 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-20 22:09 - 2016-05-08 14:14 - 00001142 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-20 22:09 - 2016-04-20 22:09 - 00004200 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-20 22:09 - 2016-04-20 22:09 - 00003968 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-20 22:06 - 2016-04-20 22:09 - 00987728 _____ (Google Inc.) C:\Users\Alexander\Desktop\ChromeSetup.exe
2016-04-19 19:22 - 2016-04-19 19:22 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\OBS
2016-04-15 02:21 - 2016-04-15 02:21 - 00000818 _____ C:\Users\Public\Desktop\Launcher The Stanley Parable.lnk
2016-04-15 02:21 - 2016-04-15 02:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Stanley Parable
2016-04-15 00:17 - 2016-04-15 00:17 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-13 14:32 - 2016-04-13 14:32 - 00129759 _____ C:\Users\Alexander\Downloads\151124-Anforderungen-Sportest.pdf
2016-04-13 14:32 - 2016-04-13 14:32 - 00046807 _____ C:\Users\Alexander\Downloads\141208-Informationsblatt-Sehfaehigkeit2.pdf
2016-04-13 14:32 - 2016-04-13 14:32 - 00037667 _____ C:\Users\Alexander\Downloads\Polizeiarztliche-Untersuchung.pdf
2016-04-13 14:02 - 2016-03-29 12:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 14:02 - 2016-03-29 12:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 12:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 14:02 - 2016-03-29 11:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 10:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 14:02 - 2016-03-29 10:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 14:02 - 2016-03-29 10:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 14:02 - 2016-03-29 09:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 14:02 - 2016-03-29 09:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 14:02 - 2016-03-29 09:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 14:02 - 2016-03-29 09:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 14:02 - 2016-03-29 09:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 14:02 - 2016-03-29 09:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 14:02 - 2016-03-29 09:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 14:02 - 2016-03-29 09:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 14:02 - 2016-03-29 09:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 14:02 - 2016-03-29 09:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 14:02 - 2016-03-29 09:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 14:02 - 2016-03-29 08:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 14:02 - 2016-03-29 08:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 14:02 - 2016-03-29 08:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 14:02 - 2016-03-29 08:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 14:02 - 2016-03-29 08:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 14:02 - 2016-03-29 08:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 14:02 - 2016-03-29 08:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 14:02 - 2016-03-29 08:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 14:02 - 2016-03-29 07:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 14:02 - 2016-03-29 07:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 14:02 - 2016-03-29 07:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 14:02 - 2016-03-29 07:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 14:02 - 2016-03-29 07:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 14:02 - 2016-03-29 07:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 14:01 - 2016-04-02 06:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 14:01 - 2016-04-02 06:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 14:01 - 2016-04-02 06:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 14:01 - 2016-04-02 05:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 14:01 - 2016-04-02 05:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 14:01 - 2016-04-02 05:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 14:01 - 2016-04-02 05:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 14:01 - 2016-04-02 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 14:01 - 2016-04-02 05:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 14:01 - 2016-04-02 05:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 14:01 - 2016-04-02 05:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 14:01 - 2016-04-02 05:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 14:01 - 2016-04-02 05:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 14:01 - 2016-04-02 05:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 14:01 - 2016-03-29 12:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 14:01 - 2016-03-29 12:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 14:01 - 2016-03-29 12:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 14:01 - 2016-03-29 12:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 14:01 - 2016-03-29 12:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 14:01 - 2016-03-29 12:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 14:01 - 2016-03-29 12:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 14:01 - 2016-03-29 12:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 14:01 - 2016-03-29 12:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 14:01 - 2016-03-29 11:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 14:01 - 2016-03-29 11:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 14:01 - 2016-03-29 11:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 14:01 - 2016-03-29 11:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 14:01 - 2016-03-29 11:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 14:01 - 2016-03-29 11:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 14:01 - 2016-03-29 11:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 14:01 - 2016-03-29 11:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 14:01 - 2016-03-29 11:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 14:01 - 2016-03-29 10:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 14:01 - 2016-03-29 10:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 14:01 - 2016-03-29 10:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 14:01 - 2016-03-29 10:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 14:01 - 2016-03-29 10:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 14:01 - 2016-03-29 10:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 14:01 - 2016-03-29 10:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 14:01 - 2016-03-29 10:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 14:01 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 14:01 - 2016-03-29 10:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 14:01 - 2016-03-29 09:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 14:01 - 2016-03-29 09:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 14:01 - 2016-03-29 09:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 14:01 - 2016-03-29 09:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 14:01 - 2016-03-29 09:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 14:01 - 2016-03-29 09:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 14:01 - 2016-03-29 09:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 14:01 - 2016-03-29 09:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 14:01 - 2016-03-29 09:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 14:01 - 2016-03-29 09:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 14:01 - 2016-03-29 09:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 14:01 - 2016-03-29 09:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 14:01 - 2016-03-29 09:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 14:01 - 2016-03-29 09:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 14:01 - 2016-03-29 09:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 14:01 - 2016-03-29 09:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 14:01 - 2016-03-29 09:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 14:01 - 2016-03-29 09:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 14:01 - 2016-03-29 09:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 14:01 - 2016-03-29 09:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 14:01 - 2016-03-29 09:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 14:01 - 2016-03-29 09:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 14:01 - 2016-03-29 09:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 14:01 - 2016-03-29 09:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 14:01 - 2016-03-29 09:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 14:01 - 2016-03-29 09:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 14:01 - 2016-03-29 09:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 14:01 - 2016-03-29 09:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 14:01 - 2016-03-29 09:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 14:01 - 2016-03-29 09:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 14:01 - 2016-03-29 09:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 14:01 - 2016-03-29 09:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 14:01 - 2016-03-29 09:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 14:01 - 2016-03-29 09:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 14:01 - 2016-03-29 09:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 14:01 - 2016-03-29 09:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 14:01 - 2016-03-29 09:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 14:01 - 2016-03-29 09:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 14:01 - 2016-03-29 09:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 14:01 - 2016-03-29 09:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 14:01 - 2016-03-29 09:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 14:01 - 2016-03-29 08:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 14:01 - 2016-03-29 08:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 14:01 - 2016-03-29 08:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 14:01 - 2016-03-29 08:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 14:01 - 2016-03-29 08:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 14:01 - 2016-03-29 08:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 14:01 - 2016-03-29 08:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 14:01 - 2016-03-29 08:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 14:01 - 2016-03-29 08:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 14:01 - 2016-03-29 08:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 14:01 - 2016-03-29 08:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 14:01 - 2016-03-29 08:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 14:01 - 2016-03-29 08:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 14:01 - 2016-03-29 08:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 14:01 - 2016-03-29 08:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 14:01 - 2016-03-29 08:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 14:01 - 2016-03-29 08:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 14:01 - 2016-03-29 08:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 14:01 - 2016-03-29 08:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 14:01 - 2016-03-29 08:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 14:01 - 2016-03-29 08:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 14:01 - 2016-03-29 08:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 14:01 - 2016-03-29 08:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 14:01 - 2016-03-29 08:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 14:01 - 2016-03-29 08:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 14:01 - 2016-03-29 08:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 14:01 - 2016-03-29 08:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 14:01 - 2016-03-29 08:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 14:01 - 2016-03-29 08:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 14:01 - 2016-03-29 08:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 14:01 - 2016-03-29 08:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 14:01 - 2016-03-29 08:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 14:01 - 2016-03-29 08:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 14:01 - 2016-03-29 08:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 14:01 - 2016-03-29 08:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 14:01 - 2016-03-29 08:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 14:01 - 2016-03-29 08:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 14:01 - 2016-03-29 08:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 14:01 - 2016-03-29 08:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 14:01 - 2016-03-29 07:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 14:01 - 2016-03-29 07:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 14:01 - 2016-03-29 07:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 14:01 - 2016-03-29 07:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 14:01 - 2016-03-29 07:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 14:01 - 2016-03-29 07:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 14:01 - 2016-03-29 07:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 14:01 - 2016-03-29 07:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 14:01 - 2016-03-29 07:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 14:01 - 2016-03-29 07:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 14:01 - 2016-03-29 07:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 14:01 - 2016-03-29 07:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 14:01 - 2016-03-29 07:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 14:01 - 2016-03-29 07:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 14:01 - 2016-03-29 07:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 14:00 - 2016-04-02 06:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 14:00 - 2016-04-02 05:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 14:00 - 2016-04-02 05:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 14:00 - 2016-04-02 05:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 14:00 - 2016-04-02 05:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 14:00 - 2016-04-02 05:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 14:00 - 2016-04-02 05:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 14:00 - 2016-03-29 12:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 14:00 - 2016-03-29 11:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 14:00 - 2016-03-29 11:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 14:00 - 2016-03-29 11:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 14:00 - 2016-03-29 11:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 14:00 - 2016-03-29 11:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 14:00 - 2016-03-29 11:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 14:00 - 2016-03-29 10:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 14:00 - 2016-03-29 10:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 14:00 - 2016-03-29 10:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 14:00 - 2016-03-29 10:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 14:00 - 2016-03-29 10:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 14:00 - 2016-03-29 10:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 14:00 - 2016-03-29 10:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 14:00 - 2016-03-29 10:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 14:00 - 2016-03-29 10:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 14:00 - 2016-03-29 10:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 14:00 - 2016-03-29 09:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 14:00 - 2016-03-29 09:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 14:00 - 2016-03-29 09:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 14:00 - 2016-03-29 09:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 14:00 - 2016-03-29 09:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 14:00 - 2016-03-29 09:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 14:00 - 2016-03-29 09:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 14:00 - 2016-03-29 09:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 14:00 - 2016-03-29 09:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 14:00 - 2016-03-29 09:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 14:00 - 2016-03-29 09:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 14:00 - 2016-03-29 09:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 14:00 - 2016-03-29 09:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 14:00 - 2016-03-29 09:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 14:00 - 2016-03-29 09:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 14:00 - 2016-03-29 09:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 14:00 - 2016-03-29 09:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 14:00 - 2016-03-29 09:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 14:00 - 2016-03-29 09:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 14:00 - 2016-03-29 09:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 14:00 - 2016-03-29 09:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 14:00 - 2016-03-29 09:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 14:00 - 2016-03-29 09:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 14:00 - 2016-03-29 09:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 14:00 - 2016-03-29 09:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 14:00 - 2016-03-29 09:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 14:00 - 2016-03-29 09:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 14:00 - 2016-03-29 09:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 14:00 - 2016-03-29 09:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 14:00 - 2016-03-29 09:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 14:00 - 2016-03-29 09:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 14:00 - 2016-03-29 09:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 14:00 - 2016-03-29 09:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 14:00 - 2016-03-29 09:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 14:00 - 2016-03-29 09:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 14:00 - 2016-03-29 09:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 14:00 - 2016-03-29 09:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 14:00 - 2016-03-29 09:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 14:00 - 2016-03-29 09:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 14:00 - 2016-03-29 09:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 14:00 - 2016-03-29 09:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 14:00 - 2016-03-29 09:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 14:00 - 2016-03-29 09:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 14:00 - 2016-03-29 08:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 14:00 - 2016-03-29 08:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 14:00 - 2016-03-29 08:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 14:00 - 2016-03-29 08:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 14:00 - 2016-03-29 08:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 14:00 - 2016-03-29 08:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 14:00 - 2016-03-29 08:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 14:00 - 2016-03-29 08:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 14:00 - 2016-03-29 08:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 14:00 - 2016-03-29 08:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 14:00 - 2016-03-29 08:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 14:00 - 2016-03-29 08:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 14:00 - 2016-03-29 08:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 14:00 - 2016-03-29 08:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-13 14:00 - 2016-03-29 08:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 14:00 - 2016-03-29 08:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 14:00 - 2016-03-29 08:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 14:00 - 2016-03-29 08:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 14:00 - 2016-03-29 07:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 14:00 - 2016-03-29 07:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 14:00 - 2016-03-29 07:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 14:00 - 2016-03-29 07:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 14:00 - 2016-03-29 07:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 14:00 - 2016-03-29 07:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 18:22 - 2016-04-12 18:22 - 00000000 ____D C:\Program Files (x86)\AMD
2016-04-10 19:47 - 2016-04-10 19:47 - 42269960 _____ C:\Users\Alexander\Downloads\SDA1.0.5.zip
2016-04-10 19:45 - 2016-04-10 19:45 - 00401751 _____ C:\Users\Alexander\Downloads\SteamDesktopAuthenticator-master.zip
 
==================== Ein Monat: Geänderte Dateien und Ordner ========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
 
2016-05-08 20:34 - 2014-12-16 02:35 - 00000000 ___RD C:\Users\Alexander\Dropbox
2016-05-08 20:33 - 2016-03-09 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-08 20:32 - 2015-10-30 08:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-08 20:32 - 2014-02-26 22:10 - 00000000 ____D C:\AdwCleaner
2016-05-08 20:25 - 2015-06-20 13:40 - 00001240 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA.job
2016-05-08 20:24 - 2015-06-20 13:40 - 00001188 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core.job
2016-05-08 18:22 - 2013-08-18 12:50 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2016-05-08 18:21 - 2015-04-14 01:25 - 00000000 ____D C:\Program Files\Rockstar Games
2016-05-08 14:30 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-08 14:29 - 2016-03-09 13:56 - 00000000 ____D C:\Users\Alexander
2016-05-08 14:26 - 2015-10-30 09:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-08 14:18 - 2014-10-19 17:58 - 00000000 ____D C:\Users\Alexander\AppData\LocalLow\Temp
2016-05-01 22:16 - 2014-11-13 22:45 - 00000000 ____D C:\ProgramData\Ubisoft
2016-05-01 19:41 - 2015-02-02 23:03 - 00189248 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
2016-05-01 19:41 - 2015-02-02 23:03 - 00075136 _____ C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-05-01 19:28 - 2013-07-18 18:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-01 17:02 - 2015-02-22 17:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R.G. Mechanics
2016-04-29 03:12 - 2015-01-26 01:57 - 01939968 _____ (Microsoft) C:\Users\Alexander\Desktop\Matchmaking Server Picker.exe
2016-04-28 22:17 - 2013-09-01 01:11 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2016-04-28 18:47 - 2013-10-26 12:12 - 00000000 ____D C:\Users\Alexander\Documents\WB Games
2016-04-28 02:39 - 2014-01-30 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
2016-04-25 18:15 - 2013-06-13 14:48 - 00000000 ____D C:\Users\Alexander\Documents\Square Enix
2016-04-25 14:09 - 2016-03-09 13:55 - 02086168 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-25 14:09 - 2015-10-30 20:35 - 00888008 _____ C:\WINDOWS\system32\perfh007.dat
2016-04-25 14:09 - 2015-10-30 20:35 - 00197092 _____ C:\WINDOWS\system32\perfc007.dat
2016-04-25 14:09 - 2015-10-30 09:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-25 02:26 - 2016-03-25 21:23 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-04-24 22:56 - 2015-01-30 02:17 - 00000000 ____D C:\Users\Alexander\AppData\Local\qBittorrent
2016-04-24 21:45 - 2013-06-25 22:18 - 00000000 ____D C:\Users\Alexander\Documents\My Games
2016-04-24 18:08 - 2015-03-24 16:48 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\vlc
2016-04-22 09:57 - 2013-06-12 14:37 - 00453288 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-04-20 22:09 - 2014-03-04 16:15 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-19 21:10 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-15 00:19 - 2014-12-16 02:33 - 00000000 ____D C:\Users\Alexander\AppData\Roaming\Dropbox
2016-04-15 00:18 - 2015-06-20 13:40 - 00000000 ____D C:\Users\Alexander\AppData\Local\Dropbox
2016-04-14 22:53 - 2016-02-18 02:26 - 00000841 _____ C:\Users\Alexander\Desktop\Uplay.lnk
2016-04-14 21:28 - 2013-09-01 01:11 - 00000000 ____D C:\Users\Alexander\AppData\Local\Ubisoft Game Launcher
2016-04-14 15:07 - 2016-03-09 13:50 - 00250168 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-14 02:59 - 2015-10-30 09:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-13 21:31 - 2013-06-13 05:25 - 00000000 ____D C:\Users\Alexander\AppData\Local\AMD
2016-04-13 16:22 - 2015-10-30 09:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 16:20 - 2014-10-02 15:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 16:15 - 2014-10-02 15:54 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-12 18:20 - 2016-03-09 13:53 - 00000000 ____D C:\Program Files\AMD
2016-04-12 18:11 - 2014-09-03 20:17 - 00000000 ____D C:\AMD
2016-04-08 21:31 - 2016-04-05 02:40 - 00000000 ____D C:\Users\Alexander\Desktop\Neuer Ordner
 
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
 
2015-02-12 18:54 - 2015-02-12 18:56 - 0000034 _____ () C:\Users\Alexander\AppData\Roaming\AdobeWLCMCache.dat
2013-10-28 21:06 - 2013-10-28 21:06 - 0007602 _____ () C:\Users\Alexander\AppData\Local\Resmon.ResmonCfg
 
Einige Dateien in TEMP:
====================
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe
C:\Users\Alexander\AppData\Local\Temp\dotnetfx 3.5 sp1.exe
C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe
C:\Users\Alexander\AppData\Local\Temp\frag.exe
C:\Users\Alexander\AppData\Local\Temp\libeay32.dll
C:\Users\Alexander\AppData\Local\Temp\msvcr120.dll
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.14.exe
C:\Users\Alexander\AppData\Local\Temp\Nexus Mod Manager-0.61.15.exe
C:\Users\Alexander\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
 
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
 
 
LastRegBack: 2016-05-03 15:19
 

 

==================== Ende von FRST.txt ============================


#10 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 08 May 2016 - 02:17 PM

I can not see Additional.txt Logfile.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 02:20 PM

Sorry, here you go

 

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:07-05-2016
durchgeführt von Alexander (2016-05-08 20:56:57)
Gestartet von C:\Users\Alexander\Desktop\frst
Windows 10 Pro Version 1511 (X64) (2016-03-09 12:11:14)
Start-Modus: Normal
==========================================================
 
 
==================== Konten: =============================
 
Administrator (S-1-5-21-2617271622-2672243655-3591071018-500 - Administrator - Disabled)
Alexander (S-1-5-21-2617271622-2672243655-3591071018-1000 - Administrator - Enabled) => C:\Users\Alexander
DefaultAccount (S-1-5-21-2617271622-2672243655-3591071018-503 - Limited - Disabled)
Gast (S-1-5-21-2617271622-2672243655-3591071018-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2617271622-2672243655-3591071018-1009 - Limited - Enabled)
 
==================== Sicherheits-Center ========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installierte Programme ======================
 
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
 
"Batman - Arkham City" (HKLM-x32\...\{71AD83D4-6F74-4257-8398-8D1BFEA91EFF}_is1) (Version: 1.1.0.0 - )
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Illustrator CC 2014 (HKLM-x32\...\{2B4B4082-8043-4646-8334-B0A29E641211}) (Version: 18.0 - Adobe Systems Incorporated)
Adobe Photoshop CC 2014 (HKLM-x32\...\{D7A4F897-B20A-42D0-862D-CB5F6DB7391D}) (Version: 15.0 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
AMD OverDrive (HKLM-x32\...\{EEB605FD-C5F5-4946-90F3-D65C604A9187}) (Version: 4.3.1.0698 - Advanced Micro Devices, Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.00 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Batman Arkham Asylum - Game of the Year Edition (HKLM-x32\...\Batman Arkham Asylum - Game of the Year Edition_is1) (Version:  - )
Batman Arkham Knight v.1.0.4.5 (HKLM-x32\...\Batman Arkham Knight_is1) (Version:  - )
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BulletStorm (x32 Version: 1.0.0001.130 - EA) Hidden
Call of Duty® 4 - Modern Warfare™ (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.00.0000 - Activision)
Call of Duty® 4 - Modern Warfare™ (x32 Version: 1.00.0000 - Activision) Hidden
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Catalyst Control Center Next Localization BR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0403.2360.41341 - Advanced Micro Devices, Inc.) Hidden
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
CPUID HWMonitor 1.26 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Defraggler (HKLM\...\Defraggler) (Version: 2.20 - Piriform)
DiRT 3 (x32 Version: 1.0.0000.130 - Codemasters) Hidden
DiRT 3 (x32 Version: 1.0.0003.130 - Codemasters) Hidden
Discord (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Discord) (Version: 0.0.283 - Hammer & Chisel, Inc.)
Dropbox (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dying Light The Following - Enhanced Edition (HKLM\...\ZHlpbmdsaWdodHRoZWZvbGxvd2luZ2VuaGFuY2VkZWRpdGlvbg_is1) (Version: 1 - )
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fallout 3 (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto V (HKLM-x32\...\Steam App 271590) (Version:  - Rockstar North)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Half-Life 2 version 2257546 (HKLM-x32\...\Half-Life 2_is1) (Version: 2257546 - Valve Corporation)
Life Is Strange (HKLM-x32\...\{33E1C9A1-60A7-4D34-A7B6-6C65FF9AE4A7}_is1) (Version: EP 1.2.3.4.5 - Square Enix)
Mafia Game (HKLM-x32\...\Mafia Game) (Version:  - )
Mafia II (HKLM\...\Steam App 50130) (Version:  - 2K Czech)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{a2199617-3609-410f-a8e8-e8806c73545b}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Murdered - Soul Suspect (HKLM-x32\...\Murdered - Soul Suspect_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.61.15 - Black Tree Gaming)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
Óñòàíîâêà Chicago 1930 (HKLM-x32\...\Óñòàíîâêà Chicago 1930) (Version:  - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Platform (x32 Version: 1.42 - VIA Technologies, Inc.) Hidden
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
Postal 2 (HKLM-x32\...\Postal 2) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
Red Faction Guerrilla (HKLM-x32\...\InstallShield_{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}) (Version: 1.00.0000 - Volition Inc.)
Red Faction Guerrilla (x32 Version: 1.00.0000 - Volition Inc.) Hidden
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.7.8 - Rockstar Games)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
Scrapland (HKLM-x32\...\Scrapland_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)
Sleeping Dogs (HKLM-x32\...\Sleeping Dogs_is1) (Version:  - )
Spec Ops The Line (HKLM-x32\...\Spec Ops The Line_is1) (Version:  - )
SUPERHOT (HKLM-x32\...\1456141688_is1) (Version: 2.0.0.4 - GOG.com)
System Requirements Lab Detection (HKLM-x32\...\{0C5654CB-3E4B-4767-B354-C9550A0F220E}) (Version: 6.1.3.0 - Husdawg, LLC)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Klub 17 (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\The Klub 17) (Version: 6.3.0 - Team K17)
The Witcher 3 - Wild Hunt (HKLM-x32\...\The Witcher 3 - Wild Hunt_is1) (Version:  - )
Tom Clancy's Rainbow Six Siege (HKLM\...\Steam App 359550) (Version:  - Ubisoft Montreal)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.3 - Tunngle.net GmbH)
Unity Web Player (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 18.1 - Ubisoft)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.42 - VIA Technologies, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1-2) (Version: 1.0.3.1 - LunarG, Inc.)
Vulkan Run Time Libraries 1.0.3.1 (Version: 1.0.3.1 - LunarG, Inc.) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.20.613 - Zemana Ltd.)
 
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alexander\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2617271622-2672243655-3591071018-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alexander\AppData\Roaming\Dropbox\bin\DropboxExt64.30.dll (Dropbox, Inc.)
 
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
Task: {0AAC0704-8AB2-4DE6-AB05-4C4DB9EA9AAF} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {0E17A3AB-D62B-42A7-A22E-48F94283CDB4} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {16E4E35E-004E-47A9-A8A4-7CD38FF388A4} - System32\Tasks\{369FC0D2-3892-46B5-B060-AA658A65E4E6} => pcalua.exe -a "D:\A-Z SkiDroW Release\Half-Life 2(no steam)\Install Half-Life 2.exe" -d "D:\A-Z SkiDroW Release\Half-Life 2(no steam)"
Task: {27EC9B04-C74B-4B83-8D25-DDA2D622C850} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2C99DF28-939A-4C14-979A-8B8850849251} - System32\Tasks\{47A5A69C-3275-4E22-B3A6-CC5A6A9C8D2B} => pcalua.exe -a "C:\Program Files (x86)\InstallShield Installation Information\{A357EF4C-2B6F-4980-ACA9-B1E42A74D7F3}\setup.exe" -c -runfromtemp -l0x0409 -removeonly
Task: {3B3E3E9F-ED1E-423B-A16C-6C2DE7DEEA5E} - System32\Tasks\Amazon Music Helper => C:\Users\Alexander\AppData\Local\Amazon Music\Amazon Music Helper.exe [2015-07-21] ()
Task: {3C54AC43-9DE1-4DD1-9FE1-CB0A892B9ECB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {4471D391-811E-4742-B1C2-A835CC0037F2} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {44972B4C-D93C-4B3E-A8D5-F1EF4CC3ECEE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {46776149-E726-48B6-9AC5-503416D8D5C2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-20] (Google Inc.)
Task: {55986782-1310-477C-A340-6B7DF1A238CC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {593237B4-9F55-4B6F-81C4-24ABED7468AF} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => C:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {5ACBA5EB-8E52-478D-8902-377DA6618948} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-04-04] (Advanced Micro Devices, Inc.)
Task: {665C5431-034A-425C-B48B-D87D3B745048} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-20] (Google Inc.)
Task: {735D41E0-E3FC-458F-973F-4E0638C19E70} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {73720C1B-1D22-4B18-A9B6-711EFBD18297} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7563F591-671A-4DFA-9F6A-AC83B7ADF55D} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {7AEE0474-9D51-4596-949E-F175703752CF} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {85EC8E5E-17B5-41ED-88DF-8256AB950738} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {8B991D54-A4B1-4F0B-9781-0C2EE29DFF94} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {8C50AF7C-5328-4551-B04A-82124616EB7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8E41429A-E3D7-4607-9C3D-6538A4C2C674} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {963AC53A-5384-4789-9AFD-FF8F44CA5050} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {A91BA932-2BA6-4EFA-9FD3-74802464CD19} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {AA8B7744-EBC6-4817-A71D-F181E4604336} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AB8A159F-8C04-4FBC-9BD6-E9A3B820869E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {B05D70E9-C887-426E-BBDF-BC6409E26904} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B552495F-1E4A-40BD-A440-72FF86F4ADF0} - System32\Tasks\{138DDBC1-1991-4797-8074-615BD3EB0516} => pcalua.exe -a C:\WINDOWS\st6unst.exe -c -n "D:\Program Files (x86)\BEWERBUNGSMASTER\ST6UNST.LOG"
Task: {B9EF9D23-A43A-4AF5-98FD-C7B09B832D09} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE1276DE-6A97-40EE-946A-1E1D37F0AF01} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C1ACA9B8-8FCE-4E51-B9FE-C91A76D8B13C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {C25DF6BE-DCFE-4B1E-B29A-2786022E2DF8} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {CA0F8830-A613-49EB-9EBA-B0AC44B15855} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {E10680A8-03C1-414A-AD32-FB224E5FAF84} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {E47B72FA-7F3B-4946-8ED4-A909EE3C4F69} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {E6F8DA7A-2EC4-43F7-91DB-65587F34EB31} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {F9B7BBF3-CB7D-4BE8-9D8C-C3E62C2D05AC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000Core.job => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2617271622-2672243655-3591071018-1000UA.job => C:\Users\Alexander\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Verknüpfungen =============================
 
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
 
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
 
2015-10-30 09:18 - 2015-10-30 09:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-02-02 23:03 - 2016-05-01 19:41 - 00075136 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2016-04-13 14:02 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 14:02 - 2016-03-29 12:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-09 13:44 - 2016-03-09 13:44 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 14:00 - 2016-04-02 05:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 14:01 - 2016-04-02 05:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 14:01 - 2016-04-02 04:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 14:01 - 2016-04-02 04:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 14:01 - 2016-04-02 05:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-19 15:30 - 2016-04-19 15:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-19 15:30 - 2016-04-19 15:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 15:30 - 2016-04-19 15:33 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
 
 
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
 
 
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
 
 
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
 
 
==================== Hosts Inhalt: ===============================
 
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
 
2009-07-14 04:34 - 2015-03-26 00:35 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Andere Bereiche ============================
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
HKU\S-1-5-21-2617271622-2672243655-3591071018-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alexander\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
 
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
 
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
 
 
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
 
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
 
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{4F8C1A73-7279-45A9-A710-77032E6ACC6B}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{355376F9-7B8C-4C82-A9DE-8270DECA4EAA}] => (Allow) D:\Games\Steam\Steam.exe
FirewallRules: [{9FB45340-8815-4CEC-90EC-A3FD60E1077C}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [{4BD3B41C-BE69-486A-9826-CD5E8BBD3175}] => (Allow) D:\Games\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1CAD5E3D-3832-467B-B6B7-420D8E1965C7}D:\games\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) D:\games\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [UDP Query User{1949082C-1B53-4EA4-9A35-188D39330AD9}D:\games\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe] => (Allow) D:\games\steam\steamapps\common\tom clancy's rainbow six siege\rainbowsix.exe
FirewallRules: [{5B5D9772-B1C2-4075-8DCC-019FA3D9D888}] => (Allow) D:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [{2F285E9B-8C9F-47FF-BFEB-45B8C276BBF4}] => (Allow) D:\Games\Steam\SteamApps\common\Grand Theft Auto V\GTA5.exe
FirewallRules: [TCP Query User{45071FD1-1250-429F-A83E-F0D217C241D4}D:\games\steam\steamapps\common\portal 2\portal2.exe] => (Allow) D:\games\steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [UDP Query User{BFF4E4C5-48EA-4E0D-9189-DB2BECAC5D32}D:\games\steam\steamapps\common\portal 2\portal2.exe] => (Allow) D:\games\steam\steamapps\common\portal 2\portal2.exe
FirewallRules: [TCP Query User{79359D60-AA48-4D99-8A51-6CA45A008E6C}D:\program files (x86)\torrent\qbittorrent.exe] => (Allow) D:\program files (x86)\torrent\qbittorrent.exe
FirewallRules: [UDP Query User{AF66F6CE-8022-4076-8F93-FCD95711A86A}D:\program files (x86)\torrent\qbittorrent.exe] => (Allow) D:\program files (x86)\torrent\qbittorrent.exe
 
==================== Wiederherstellungspunkte =========================
 
19-04-2016 15:15:24 Windows Update
24-04-2016 21:41:50 DirectX wurde installiert
27-04-2016 04:25:08 DirectX wurde installiert
28-04-2016 21:59:03 Installiert Assassin's Creed II
30-04-2016 19:52:09 DirectX wurde installiert
07-05-2016 21:16:10 DirectX wurde installiert
08-05-2016 14:33:54 JRT Pre-Junkware Removal
08-05-2016 20:35:34 JRT Pre-Junkware Removal
 
==================== Fehlerhafte Geräte im Gerätemanager =============
 
 
==================== Fehlereinträge in der Ereignisanzeige: =========================
 
Applikationsfehler:
==================
Error: (05/08/2016 08:48:26 PM) (Source: Microsoft-Windows-AppModel-State) (EventID: 10) (User: Alexander-PC)
Description: Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe5
 
Error: (05/08/2016 08:35:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
 
System Error:
Zugriff verweigert
.
 
Error: (05/08/2016 08:32:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0x878
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
 
Error: (05/08/2016 08:32:38 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2168) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -202(bf.cxx:23881): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (05/08/2016 08:19:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 10.0.10586.0, Zeitstempel: 0x5632d7ba
Name des fehlerhaften Moduls: ESENT.dll, Version: 10.0.10586.212, Zeitstempel: 0x56fa1686
Ausnahmecode: 0xc0000602
Fehleroffset: 0x000000000022885f
ID des fehlerhaften Prozesses: 0x860
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
 
Error: (05/08/2016 08:19:29 PM) (Source: ESENT) (EventID: 908) (User: )
Description: svchost (2144) Der Prozess wird aufgrund eines nicht behebbaren Fehlers beendet: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS)
 
Error: (05/08/2016 08:15:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexander-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147221165. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error: (05/08/2016 08:15:13 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexander-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147221165. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error: (05/08/2016 08:14:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexander-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147221165. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
Error: (05/08/2016 08:14:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Alexander-PC)
Description: Bei der Aktivierung der App „Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App“ ist folgender Fehler aufgetreten: -2147221165. Weitere Informationen finden Sie im Protokoll „Microsoft-Windows-TWinUI/Betriebsbereit“.
 
 
Systemfehler:
=============
Error: (05/08/2016 08:33:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1058
 
Error: (05/08/2016 08:32:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "StateRepository-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (05/08/2016 08:32:37 PM) (Source: DCOM) (EventID: 10010) (User: Alexander-PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (05/08/2016 08:32:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Synchronisierungshost_3282f" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (05/08/2016 08:32:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error: (05/08/2016 08:32:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (05/08/2016 08:32:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error: (05/08/2016 08:32:29 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Message Queuing" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error: (05/08/2016 08:32:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
Error: (05/08/2016 08:32:28 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
 
 
CodeIntegrity:
===================================
  Date: 2016-04-19 15:12:06.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-14 15:07:55.194
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-24 16:28:45.727
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-16 14:02:50.780
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-12 13:06:16.794
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-10 20:43:32.603
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-10 14:06:09.283
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 13:08:15.863
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 13:06:28.676
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-09 12:51:28.054
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Speicherinformationen =========================== 
 
Prozessor: AMD Phenom™ II X6 1045T Processor
Prozentuale Nutzung des RAM: 20%
Installierter physikalischer RAM: 8191.3 MB
Verfügbarer physikalischer RAM: 6487.12 MB
Summe virtueller Speicher: 13567.3 MB
Verfügbarer virtueller Speicher: 11874.24 MB
 
==================== Laufwerke ================================
 
Drive c: () (Fixed) (Total:97.22 GB) (Free:43.05 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: () (Fixed) (Total:833.85 GB) (Free:176.05 GB) NTFS
Drive e: (100514_0902) (CDROM) (Total:7.04 GB) (Free:0 GB) UDF
Drive h: (MAFIA_CD_1) (CDROM) (Total:0.63 GB) (Free:0 GB) CDFS
 
==================== MBR & Partitionstabelle ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 53C31803)
Partition 1: (Active) - (Size=97.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
Partition 3: (Not Active) - (Size=833.9 GB) - (Type=07 NTFS)
 
==================== Ende von Addition.txt ============================

Edited by NeisAEL, 08 May 2016 - 02:20 PM.


#12 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 08 May 2016 - 02:51 PM

Thanks for the logs. Looks clean any issues?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 02:54 PM

What happened to the files we moved out of quarantine earlier? Are they gone now? If yes and you say my computer is clean then we dont have any more issues I assume. In any case, thank you very much for your help. It is really appreciated. Yardimin icin teşekkürler =)



#14 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:54 PM

Posted 08 May 2016 - 03:17 PM

What happened to the files we moved out of quarantine earlier?
If yes and you say my computer

I said it just looks clean. I wanted  to learn of PC last status, from your  But still we will  to working continues.

Step 1:
 Emsisoft Emergency Kit Scan:

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

Step 2:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 3:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 NeisAEL

NeisAEL
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:54 AM

Posted 08 May 2016 - 04:20 PM

Okay, thank you for the clarification. Here are the requested logs:

 

 

 

EEK

-----------------------------------

 

Emsisoft Emergency Kit - Version 11.0

Letztes Update: 08.05.2016 22:30:29
Benutzerkonto: Alexander-PC\Alexander
 
Scan-Einstellungen:
 
Scan-Methode: Malware-Scan
Objekte: Rootkits, Speicher, Traces, Dateien
 
PUPs-Erkennung: An
Archiv-Scan: Aus
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus
 
Scan-Beginn: 08.05.2016 22:32:15
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Gefunden: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Gefunden: Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Gefunden: Application.AdUpd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17} Gefunden: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} Gefunden: Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} Gefunden: Application.AdInstall (A)
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe Gefunden: Gen:Variant.Midie.9564 (B)
 
Gescannt: 82558
Gefunden 9
 
Scan-Ende: 08.05.2016 22:39:08
Scan-Zeit: 0:06:53
 
C:\Users\Alexander\AppData\Local\Temp\CodecFixDivx.exe Gen:Variant.Midie.9564 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{E4C3E50F-5761-4BF8-95A0-939A819DF1C3} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{A9582D7B-F24A-441D-9D26-450D58F3CD17} Application.AdInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} Application.AdUpd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Application.AdReg (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Setting.DisableRegistryTools (A)
 
Quarantäne 8
 
 
 
MBAR
 
MBAR log.txt
-----------------------------------
 
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.05.08.03
  rootkit: v2016.05.06.01
 
Windows 10 x64 NTFS
Internet Explorer 11.212.10586.0
Alexander :: ALEXANDER-PC [administrator]
 
08.05.2016 22:41:50
mbar-log-2016-05-08 (22-41-50).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 383262
Time elapsed: 17 minute(s), 48 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Alexander\AppData\Local\Temp\frag.exe (Trojan.Dropper.IR) -> No action taken. [de950cc75f3a66d0afd28c38e71a60a0]
C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe (Trojan.Injector.VB) -> No action taken. [dc9720b3b2e72313383d193ba858e719]
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
systemlog.txt
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.212.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.712000 GHz
Memory total: 8589201408, free: 4732493824
 
Downloaded database version: v2016.05.08.03
Downloaded database version: v2016.05.06.01
Downloaded database version: v2016.05.06.01
=======================================
Initializing...
Driver version: 0.3.0.4
------------ Kernel report ------------
     05/08/2016 22:41:40
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\nvstor.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\drivers\amdkmpfd.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\dtsoftbus01.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\drivers\tap0901t.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\amdppm.sys
\SystemRoot\System32\drivers\parport.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\usbohci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\nvmf6264.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\AtihdWT6.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_nvstor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\mqac.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\D:\Program Files (x86)\EEK\bin64\epp.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.05.08.03
  rootkit: v2016.05.06.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000ce626060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000ce626b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000ce626060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe000ce62ca00, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe000ce631060, DeviceName: \Device\0000001d\, DriverName: \Driver\nvstor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 53C31803
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 203878400
    Partition is bootable
    Partition file system is NTFS
 
    Partition 1 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 203880448  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 204802048  Numsec = 1748719616
    Partition is not bootable
    Partition file system is NTFS
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MsMpEng.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srclient.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vssapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vsstrace.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\NisSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender\MpCmdRun.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MrmCoreR.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\biwinrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SECURITY.AUTHENTICATION.ONLINEID.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFREADWRITE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.CONNECTIVITY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.NETWORKING.HOSTNAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THREADPOOLWINRT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\audiodg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntdsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devenum.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdmo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Speech\Common\sapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Windows Defender\MpOAV.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\opengl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\glu32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dsound.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BCP47LANGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dinput8.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XINPUT1_4.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfcore.dll" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cabview.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETWORKEXPLORER.DLL" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\rundll32.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AGP440.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\FXSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\monitor.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GAGP30KX.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ioqos.sys" is sparse (flags = 32768)
File "C:\Windows\System32\IEETWCOLLECTOR.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NV_AGP.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UAGP35.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ULIAGPKX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wpcfltr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WCSPLUGINSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WSSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: C:\Users\Alexander\AppData\Local\Temp\frag.exe --> [Trojan.Dropper.IR]
Infected: C:\Users\Alexander\AppData\Local\Temp\dxdiag.exe --> [Trojan.Injector.VB]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
User declined to cleanup malware.
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-203880448-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-204802048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 
 
 
RogueKiller
-----------------------------------------------
 
RogueKiller V12.1.5.0 [May  2 2016] (Free) by Adlice Software
 
Betriebssystem : Windows 10 (10.0.10586) 64 bits version
gestarted in : normaler Modus
User : Alexander [Administrator]
Started from : C:\Users\Alexander\Desktop\Fixing\Step 2\RogueKiller.exe
Modus : Scannen -- Datum : 05/08/2016 23:15:38
 
¤¤¤ Prozesse : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Gefunden
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowDownloads : 2  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Gefunden
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2617271622-2672243655-3591071018-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Gefunden
 
¤¤¤ Aufgaben : 1 ¤¤¤
[Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- C:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Gefunden
 
¤¤¤ Dateien : 0 ¤¤¤
 
¤¤¤ Host Dateien : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: nicht geladen [0xc000036b]) ¤¤¤
 
¤¤¤ Web Browser : 0 ¤¤¤
 
¤¤¤ MBR Überprüfung : ¤¤¤
+++++ PhysicalDrive0: WDC WD10 EZEX-00RKKA0 SCSI Disk Device +++++
--- User ---
[MBR] f3699270aff4b7897b387038ccc608a4
[BSP] f5a5f378e0e785da081bc907a1701e4e : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 99550 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 203880448 | Size: 450 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 204802048 | Size: 853867 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
Error reading LL2 MBR! ([1] Unzulässige Funktion. )





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users