Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Slow PC INFECTED?


  • This topic is locked This topic is locked
15 replies to this topic

#1 Cookie97

Cookie97

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 23 June 2017 - 09:53 AM

Hello 

 

I think my friends pc is infected.

His internet is often slow.

 

Thank you 

Cookie97

 

Attached File  FRST.txt   92.88KB   2 downloads

 

Attached File  Rogue Killer Bericht.txt   5.51KB   0 downloads


Edited by Cookie97, 23 June 2017 - 09:54 AM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 23 June 2017 - 10:03 AM

Greetings Cookie97 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Please rerun FRST after changing the file name to frst64english.exe. Copy and paste both reports in your reply, using multiple posts if necessary.

Edited by Oh My!, 23 June 2017 - 10:05 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 23 June 2017 - 10:07 AM

Hello Oh My!

I will contact my friend that he sends me the addition.txt.

 

thanks for your reply


Edited by Cookie97, 23 June 2017 - 10:07 AM.


#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 23 June 2017 - 10:08 AM

I modified my first post to request changing frst64.exe to frst64english.exe so the report is produced in English.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 23 June 2017 - 11:21 AM

Hello Oh My!
Here the logs.
 
 
Regards
Cookie97

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-06-2017 01
Ran by Totte (administrator) on MIFCOM2013 (23-06-2017 17:49:20)
Running from C:\Users\Thorsten\Desktop
Loaded Profiles: Thorsten & Totte (Available Profiles: Thorsten & Totte)
Platform: Windows 10 Home Version 1703 (X64) Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Electronic Arts) D:\Program Files (x86)\Electronic Arts\Origin\OriginWebHelperService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(Resilio, Inc.) C:\Users\Thorsten\AppData\Roaming\Resilio Sync\Resilio Sync.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(TeamSpeak Systems GmbH) D:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5676\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8941\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8941\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8941\Battle.net Helper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Blizzard Entertainment) E:\World of Warcraft\Wow-64.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Farbar) C:\Users\Thorsten\Desktop\FRST64english.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [AVMWlanClient] => C:\Program Files (x86)\avmwlanstick\FRITZWLANMini.exe [937984 2014-11-21] (AVM Berlin)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe <====== ATTENTION
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\Run: [Resilio Sync] => C:\Users\Thorsten\AppData\Roaming\Resilio Sync\Resilio Sync.exe [16337416 2017-02-12] (Resilio, Inc.)
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\Run: [GalaxyClient] => C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe [4952128 2017-05-19] (GOG.com)
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\MountPoints2: G - "G:\pushinst.exe"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\MountPoints2: {236921cf-bf26-11e6-9bc1-806e6f6e6963} - "F:\Autorun.exe"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\MountPoints2: {64613922-bf26-11e6-9bc2-d43d7ed8aa7d} - "H:\pushinst.exe"
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4Done] -> {581FFA04-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2017-02-12] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4RO] -> {581FFA03-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2017-02-12] ()
ShellIconOverlayIdentifiers: [!Resilio Sync 2.4.4RW] -> {581FFA02-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll [2017-02-12] ()
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4Done] -> {581FFA04-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll [2017-02-12] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4RO] -> {581FFA03-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll [2017-02-12] ()
ShellIconOverlayIdentifiers-x32: [!Resilio Sync 2.4.4RW] -> {581FFA02-FC33-0004-0402-95003A5CDE89} => C:\ProgramData\Resilio Sync\ShellExtensionOverlay86_2DC.dll [2017-02-12] ()
Startup: C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2017-01-03] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{8849a7f4-79d5-46dd-8414-bd9beceac466}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

Edge:
======
Edge Session Restore: HKU\S-1-5-21-3759429136-1646547072-1336200546-1001 -> is enabled.

FireFox:
========
FF DefaultProfile: xmrut9s9.default
FF ProfilePath: C:\Users\Totte\AppData\Roaming\Mozilla\Firefox\Profiles\xmrut9s9.default [2017-06-23]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-04-28]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-06-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-06-08] (NVIDIA Corporation)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1404936 2016-12-31] ()
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-05-17] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe [512576 2017-05-19] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [7955008 2017-05-19] (GOG.com)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495040 2017-05-18] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-06-08] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [449984 2017-06-08] (NVIDIA Corporation)
S3 Origin Client Service; D:\Program Files (x86)\Electronic Arts\Origin\OriginClientService.exe [2157456 2017-06-01] (Electronic Arts)
R2 Origin Web Helper Service; D:\Program Files (x86)\Electronic Arts\Origin\OriginWebHelperService.exe [3127192 2017-06-01] (Electronic Arts)
S3 PAExec; C:\WINDOWS\PAExec.exe [189112 2017-06-06] (Power Admin LLC)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2017-02-26] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-03-18] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 atksgt; C:\WINDOWS\System32\DRIVERS\atksgt.sys [88480 2017-04-21] ()
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 fwlanusb5_nv2; C:\WINDOWS\system32\DRIVERS\fwlanusb5_nv2.sys [1322824 2014-11-21] (AVM GmbH)
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-07] (AO Kaspersky Lab)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78216 2016-05-31] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [197336 2017-04-28] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [520176 2017-04-28] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP17.0.0\Bases\klids.sys [168736 2017-06-21] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [1018592 2017-04-28] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [57424 2017-04-28] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45488 2016-05-31] (AO Kaspersky Lab)
R0 klupd_klif_arkmon; C:\WINDOWS\System32\Drivers\klupd_klif_arkmon.sys [229288 2017-06-14] (AO Kaspersky Lab)
R3 klupd_klif_kimul; C:\WINDOWS\System32\Drivers\klupd_klif_kimul.sys [87584 2017-06-14] (AO Kaspersky Lab)
R3 klupd_klif_klark; C:\WINDOWS\System32\Drivers\klupd_klif_klark.sys [251656 2017-06-14] (AO Kaspersky Lab)
R0 klupd_klif_klbg; C:\WINDOWS\System32\Drivers\klupd_klif_klbg.sys [112912 2017-06-14] (AO Kaspersky Lab)
R3 klupd_klif_mark; C:\WINDOWS\System32\Drivers\klupd_klif_mark.sys [173144 2017-06-14] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [136416 2017-04-28] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [199392 2017-06-14] (AO Kaspersky Lab)
R2 lirsgt; C:\WINDOWS\System32\DRIVERS\lirsgt.sys [46400 2017-04-21] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_2d81f3535ced17c6\nvlddmkm.sys [14461344 2017-06-09] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-05-18] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-05-18] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-06-08] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek )
R3 ScpVBus; C:\WINDOWS\System32\drivers\ScpVBus.sys [39168 2013-05-19] (Scarlet.Crush Productions)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2017-06-21] ()
R2 vmparport; C:\WINDOWS\system32\DRIVERS\vmparport.sys [49216 2017-02-24] (VMware, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
U3 aspnet_state; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-23 17:49 - 2017-06-23 17:49 - 00013520 _____ C:\Users\Thorsten\Desktop\FRST.txt
2017-06-23 17:49 - 2017-06-23 17:49 - 00000000 ____D C:\FRST
2017-06-23 17:48 - 2017-06-21 21:49 - 02439680 _____ (Farbar) C:\Users\Thorsten\Desktop\FRST64english.exe
2017-06-23 16:09 - 2017-06-23 16:09 - 00000000 ____D C:\WINDOWS\Panther
2017-06-23 16:04 - 2017-06-23 16:04 - 00000000 ____D C:\Users\Totte\AppData\Roaming\Sun
2017-06-21 23:51 - 2017-06-21 23:51 - 00000000 ____D C:\Users\Thorsten\AppData\Local\DBG
2017-06-21 22:43 - 2017-06-21 22:50 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-06-21 22:43 - 2017-06-21 22:43 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-06-21 22:43 - 2017-06-21 22:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-21 22:42 - 2017-06-21 22:42 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-06-21 22:40 - 2017-06-21 23:29 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2017-06-21 22:40 - 2017-06-21 23:01 - 00000000 ____D C:\ProgramData\RogueKiller
2017-06-21 02:30 - 2017-06-21 02:30 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Adobe
2017-06-21 01:38 - 2017-06-21 01:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft
2017-06-19 20:40 - 2017-06-19 20:40 - 00000000 ____D C:\Users\Thorsten\AppData\Local\CEF
2017-06-18 23:45 - 2017-06-18 23:45 - 00000000 ____D C:\Users\Thorsten\AppData\LocalLow\Blizzard Entertainment
2017-06-18 23:45 - 2017-06-18 23:45 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Blizzard
2017-06-17 18:53 - 2017-06-17 18:53 - 03355435 _____ C:\Users\Thorsten\Downloads\elvui-10.57.zip
2017-06-14 17:14 - 2017-06-14 17:14 - 00000000 ____D C:\Users\Totte\AppData\Local\Comms
2017-06-14 17:11 - 2017-06-14 17:11 - 00000000 ____D C:\Users\Totte\AppData\Local\NVIDIA Corporation
2017-06-14 17:09 - 2017-06-14 17:09 - 00000000 ____D C:\Users\Totte\AppData\Local\NVIDIA
2017-06-14 17:09 - 2017-06-14 17:09 - 00000000 ____D C:\Users\Totte\AppData\Local\MicrosoftEdge
2017-06-14 17:09 - 2017-06-14 17:09 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2017-06-14 16:15 - 2017-06-14 16:15 - 00251656 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klark.sys
2017-06-14 16:14 - 2017-06-14 16:14 - 00394296 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-06-14 16:11 - 2017-06-14 16:11 - 00229288 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_arkmon.sys
2017-06-14 16:11 - 2017-06-14 16:11 - 00173144 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_mark.sys
2017-06-14 16:11 - 2017-06-14 16:11 - 00112912 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_klbg.sys
2017-06-14 16:11 - 2017-06-14 16:11 - 00087584 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klupd_klif_kimul.sys
2017-06-14 16:10 - 2017-06-14 16:12 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2017-06-14 16:10 - 2017-06-14 16:10 - 00002213 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2017-06-14 16:10 - 2017-06-14 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2017-06-14 16:10 - 2017-04-28 15:05 - 01018592 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2017-06-14 16:10 - 2017-04-28 15:05 - 00520176 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2017-06-14 16:10 - 2017-04-28 15:05 - 00197336 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2017-06-14 16:10 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2017-06-14 12:12 - 2017-06-21 17:03 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Deployment
2017-06-14 01:22 - 2017-06-14 01:22 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2017-06-14 01:22 - 2017-06-14 00:24 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-06-14 01:21 - 2017-06-14 01:21 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2017-06-14 01:21 - 2017-06-14 01:21 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-14 01:21 - 2017-06-14 01:21 - 00000000 ____D C:\Program Files\MSBuild
2017-06-14 01:21 - 2017-06-14 01:21 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-14 01:21 - 2017-06-14 01:21 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-14 01:21 - 2017-02-10 12:26 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2017-06-14 01:21 - 2017-02-10 12:26 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-14 01:21 - 2017-02-10 12:26 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2017-06-14 01:21 - 2017-02-10 12:21 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2017-06-14 01:21 - 2017-02-10 12:21 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-14 01:21 - 2017-02-10 12:21 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2017-06-14 00:58 - 2017-06-08 03:45 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-06-14 00:57 - 2017-06-14 00:57 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-06-14 00:57 - 2017-06-08 03:45 - 00512960 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2017-06-14 00:57 - 2017-06-08 03:45 - 00418752 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2017-06-14 00:57 - 2017-06-08 02:01 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-06-14 00:57 - 2017-06-08 01:55 - 06467008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-06-14 00:57 - 2017-06-08 01:55 - 02479552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-06-14 00:57 - 2017-06-08 01:55 - 01762936 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-06-14 00:57 - 2017-06-08 01:55 - 00549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-06-14 00:57 - 2017-06-08 01:55 - 00392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-06-14 00:57 - 2017-06-08 01:55 - 00082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-06-14 00:57 - 2017-06-08 01:55 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-06-14 00:57 - 2017-06-08 01:38 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-06-14 00:57 - 2017-06-07 14:42 - 08075477 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-06-14 00:57 - 2017-03-10 23:17 - 00536864 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-06-14 00:57 - 2017-03-10 23:17 - 00525600 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-06-14 00:57 - 2017-03-10 23:17 - 00254240 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-06-14 00:57 - 2017-03-10 23:17 - 00233760 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-06-14 00:56 - 2017-06-08 03:45 - 40201664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 35390584 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 35281344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 28624320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 11056272 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 11028664 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 10551256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 09248144 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 09014976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 08808488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 04115112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 03796928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 03625992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 03256440 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 01988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438253.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 01615448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdagenco6420103.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 01606776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438253.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 01278712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 01275944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFThevc.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 01056888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00995736 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00994240 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00993360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFThevc.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00964216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00914880 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00775864 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00725112 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvDecMFTMjpeg.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00688784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00618928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmcumd.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00612088 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00584128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvDecMFTMjpeg.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00577728 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00218712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvhda64v.sys
2017-06-14 00:56 - 2017-06-08 03:45 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-06-14 00:56 - 2017-06-08 03:45 - 00045976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvhdap64.dll
2017-06-14 00:56 - 2017-06-08 03:45 - 00045163 _____ C:\WINDOWS\system32\nvinfo.pb
2017-06-14 00:56 - 2017-06-08 03:45 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-06-14 00:56 - 2017-06-08 03:45 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-06-14 00:52 - 2017-06-14 00:52 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-06-14 00:41 - 2017-06-03 12:15 - 01596600 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-06-14 00:41 - 2017-06-03 12:15 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-06-14 00:41 - 2017-06-03 12:15 - 00382368 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2017-06-14 00:41 - 2017-06-03 12:14 - 01147296 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-06-14 00:41 - 2017-06-03 12:14 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-06-14 00:41 - 2017-06-03 12:10 - 00130464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2017-06-14 00:41 - 2017-06-03 12:09 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-06-14 00:41 - 2017-06-03 12:09 - 01003624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2017-06-14 00:41 - 2017-06-03 12:08 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-06-14 00:41 - 2017-06-03 12:07 - 00923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-06-14 00:41 - 2017-06-03 12:07 - 00119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-06-14 00:41 - 2017-06-03 12:02 - 02444192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-06-14 00:41 - 2017-06-03 12:01 - 05477096 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-06-14 00:41 - 2017-06-03 12:00 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-06-14 00:41 - 2017-06-03 12:00 - 00321376 _____ (Microsoft Corporation) C:\WINDOWS\system32\capauthz.dll
2017-06-14 00:41 - 2017-06-03 12:00 - 00219040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2017-06-14 00:41 - 2017-06-03 11:59 - 01409048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-06-14 00:41 - 2017-06-03 11:59 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-06-14 00:41 - 2017-06-03 11:59 - 00311200 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2017-06-14 00:41 - 2017-06-03 11:59 - 00259400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotifyIcon.exe
2017-06-14 00:41 - 2017-06-03 11:58 - 21352696 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-06-14 00:41 - 2017-06-03 11:58 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-06-14 00:41 - 2017-06-03 11:58 - 00660384 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2017-06-14 00:41 - 2017-06-03 11:58 - 00254176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-06-14 00:41 - 2017-06-03 11:57 - 00371616 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-06-14 00:41 - 2017-06-03 11:55 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-06-14 00:41 - 2017-06-03 11:36 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-06-14 00:41 - 2017-06-03 11:35 - 02259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-06-14 00:41 - 2017-06-03 11:28 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-06-14 00:41 - 2017-06-03 11:26 - 00266640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\capauthz.dll
2017-06-14 00:41 - 2017-06-03 11:23 - 20373920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-06-14 00:41 - 2017-06-03 11:23 - 06760024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-06-14 00:41 - 2017-06-03 11:23 - 00573856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2017-06-14 00:41 - 2017-06-03 11:20 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-06-14 00:41 - 2017-06-03 11:14 - 03673088 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-06-14 00:41 - 2017-06-03 11:14 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-06-14 00:41 - 2017-06-03 11:14 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-06-14 00:41 - 2017-06-03 11:14 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\utcutil.dll
2017-06-14 00:41 - 2017-06-03 11:14 - 00047104 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2017-06-14 00:41 - 2017-06-03 11:12 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-06-14 00:41 - 2017-06-03 11:11 - 02958848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-06-14 00:41 - 2017-06-03 11:11 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-06-14 00:41 - 2017-06-03 11:11 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2017-06-14 00:41 - 2017-06-03 11:11 - 00038912 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2017-06-14 00:41 - 2017-06-03 11:11 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BasicRender.sys
2017-06-14 00:41 - 2017-06-03 11:11 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2017-06-14 00:41 - 2017-06-03 11:10 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-06-14 00:41 - 2017-06-03 11:10 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2017-06-14 00:41 - 2017-06-03 11:10 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCredentialDeployment.exe
2017-06-14 00:41 - 2017-06-03 11:09 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 00:41 - 2017-06-03 11:09 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\devicengccredprov.dll
2017-06-14 00:41 - 2017-06-03 11:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-06-14 00:41 - 2017-06-03 11:09 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-06-14 00:41 - 2017-06-03 11:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-06-14 00:41 - 2017-06-03 11:07 - 00778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-06-14 00:41 - 2017-06-03 11:07 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-06-14 00:41 - 2017-06-03 11:07 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-06-14 00:41 - 2017-06-03 11:07 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2017-06-14 00:41 - 2017-06-03 11:06 - 00551936 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-06-14 00:41 - 2017-06-03 11:05 - 20506624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-06-14 00:41 - 2017-06-03 11:05 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-06-14 00:41 - 2017-06-03 11:05 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-06-14 00:41 - 2017-06-03 11:05 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-06-14 00:41 - 2017-06-03 11:05 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devicengccredprov.dll
2017-06-14 00:41 - 2017-06-03 11:04 - 12787200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-06-14 00:41 - 2017-06-03 11:04 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-06-14 00:41 - 2017-06-03 11:04 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-06-14 00:41 - 2017-06-03 11:03 - 19336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-06-14 00:41 - 2017-06-03 11:03 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-06-14 00:41 - 2017-06-03 11:03 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-06-14 00:41 - 2017-06-03 11:02 - 08245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-06-14 00:41 - 2017-06-03 11:01 - 06726656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2017-06-14 00:41 - 2017-06-03 11:01 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-06-14 00:41 - 2017-06-03 11:00 - 03379200 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-06-14 00:41 - 2017-06-03 11:00 - 00933376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2017-06-14 00:41 - 2017-06-03 11:00 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 04730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 02672128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 02625024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-06-14 00:41 - 2017-06-03 10:59 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 01142784 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-06-14 00:41 - 2017-06-03 10:59 - 00975360 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2017-06-14 00:41 - 2017-06-03 10:59 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-06-14 00:41 - 2017-06-03 10:58 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-06-14 00:41 - 2017-06-03 10:58 - 02650112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-06-14 00:41 - 2017-06-03 10:58 - 02516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-06-14 00:41 - 2017-06-03 10:58 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-06-14 00:41 - 2017-06-03 10:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-06-14 00:41 - 2017-06-03 10:58 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2017-06-14 00:41 - 2017-06-03 10:57 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-06-14 00:41 - 2017-06-03 10:57 - 06535168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2017-06-14 00:41 - 2017-06-03 10:57 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-06-14 00:41 - 2017-06-03 10:57 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-06-14 00:41 - 2017-06-03 10:57 - 01675264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-06-14 00:41 - 2017-06-03 10:57 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-06-14 00:41 - 2017-06-03 10:57 - 00797184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2017-06-14 00:41 - 2017-06-03 10:56 - 06292992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-06-14 00:41 - 2017-06-03 10:55 - 03656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-06-14 00:41 - 2017-06-03 10:55 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-06-14 00:41 - 2017-06-03 10:55 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-06-14 00:41 - 2017-06-03 10:54 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-06-14 00:41 - 2017-06-03 10:54 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-06-14 00:41 - 2017-06-03 10:53 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-06-14 00:41 - 2017-06-03 10:51 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\bfsvc.exe
2017-06-14 00:41 - 2017-05-20 11:13 - 01333136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2017-06-14 00:41 - 2017-05-20 10:55 - 00606960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-06-14 00:41 - 2017-05-20 10:48 - 04469832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-06-14 00:41 - 2017-05-20 10:47 - 01474800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-06-14 00:41 - 2017-05-20 10:46 - 05821496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-06-14 00:41 - 2017-05-20 10:46 - 01266544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-06-14 00:41 - 2017-05-20 10:46 - 00754080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-06-14 00:41 - 2017-05-20 10:45 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-06-14 00:41 - 2017-05-20 10:44 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-06-14 00:41 - 2017-05-20 10:44 - 00181664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 05802968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 04672848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 02424016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 01455592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 01120864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-06-14 00:41 - 2017-05-20 10:43 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-06-14 00:41 - 2017-05-20 10:29 - 13840384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-06-14 00:41 - 2017-05-20 10:29 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-06-14 00:41 - 2017-05-20 10:27 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-06-14 00:41 - 2017-05-20 10:27 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smartscreenps.dll
2017-06-14 00:41 - 2017-05-20 10:26 - 00059904 _____ C:\WINDOWS\SysWOW64\xboxgipsynthetic.dll
2017-06-14 00:41 - 2017-05-20 10:26 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-06-14 00:41 - 2017-05-20 10:25 - 00826368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSMDesktopProvider.dll
2017-06-14 00:41 - 2017-05-20 10:25 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2017-06-14 00:41 - 2017-05-20 10:24 - 00362496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-06-14 00:41 - 2017-05-20 10:23 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-06-14 00:41 - 2017-05-20 10:22 - 01292288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-06-14 00:41 - 2017-05-20 10:22 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2017-06-14 00:41 - 2017-05-20 10:22 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DictationManager.dll
2017-06-14 00:41 - 2017-05-20 10:21 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-06-14 00:41 - 2017-05-20 10:21 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2017-06-14 00:41 - 2017-05-20 10:21 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Launcher.dll
2017-06-14 00:41 - 2017-05-20 10:20 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-06-14 00:41 - 2017-05-20 10:20 - 00507392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-06-14 00:41 - 2017-05-20 10:20 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-06-14 00:41 - 2017-05-20 10:20 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-06-14 00:41 - 2017-05-20 10:19 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-06-14 00:41 - 2017-05-20 10:18 - 01450496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-06-14 00:41 - 2017-05-20 10:17 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-06-14 00:41 - 2017-05-20 10:17 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2017-06-14 00:41 - 2017-05-20 10:17 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-06-14 00:41 - 2017-05-20 10:17 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-06-14 00:41 - 2017-05-20 10:16 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-06-14 00:41 - 2017-05-20 10:16 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-06-14 00:41 - 2017-05-20 10:16 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-06-14 00:41 - 2017-05-20 10:16 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-06-14 00:41 - 2017-05-20 10:15 - 02088960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2017-06-14 00:41 - 2017-05-20 10:14 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-06-14 00:41 - 2017-05-20 10:14 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-06-14 00:41 - 2017-05-20 10:14 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-06-14 00:41 - 2017-05-20 10:14 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-06-14 00:41 - 2017-05-20 10:14 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-06-14 00:41 - 2017-05-20 10:11 - 01536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-06-14 00:41 - 2017-05-20 10:10 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-06-14 00:41 - 2017-05-20 10:10 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2017-06-14 00:41 - 2017-05-20 10:10 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-06-14 00:41 - 2017-05-20 10:08 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RstrtMgr.dll
2017-06-14 00:41 - 2017-05-20 09:08 - 01459728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2017-06-14 00:41 - 2017-05-20 09:08 - 00543648 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-06-14 00:41 - 2017-05-20 09:07 - 00287648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2017-06-14 00:41 - 2017-05-20 09:03 - 00777400 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-06-14 00:41 - 2017-05-20 08:59 - 00112544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2017-06-14 00:41 - 2017-05-20 08:58 - 00188824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2017-06-14 00:41 - 2017-05-20 08:56 - 04847928 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-06-14 00:41 - 2017-05-20 08:56 - 00712608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-06-14 00:41 - 2017-05-20 08:56 - 00370928 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2017-06-14 00:41 - 2017-05-20 08:55 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-06-14 00:41 - 2017-05-20 08:55 - 01911752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-06-14 00:41 - 2017-05-20 08:55 - 01506712 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-06-14 00:41 - 2017-05-20 08:55 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-06-14 00:41 - 2017-05-20 08:55 - 00961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-06-14 00:41 - 2017-05-20 08:55 - 00211872 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-06-14 00:41 - 2017-05-20 08:54 - 00730016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-06-14 00:41 - 2017-05-20 08:54 - 00546208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2017-06-14 00:41 - 2017-05-20 08:54 - 00144288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2017-06-14 00:41 - 2017-05-20 08:53 - 00654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-06-14 00:41 - 2017-05-20 08:53 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-06-14 00:41 - 2017-05-20 08:53 - 00363424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2017-06-14 00:41 - 2017-05-20 08:53 - 00335808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-06-14 00:41 - 2017-05-20 08:53 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-06-14 00:41 - 2017-05-20 08:52 - 04709528 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-06-14 00:41 - 2017-05-20 08:52 - 01700408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2017-06-14 00:41 - 2017-05-20 08:51 - 06551856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-06-14 00:41 - 2017-05-20 08:51 - 02604256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-06-14 00:41 - 2017-05-20 08:51 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-06-14 00:41 - 2017-05-20 08:51 - 01219560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-06-14 00:41 - 2017-05-20 08:51 - 00406064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-06-14 00:41 - 2017-05-20 08:48 - 00387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-06-14 00:41 - 2017-05-20 08:10 - 00809472 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthSSO.dll
2017-06-14 00:41 - 2017-05-20 08:10 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-06-14 00:41 - 2017-05-20 08:10 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-06-14 00:41 - 2017-05-20 08:10 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrvext.dll
2017-06-14 00:41 - 2017-05-20 08:10 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksthunk.sys
2017-06-14 00:41 - 2017-05-20 08:09 - 17365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-06-14 00:41 - 2017-05-20 08:09 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-06-14 00:41 - 2017-05-20 08:09 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreenps.dll
2017-06-14 00:41 - 2017-05-20 08:08 - 00086016 _____ C:\WINDOWS\system32\xboxgipsynthetic.dll
2017-06-14 00:41 - 2017-05-20 08:08 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-06-14 00:41 - 2017-05-20 08:08 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2017-06-14 00:41 - 2017-05-20 08:07 - 00277504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2017-06-14 00:41 - 2017-05-20 08:07 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSaveExt.dll
2017-06-14 00:41 - 2017-05-20 08:07 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2017-06-14 00:41 - 2017-05-20 08:06 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSMDesktopProvider.dll
2017-06-14 00:41 - 2017-05-20 08:06 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2017-06-14 00:41 - 2017-05-20 08:06 - 00192512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
2017-06-14 00:41 - 2017-05-20 08:05 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-06-14 00:41 - 2017-05-20 08:05 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-06-14 00:41 - 2017-05-20 08:03 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-06-14 00:41 - 2017-05-20 08:03 - 00892416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2017-06-14 00:41 - 2017-05-20 08:03 - 00549888 _____ (Microsoft Corporation) C:\WINDOWS\system32\DictationManager.dll
2017-06-14 00:41 - 2017-05-20 08:03 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-06-14 00:41 - 2017-05-20 08:03 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-06-14 00:41 - 2017-05-20 08:03 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-06-14 00:41 - 2017-05-20 08:02 - 00616960 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowManagement.dll
2017-06-14 00:41 - 2017-05-20 08:02 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Launcher.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 02347520 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-06-14 00:41 - 2017-05-20 08:01 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\embeddedmodesvc.dll
2017-06-14 00:41 - 2017-05-20 08:00 - 01078272 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-06-14 00:41 - 2017-05-20 08:00 - 01067008 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2017-06-14 00:41 - 2017-05-20 08:00 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-06-14 00:41 - 2017-05-20 08:00 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-06-14 00:41 - 2017-05-20 08:00 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 01141760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 01028608 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 00972800 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-06-14 00:41 - 2017-05-20 07:59 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-06-14 00:41 - 2017-05-20 07:58 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-06-14 00:41 - 2017-05-20 07:58 - 03135488 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2017-06-14 00:41 - 2017-05-20 07:58 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-06-14 00:41 - 2017-05-20 07:58 - 01046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-06-14 00:41 - 2017-05-20 07:58 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ISM.dll
2017-06-14 00:41 - 2017-05-20 07:58 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-06-14 00:41 - 2017-05-20 07:57 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-06-14 00:41 - 2017-05-20 07:56 - 02730496 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-06-14 00:41 - 2017-05-20 07:56 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-06-14 00:41 - 2017-05-20 07:55 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-06-14 00:41 - 2017-05-20 07:55 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-06-14 00:41 - 2017-05-20 07:55 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-06-14 00:41 - 2017-05-20 07:55 - 01102848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2017-06-14 00:41 - 2017-05-20 07:54 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-06-14 00:41 - 2017-05-20 07:54 - 04537344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-06-14 00:41 - 2017-05-20 07:54 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-06-14 00:41 - 2017-05-20 07:54 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-06-14 00:41 - 2017-05-20 07:54 - 01275904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-06-14 00:41 - 2017-05-20 07:52 - 01356800 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-06-14 00:41 - 2017-05-20 07:52 - 00624640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-06-14 00:41 - 2017-05-20 07:52 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2017-06-14 00:41 - 2017-05-20 07:52 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2017-06-14 00:41 - 2017-05-20 07:51 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-06-14 00:41 - 2017-05-20 07:51 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2017-06-14 00:41 - 2017-05-20 07:50 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-06-14 00:41 - 2017-05-20 07:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2017-06-14 00:41 - 2017-05-20 07:48 - 02438656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-06-14 00:41 - 2017-05-20 07:48 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\vss_ps.dll
2017-06-14 00:41 - 2017-05-20 07:47 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2017-06-14 00:41 - 2017-05-20 07:47 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\RstrtMgr.dll
2017-06-14 00:41 - 2017-04-28 03:19 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-06-14 00:41 - 2017-04-28 03:16 - 00599576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-06-14 00:41 - 2017-04-28 03:11 - 02158544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-06-14 00:41 - 2017-04-28 03:09 - 01557288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-06-14 00:41 - 2017-04-28 03:08 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-06-14 00:41 - 2017-04-28 03:08 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-06-14 00:41 - 2017-04-28 03:07 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-06-14 00:41 - 2017-04-28 03:06 - 00708712 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-06-14 00:41 - 2017-04-28 03:03 - 00667040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2017-06-14 00:41 - 2017-04-28 02:59 - 02635336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-06-14 00:41 - 2017-04-28 02:59 - 00388000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2017-06-14 00:41 - 2017-04-28 02:59 - 00027040 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-06-14 00:41 - 2017-04-28 02:58 - 01852776 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-06-14 00:41 - 2017-04-28 02:57 - 03116184 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-06-14 00:41 - 2017-04-28 02:55 - 01325456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-06-14 00:41 - 2017-04-28 02:52 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-06-14 00:41 - 2017-04-28 02:49 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-06-14 00:41 - 2017-04-28 02:46 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-06-14 00:41 - 2017-04-28 02:46 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-06-14 00:41 - 2017-04-28 02:45 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-06-14 00:41 - 2017-04-28 02:44 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-06-14 00:41 - 2017-04-28 02:44 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-06-14 00:41 - 2017-04-28 02:42 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-06-14 00:41 - 2017-04-28 02:40 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-06-14 00:41 - 2017-04-28 02:40 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-06-14 00:41 - 2017-04-28 02:39 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-06-14 00:41 - 2017-04-28 02:37 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-06-14 00:41 - 2017-04-28 02:34 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-06-14 00:41 - 2017-04-28 02:15 - 01051648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-06-14 00:41 - 2017-04-28 02:11 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-06-14 00:41 - 2017-04-28 02:09 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-06-14 00:41 - 2017-04-28 02:08 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\webplatstorageserver.dll
2017-06-14 00:41 - 2017-04-28 02:08 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-06-14 00:41 - 2017-04-28 02:08 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-06-14 00:41 - 2017-04-28 02:07 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-06-14 00:41 - 2017-04-28 02:06 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2017-06-14 00:41 - 2017-04-28 02:06 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-06-14 00:41 - 2017-04-28 02:06 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-06-14 00:41 - 2017-04-28 02:05 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-06-14 00:41 - 2017-04-28 02:04 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-06-14 00:41 - 2017-04-28 02:03 - 01085440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-06-14 00:41 - 2017-04-28 02:03 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-06-14 00:41 - 2017-04-28 02:01 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-06-14 00:41 - 2017-04-28 01:59 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-06-14 00:41 - 2017-04-28 01:58 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-06-14 00:41 - 2017-04-28 01:57 - 01803264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-06-14 00:41 - 2017-04-28 01:54 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-06-14 00:41 - 2017-04-28 01:54 - 00970240 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-06-14 00:41 - 2017-04-28 01:54 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-06-14 00:41 - 2017-04-28 01:54 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-06-14 00:41 - 2017-04-28 01:52 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.ps.dll
2017-06-14 00:41 - 2017-04-19 09:06 - 00651680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-06-14 00:41 - 2017-04-19 09:04 - 00142240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-06-14 00:41 - 2017-04-19 09:02 - 00716440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2017-06-14 00:41 - 2017-04-19 08:18 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netvsc.sys
2017-06-14 00:41 - 2017-04-19 08:16 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2017-06-14 00:41 - 2017-04-19 08:15 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2017-06-14 00:41 - 2017-04-19 08:14 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-06-14 00:41 - 2017-04-19 08:12 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2017-06-14 00:41 - 2017-04-19 08:11 - 04446208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-06-14 00:41 - 2017-04-19 08:10 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\StartTileData.dll
2017-06-14 00:41 - 2017-04-19 08:10 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
2017-06-14 00:41 - 2017-04-19 08:10 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbghelp.dll
2017-06-14 00:41 - 2017-04-19 08:07 - 01242624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-06-14 00:41 - 2017-04-19 08:07 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-06-14 00:41 - 2017-04-19 08:02 - 00559000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-06-14 00:41 - 2017-04-19 08:01 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-06-14 00:41 - 2017-04-19 07:59 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-06-14 00:41 - 2017-04-19 07:37 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2017-06-14 00:41 - 2017-04-19 07:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2017-06-14 00:41 - 2017-04-19 07:32 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-06-14 00:41 - 2017-04-14 02:35 - 00741784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-06-14 00:41 - 2017-04-14 02:35 - 00673112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppResolver.dll
2017-06-14 00:41 - 2017-04-14 02:33 - 02085280 _____ (Microsoft Corporation) C:\WINDOWS\system32\UpdateAgent.dll
2017-06-14 00:41 - 2017-04-14 02:32 - 01320352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2017-06-14 00:41 - 2017-04-14 02:30 - 00105456 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2017-06-14 00:41 - 2017-04-14 01:43 - 00523296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppResolver.dll
2017-06-14 00:41 - 2017-04-14 01:41 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2017-06-14 00:41 - 2017-04-14 01:40 - 00095584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2017-06-14 00:41 - 2017-04-14 01:39 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmgaserver.exe
2017-06-14 00:41 - 2017-04-14 01:39 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2017-06-14 00:41 - 2017-04-14 01:39 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2017-06-14 00:41 - 2017-04-14 01:38 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Preview.dll
2017-06-14 00:41 - 2017-04-14 01:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-06-14 00:41 - 2017-04-14 01:37 - 00450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-06-14 00:41 - 2017-04-14 01:37 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2017-06-14 00:41 - 2017-04-14 01:37 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2017-06-14 00:41 - 2017-04-14 01:37 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-06-14 00:41 - 2017-04-14 01:36 - 00524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-06-14 00:41 - 2017-04-14 01:36 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2017-06-14 00:41 - 2017-04-14 01:35 - 01433600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-06-14 00:41 - 2017-04-14 01:35 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-06-14 00:41 - 2017-04-14 01:35 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-06-14 00:41 - 2017-04-14 01:34 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-06-14 00:41 - 2017-04-14 01:33 - 01269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-06-14 00:41 - 2017-04-14 01:33 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2017-06-14 00:41 - 2017-04-14 01:31 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2017-06-14 00:41 - 2017-04-14 01:31 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2017-06-14 00:41 - 2017-04-14 01:29 - 01583616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-06-14 00:41 - 2017-04-14 01:29 - 01295872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-06-14 00:41 - 2017-04-14 01:29 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-06-14 00:41 - 2017-04-14 01:29 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-06-14 00:41 - 2017-04-14 01:28 - 02443776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-06-14 00:41 - 2017-04-14 01:26 - 01257472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-06-14 00:41 - 2017-04-14 01:25 - 00750080 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2017-06-14 00:41 - 2017-04-14 01:24 - 01628160 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2017-06-14 00:41 - 2017-04-14 01:21 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2017-06-14 00:41 - 2017-04-14 01:18 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmgaserver.exe
2017-06-14 00:41 - 2017-04-14 01:15 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2017-06-14 00:41 - 2017-04-14 01:15 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2017-06-14 00:41 - 2017-04-14 01:13 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputSwitch.dll
2017-06-14 00:41 - 2017-04-14 01:13 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-06-14 00:41 - 2017-04-14 01:08 - 01463296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-06-14 00:41 - 2017-04-14 01:06 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-06-14 00:41 - 2017-04-14 01:04 - 00392704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-06-14 00:41 - 2017-04-14 01:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2017-06-14 00:41 - 2017-04-01 02:52 - 00409504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-06-14 00:41 - 2017-04-01 02:51 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-06-14 00:41 - 2017-04-01 02:29 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-06-14 00:41 - 2017-04-01 02:28 - 00354360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2017-06-14 00:41 - 2017-04-01 02:04 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-06-14 00:41 - 2017-04-01 02:02 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsDocumentTargetPrint.dll
2017-06-14 00:41 - 2017-04-01 02:01 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2017-06-14 00:41 - 2017-04-01 01:58 - 01506816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2017-06-14 00:41 - 2017-04-01 01:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-06-14 00:41 - 2017-04-01 01:56 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2017-06-14 00:41 - 2017-04-01 01:55 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-06-14 00:41 - 2017-04-01 01:55 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsDocumentTargetPrint.dll
2017-06-14 00:41 - 2017-04-01 01:52 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmjpegdec.dll
2017-06-14 00:41 - 2017-04-01 01:52 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2017-06-14 00:41 - 2017-04-01 01:50 - 01657344 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2017-06-14 00:41 - 2017-04-01 01:50 - 01605632 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2017-06-14 00:41 - 2017-04-01 01:45 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmjpegdec.dll
2017-06-14 00:41 - 2017-04-01 01:44 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2017-06-14 00:41 - 2017-03-31 23:00 - 00032004 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-06-14 00:37 - 2017-06-14 00:37 - 00000000 ____D C:\Users\Totte\AppData\Roaming\Mozilla
2017-06-14 00:37 - 2017-06-14 00:37 - 00000000 ____D C:\Users\Totte\AppData\LocalLow\Mozilla
2017-06-14 00:37 - 2017-06-14 00:37 - 00000000 ____D C:\Users\Totte\AppData\Local\Mozilla
2017-06-14 00:33 - 2017-06-14 00:33 - 00000020 ___SH C:\Users\Totte\ntuser.ini
2017-06-14 00:32 - 2017-06-23 16:15 - 02465360 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-06-14 00:32 - 2017-06-14 00:32 - 00000000 ____D C:\ProgramData\USOShared
2017-06-14 00:30 - 2017-06-14 00:30 - 00000020 ___SH C:\Users\Thorsten\ntuser.ini
2017-06-14 00:29 - 2017-06-14 00:29 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2017-06-14 00:29 - 2017-06-14 00:29 - 00011433 _____ C:\WINDOWS\diagerr.xml
2017-06-14 00:28 - 2017-06-23 16:16 - 00002832 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-06-14 00:28 - 2017-06-23 16:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-14 00:28 - 2017-06-14 00:28 - 00003398 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00003176 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002984 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002968 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002956 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002838 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002786 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002744 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-06-14 00:28 - 2017-06-14 00:28 - 00002590 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2017-06-14 00:28 - 2017-06-14 00:28 - 00002366 _____ C:\WINDOWS\System32\Tasks\ExclusiveTool
2017-06-14 00:28 - 2017-06-14 00:28 - 00002316 _____ C:\WINDOWS\System32\Tasks\{B301FEFB-A833-446E-9C0C-207F586A4694}
2017-06-14 00:28 - 2017-06-14 00:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\S-1-5-21-3759429136-1646547072-1336200546-1001
2017-06-14 00:26 - 2017-06-14 00:26 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2017-06-14 00:26 - 2017-03-18 22:56 - 02233344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-06-14 00:25 - 2017-06-23 16:38 - 00000000 ____D C:\Users\Totte
2017-06-14 00:25 - 2017-06-23 16:21 - 00000000 ____D C:\Users\Thorsten
2017-06-14 00:25 - 2017-06-14 00:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Vorlagen
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Startmenü
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Netzwerkumgebung
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Lokale Einstellungen
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Eigene Dateien
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Druckumgebung
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Documents\Eigene Videos
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Documents\Eigene Musik
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Documents\Eigene Bilder
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\AppData\Local\Verlauf
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\AppData\Local\Anwendungsdaten
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Totte\Anwendungsdaten
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Vorlagen
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Startmenü
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Netzwerkumgebung
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Lokale Einstellungen
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Eigene Dateien
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Druckumgebung
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Documents\Eigene Videos
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Documents\Eigene Musik
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Documents\Eigene Bilder
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\AppData\Local\Verlauf
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\AppData\Local\Anwendungsdaten
2017-06-14 00:25 - 2017-06-14 00:25 - 00000000 _SHDL C:\Users\Thorsten\Anwendungsdaten
2017-06-14 00:24 - 2017-06-23 16:39 - 00000000 ____D C:\ProgramData\NVIDIA
2017-06-14 00:24 - 2017-06-23 16:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-14 00:24 - 2017-06-14 00:58 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-06-14 00:24 - 2017-06-14 00:58 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-06-14 00:24 - 2017-06-14 00:58 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-06-13 20:41 - 2017-06-21 01:38 - 00000537 _____ C:\Users\Thorsten\Desktop\World of Warcraft.lnk
2017-06-12 21:51 - 2017-06-12 21:51 - 00000000 ____D C:\Users\Totte\AppData\Local\ElevatedDiagnostics
2017-06-12 15:27 - 2017-06-12 15:27 - 06783115 _____ C:\Users\Thorsten\Downloads\LVM-Fragebogen.pdf
2017-06-10 10:54 - 2017-06-10 10:54 - 00000000 ____D C:\Users\Totte\AppData\Roaming\Battle.net
2017-06-06 18:30 - 2017-06-14 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2017-06-06 18:30 - 2017-06-06 18:30 - 00001489 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-06-06 18:30 - 2017-05-18 09:35 - 01893312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-06-06 18:30 - 2017-05-18 09:35 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-06-06 18:30 - 2017-05-18 09:35 - 01477056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-06-06 18:30 - 2017-05-18 09:35 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-06-06 18:30 - 2017-05-18 09:35 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-06-06 18:28 - 2017-05-18 09:35 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-06-06 18:28 - 2017-05-18 09:35 - 00143296 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-06-06 18:28 - 2017-05-18 09:35 - 00048064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-06-06 18:15 - 2017-06-08 22:05 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\NVIDIA
2017-06-06 17:55 - 2017-06-06 17:55 - 00061304 _____ () C:\WINDOWS\system32\Drivers\lpsport.sys
2017-06-06 17:31 - 2017-06-06 17:31 - 00000000 ____D C:\Users\Totte\AVM_Driver
2017-06-06 01:00 - 2017-06-06 01:01 - 00000000 ____D C:\Users\Thorsten\AppData\Local\NVIDIA
2017-06-06 00:19 - 2017-06-06 17:46 - 00000000 ____D C:\Users\Totte\AppData\Local\CrashDumps
2017-06-06 00:19 - 2017-06-06 00:19 - 00000000 ____D C:\Users\Totte\AppData\Local\DBG
2017-06-05 19:56 - 2016-12-11 03:11 - 00001579 _____ C:\Users\Thorsten\Desktop\Anno 1701.lnk
2017-06-05 19:56 - 2016-12-11 02:36 - 00001320 _____ C:\Users\Thorsten\Desktop\Nexus Mod Manager.lnk
2017-06-05 19:54 - 2017-06-14 17:10 - 00002387 _____ C:\Users\Totte\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-06-05 19:54 - 2017-06-14 17:10 - 00000000 ___RD C:\Users\Totte\OneDrive
2017-06-05 19:52 - 2017-06-23 16:17 - 00000000 ____D C:\Users\Totte\AppData\Local\Packages
2017-06-05 19:52 - 2017-06-05 19:52 - 00000000 ____D C:\Users\Totte\AppData\Roaming\Adobe
2017-06-05 19:52 - 2017-06-05 19:52 - 00000000 ____D C:\Users\Totte\AppData\Local\VirtualStore
2017-06-05 19:52 - 2017-06-05 19:52 - 00000000 ____D C:\Users\Totte\AppData\Local\TileDataLayer
2017-06-05 19:52 - 2017-06-05 19:52 - 00000000 ____D C:\Users\Totte\AppData\Local\Publishers
2017-06-05 19:52 - 2017-06-05 19:52 - 00000000 ____D C:\Users\Totte\AppData\Local\ConnectedDevicesPlatform
2017-06-05 19:52 - 2017-05-25 23:54 - 00000000 ____D C:\Users\Totte\AppData\Roaming\VMware
2017-05-30 18:13 - 2017-05-30 18:13 - 00000232 _____ C:\Users\Thorsten\Desktop\Anno 2070.url
2017-05-29 16:32 - 2017-05-29 16:32 - 00000000 ____D C:\Users\Thorsten\Downloads\NearlyUnlimitedDu 1.1-2-1-2
2017-05-29 15:48 - 2017-05-29 15:48 - 00000000 ____D C:\Users\Thorsten\Documents\DeadIslandRiptideDE
2017-05-28 20:49 - 2017-05-29 16:38 - 00000000 _____ C:\WINDOWS\SysWOW64\last.dump
2017-05-28 20:42 - 2017-05-28 20:42 - 00000000 ____D C:\Users\Thorsten\Documents\DeadIslandDE
2017-05-27 19:14 - 2017-05-27 19:14 - 06655088 _____ (AVAST Software) C:\Users\Thorsten\Downloads\avast_free_antivirus_setup_online.exe
2017-05-27 18:42 - 2017-06-14 00:25 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-06-23 17:43 - 2016-12-18 23:16 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Battle.net
2017-06-23 17:39 - 2017-02-12 20:34 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Resilio Sync
2017-06-23 16:50 - 2016-12-11 02:19 - 00000000 ____D C:\Users\Thorsten\AppData\LocalLow\Mozilla
2017-06-23 16:43 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-23 16:40 - 2016-12-11 19:51 - 00000000 ____D C:\Users\Thorsten\AppData\Local\CrashDumps
2017-06-23 16:39 - 2016-12-11 02:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-06-23 16:20 - 2016-12-18 23:14 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-06-23 16:17 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-23 16:16 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-06-23 16:15 - 2017-03-20 06:35 - 01130924 _____ C:\WINDOWS\system32\perfh007.dat
2017-06-23 16:15 - 2017-03-20 06:35 - 00257250 _____ C:\WINDOWS\system32\perfc007.dat
2017-06-23 16:10 - 2017-02-12 20:35 - 00000000 ____D C:\Users\Thorsten\Desktop\sync
2017-06-23 16:09 - 2016-12-11 16:59 - 00000000 ____D C:\ProgramData\VMware
2017-06-23 16:08 - 2017-03-18 13:40 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-06-21 22:50 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-06-21 02:36 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-06-20 15:48 - 2016-12-11 17:22 - 00000000 ____D C:\Program Files\Rockstar Games
2017-06-20 15:48 - 2016-12-11 17:22 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2017-06-20 11:13 - 2017-05-14 14:52 - 00001235 _____ C:\Users\Thorsten\Desktop\Mass Effect Andromeda.lnk
2017-06-20 11:13 - 2016-12-11 22:04 - 00001551 _____ C:\Users\Thorsten\Desktop\Skyrim Special Edition.lnk
2017-06-20 11:13 - 2016-12-11 03:12 - 00001668 _____ C:\Users\Thorsten\Desktop\Anno 1404.lnk
2017-06-20 11:13 - 2016-12-11 03:01 - 00001448 _____ C:\Users\Thorsten\Desktop\Dead Space 3.lnk
2017-06-19 20:26 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-06-17 00:59 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-06-17 00:50 - 2016-12-11 03:27 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Ubisoft Game Launcher
2017-06-16 04:20 - 2016-12-11 19:58 - 00000000 ____D C:\Users\Thorsten\AppData\Local\VMware
2017-06-16 03:59 - 2017-03-13 23:14 - 00000000 ____D C:\Users\Default\AppData\Roaming\VMware
2017-06-16 03:59 - 2017-03-13 23:14 - 00000000 ____D C:\Users\Default User\AppData\Roaming\VMware
2017-06-16 03:59 - 2016-12-11 19:58 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\VMware
2017-06-16 02:30 - 2016-12-11 01:09 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Packages
2017-06-14 17:12 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\PrintDialog
2017-06-14 17:12 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\MiracastView
2017-06-14 17:09 - 2016-12-11 01:09 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-06-14 16:12 - 2016-06-14 17:47 - 00199392 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\kneps.sys
2017-06-14 16:11 - 2016-12-11 02:03 - 00000000 ____D C:\Program Files\Common Files\AV
2017-06-14 16:10 - 2017-03-18 23:03 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2017-06-14 16:08 - 2017-02-26 12:34 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2017-06-14 10:52 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\appcompat
2017-06-14 01:23 - 2017-03-18 23:03 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2017-06-14 01:22 - 2017-03-18 23:06 - 00000000 ____D C:\WINDOWS\Setup
2017-06-14 01:05 - 2016-12-11 01:14 - 00000000 ____D C:\Program Files (x86)\avmwlanstick
2017-06-14 00:57 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Help
2017-06-14 00:48 - 2016-12-11 02:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Provisioning
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-06-14 00:45 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-06-14 00:45 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-06-14 00:43 - 2016-12-11 01:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-06-14 00:42 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-06-14 00:42 - 2016-12-11 01:58 - 133627792 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-06-14 00:39 - 2017-02-27 13:20 - 00001005 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-06-14 00:39 - 2017-02-27 13:20 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-06-14 00:32 - 2017-03-18 23:03 - 00000000 ____D C:\ProgramData\USOPrivate
2017-06-14 00:30 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows NT
2017-06-14 00:29 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\Registration
2017-06-14 00:28 - 2017-03-18 23:03 - 00000000 __RSD C:\WINDOWS\Media
2017-06-14 00:28 - 2017-03-18 23:03 - 00000000 __RHD C:\Users\Public\Libraries
2017-06-14 00:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2017-06-14 00:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2017-06-14 00:28 - 2016-12-11 14:00 - 00023056 _____ C:\WINDOWS\system32\emptyregdb.dat
2017-06-14 00:26 - 2017-05-01 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ANNO 1503 GOLD
2017-06-14 00:26 - 2017-04-21 16:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anno 1701
2017-06-14 00:26 - 2017-04-11 20:52 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-06-14 00:26 - 2017-03-13 23:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2017-06-14 00:26 - 2017-01-03 19:20 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2017-06-14 00:26 - 2016-12-18 23:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2017-06-14 00:26 - 2016-12-11 13:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2017-06-14 00:26 - 2016-12-11 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-06-14 00:26 - 2016-12-11 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!WLAN
2017-06-14 00:25 - 2017-03-20 06:37 - 00000000 ____D C:\WINDOWS\HoloShell
2017-06-14 00:25 - 2017-03-20 06:37 - 00000000 ____D C:\ProgramData\WindowsHolographicDevices
2017-06-14 00:25 - 2017-03-20 06:35 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2017-06-14 00:25 - 2017-03-20 06:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2017-06-14 00:25 - 2017-03-20 06:35 - 00000000 ____D C:\WINDOWS\system32\WCN
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 __SHD C:\Program Files\Windows Sidebar
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\spool
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\MUI
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\InputMethod
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\IME
2017-06-14 00:25 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-06-14 00:25 - 2017-03-14 20:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2017-06-14 00:25 - 2016-12-11 17:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2017-06-14 00:24 - 2017-03-18 13:40 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2017-06-12 22:27 - 2016-12-12 22:08 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\TeamViewer
2017-06-06 18:14 - 2017-03-18 13:23 - 00000000 ____D C:\Users\Thorsten\AppData\Local\NVIDIA Corporation
2017-06-06 00:04 - 2017-03-18 13:15 - 00189112 _____ (Power Admin LLC) C:\WINDOWS\PAExec.exe
2017-06-05 22:58 - 2016-12-11 01:58 - 00565416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-06-03 10:43 - 2017-01-03 19:20 - 00000000 ____D C:\Users\Thorsten\AppData\Local\Apps\2.0
2017-06-03 08:32 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-03 08:32 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-05-30 00:03 - 2017-02-23 13:22 - 00548392 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-05-27 19:13 - 2017-05-15 17:09 - 00000197 _____ C:\Users\Thorsten\Desktop\Tom Clancy's Ghost Recon® Wildlands.url
2017-05-25 19:34 - 2016-12-11 02:56 - 00000000 ____D C:\Users\Thorsten\AppData\Roaming\BioshockHD
2017-05-25 19:34 - 2016-12-11 02:23 - 00000000 ____D C:\Users\Thorsten\Documents\BioshockHD

==================== Files in the root of some directories =======

2016-12-21 22:18 - 2017-01-10 00:24 - 0005110 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-21 22:18 - 2017-01-09 18:29 - 0005437 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-06-14 00:24

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
Ran by Totte (23-06-2017 17:49:36)
Running from C:\Users\Thorsten\Desktop
Windows 10 Home Version 1703 (X64) (2017-06-13 22:30:16)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3759429136-1646547072-1336200546-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3759429136-1646547072-1336200546-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-3759429136-1646547072-1336200546-1000 - Administrator - Disabled)
Gast (S-1-5-21-3759429136-1646547072-1336200546-501 - Limited - Disabled)
Thorsten (S-1-5-21-3759429136-1646547072-1336200546-1001 - Limited - Enabled) => C:\Users\Thorsten
Totte (S-1-5-21-3759429136-1646547072-1336200546-1007 - Administrator - Enabled) => C:\Users\Totte

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ANNO 1503 GOLD (HKLM-x32\...\{DB833EF9-A198-49BE-970A-BD46F30BFBB4}) (Version: 1.05.00 - )
Anno 1701 (HKLM-x32\...\{A2433A63-5F5D-40E5-B529-9123C2B3E734}) (Version: 1.04 - Sunflowers)
Anno 2070 (HKLM-x32\...\Uplay Install 22) (Version: - Ubisoft)
Anno 2205 (HKLM-x32\...\Uplay Install 1253) (Version: - Ubisoft)
Ansel (Version: 382.53 - NVIDIA Corporation) Hidden
Assassin's Creed IV Black Flag (HKLM-x32\...\Uplay Install 273) (Version: - Ubisoft)
AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: 06.20.00 - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BioShock Infinite (HKLM\...\Steam App 8870) (Version: - Irrational Games)
BioShock Remastered (HKLM\...\Steam App 409710) (Version: - 2K Boston)
Curse Client (HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\101a9f93b8f0bb6f) (Version: 5.1.1.844 - Curse)
Dark Souls: Prepare to Die Edition (HKLM\...\Steam App 211420) (Version: - FromSoftware)
DARK SOULS™ II: Scholar of the First Sin (HKLM\...\Steam App 335300) (Version: - FromSoftware, Inc)
DARK SOULS™ III (HKLM\...\Steam App 374320) (Version: - FromSoftware, Inc.)
Dead Island Definitive Edition (HKLM\...\Steam App 383150) (Version: - Techland)
Dead Island Riptide Definitive Edition (HKLM\...\Steam App 383180) (Version: - Techland)
Dragon's Dogma: Dark Arisen (HKLM\...\Steam App 367500) (Version: - Capcom)
Far Cry 3 (HKLM-x32\...\Uplay Install 46) (Version: - Ubisoft)
Far Cry 4 (HKLM-x32\...\Uplay Install 420) (Version: - Ubisoft)
Far Cry Primal (HKLM-x32\...\Uplay Install 2010) (Version: - Ubisoft)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version: - GOG.com)
Grand Theft Auto V (HKLM-x32\...\{E01FA564-2094-4833-8F2F-1FFEC6AFCC46}) (Version: "1.00.0000" - Rockstar Games)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 17.0.0.611 - Kaspersky Lab) Hidden
Lords Of The Fallen (HKLM\...\Steam App 265300) (Version: - CI Games)
Mass Effect™ (HKLM-x32\...\{44A570EE-FD93-4086-8997-2C38DFDE0019}) (Version: 1.2.20608.0 - Electronic Arts)
Mass Effect™ 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.2.1604.0 - Electronic Arts)
Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.05.0.0 - Electronic Arts)
Mass Effect™: Andromeda (HKLM-x32\...\{72BBCA87-9350-48BC-9E2F-6DBC1E80C993}) (Version: 1.0.0.6 - Electronic Arts)
Microsoft OneDrive (HKU\S-1-5-21-3759429136-1646547072-1336200546-1007\...\OneDriveSetup.exe) (Version: 17.3.6816.0313 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Mozilla Firefox 54.0 (x64 de) (HKLM\...\Mozilla Firefox 54.0 (x64 de)) (Version: 54.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 54.0 - Mozilla)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.63.14 - Black Tree Gaming)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.53 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.6.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.6.0.74 - NVIDIA Corporation)
NVIDIA Grafiktreiber 382.53 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.53 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.27 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.10.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Origin (HKLM-x32\...\Origin) (Version: 10.4.12.59996 - Electronic Arts, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
resident evil 4 / biohazard 4 (HKLM\...\Steam App 254700) (Version: - Capcom)
Resident Evil 5 / Biohazard 5 (HKLM\...\Steam App 21690) (Version: - Capcom)
Resilio Sync (HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\Resilio Sync) (Version: 2.4.4 - Resilio, Inc.)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.2.1.9 - Rockstar Games)
SHIELD Streaming (Version: 7.1.0370 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.6.0.74 - NVIDIA Corporation) Hidden
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.31.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Blood and Wine (HKLM-x32\...\Blood and Wine_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Free DLC program (16 DLC) (HKLM-x32\...\Free DLC program (16 DLC)_is1) (Version: 1.24.0.0 - GOG.com)
The Witcher 3: Wild Hunt - Hearts of Stone (HKLM-x32\...\Hearts of Stone_is1) (Version: 1.24.0.0 - GOG.com)
Tom Clancy's Ghost Recon Wildlands (HKLM-x32\...\Uplay Install 1771) (Version: - Ubisoft)
Tom Clancy's The Division (HKLM-x32\...\Uplay Install 568) (Version: - Ubisoft)
Uplay (HKLM-x32\...\Uplay) (Version: 32.1 - Ubisoft)
VMware Player (HKLM\...\{6F56D83D-1A5B-4965-9FDA-1E0A72CC93FF}) (Version: 12.5.3 - VMware, Inc.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3759429136-1646547072-1336200546-1001_Classes\CLSID\{1636844b-7ba3-410e-a611-dfaa8e10e218}\InprocServer32 -> c:\windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3759429136-1646547072-1336200546-1001_Classes\CLSID\{581FFA00-FC33-0004-0402-95003A5CDE89}\InprocServer32 -> C:\Users\Thorsten\AppData\Roaming\Resilio Sync\ShellExtensionPath64_2DC.dll ()
CustomCLSID: HKU\S-1-5-21-3759429136-1646547072-1336200546-1001_Classes\CLSID\{581FFA01-FC33-0004-0402-95003A5CDE89}\InprocServer32 -> C:\Users\Thorsten\AppData\Roaming\Resilio Sync\ShellExtensionPath64_2DC.dll ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {36DEA989-AA49-47F8-9AA7-5FA1A3C36759} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-18] (NVIDIA Corporation)
Task: {3C711C9D-99B2-4464-B373-3098F6D2C8E1} - System32\Tasks\ExclusiveTool => D:\Games\Playstation 3 +4\DS4\ExclusiveModeTool.exe
Task: {4589F750-2C44-446A-89A4-BB3CA5C99581} - System32\Tasks\{B301FEFB-A833-446E-9C0C-207F586A4694} => pcalua.exe -a "D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\upc.exe" -c uplay://uninstall/80
Task: {5709DE2D-DB1D-4A20-9A72-49628715CE49} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)
Task: {5E3BBA3B-6553-442E-81B2-277C2BC63D33} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\Explorer.EXE /NOUACCHECK
Task: {62B330CD-738E-4373-994F-3444D04DB45C} - System32\Tasks\S-1-5-21-3759429136-1646547072-1336200546-1001\DataSenseLiveTileTask => C:\WINDOWS\System32\DataUsageLiveTileTask.exe [2017-03-18] (Microsoft Corporation)
Task: {633B6EB9-1CD6-40FB-8376-57A6343E5D03} - System32\Tasks\Microsoft\Windows\PLA\System\{A57BBEB6-1C08-42FD-9A05-6E30DC287C30}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {B83B02DD-0ABE-4EC3-BF4E-84EE800306D7} - System32\Tasks\Microsoft\Windows\PLA\System\{54AF9FB3-91D1-437F-8533-6AA46A425A90}_System Diagnostics => Rundll32.exe C:\WINDOWS\system32\pla.dll,PlaHost "system\System Diagnostics" "$(Arg0)"
Task: {B897DFBB-6BB9-4151-A41E-5E6E896AEBD4} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {D7DCBCE3-689E-4C6E-98B7-482AF4039B1E} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-18] (NVIDIA Corporation)
Task: {DD0D0EF5-3FB8-4611-95C4-AD3135D08CA2} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [2017-05-18] (NVIDIA Corporation)
Task: {DD76849D-6554-452F-8E1A-5C49214CE939} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-05-18] (NVIDIA Corporation)
Task: {DDA69BD5-6AAD-49DC-961A-A58AA672D72B} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-18] (NVIDIA Corporation)
Task: {DFD37D91-9D66-4110-B8FA-2DD0E75759B9} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-18] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-02-26 13:42 - 2017-02-26 13:42 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2017-06-06 18:29 - 2017-05-18 09:35 - 01267136 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-02-12 20:34 - 2017-02-12 20:34 - 00529408 _____ () C:\ProgramData\Resilio Sync\ShellExtensionOverlay64_2DC.dll
2017-02-12 20:34 - 2017-02-12 20:34 - 01222656 _____ () C:\Users\Thorsten\AppData\Roaming\Resilio Sync\ShellExtensionPath64_2DC.dll
2017-03-18 22:59 - 2017-03-20 06:36 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2014-03-18 16:42 - 2017-04-16 17:44 - 00176408 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2017-01-17 19:32 - 2017-04-04 19:36 - 00020248 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\libEGL.DLL
2017-01-17 19:32 - 2017-04-04 19:36 - 01975064 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\libGLESv2.dll
2013-12-05 22:42 - 2017-04-16 17:44 - 00107288 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win64.dll
2013-12-05 22:42 - 2017-04-16 17:44 - 00128280 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win64.dll
2017-04-04 19:36 - 2017-04-04 19:36 - 00345880 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\config\plugins\clientquery_plugin_win64.dll
2017-02-20 19:31 - 2017-06-08 18:02 - 00152064 _____ () D:\Program Files (x86)\TeamSpeak 3 Client\config\plugins\gamepad_joystick_win64.dll
2017-06-20 11:14 - 2017-06-20 11:14 - 01529320 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8941\Battle.net Helper.exe
2016-06-28 00:19 - 2016-06-28 00:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2016-12-25 21:42 - 2017-05-10 20:53 - 02493440 _____ () D:\Program Files (x86)\Electronic Arts\Origin\libGLESv2.dll
2017-06-06 18:29 - 2017-05-18 09:35 - 01040320 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-06-20 11:14 - 2017-06-20 11:14 - 55758824 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8941\libcef.dll
2017-06-20 11:15 - 2017-06-20 11:15 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8941\ortp.dll
2017-06-20 11:14 - 2017-06-20 11:14 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8941\libEGL.dll
2017-06-20 11:14 - 2017-06-20 11:15 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8941\libGLESv2.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 13:04 - 2015-07-10 13:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\Control Panel\Desktop\\Wallpaper -> c:\users\thorsten\downloads\19517_en_1.jpeg
HKU\S-1-5-21-3759429136-1646547072-1336200546-1007\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "SecurityHealth"
HKLM\...\StartupApproved\Run: => "ShadowPlay"
HKLM\...\StartupApproved\Run32: => "AVMWlanClient"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\StartupApproved\StartupFolder: => "CurseClientStartup.ccip"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\StartupApproved\Run: => "GalaxyClient"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\StartupApproved\Run: => "OneDriveSetup"
HKU\S-1-5-21-3759429136-1646547072-1336200546-1007\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{52B80227-5697-4D58-BEEA-67C9A84CC65D}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DIRDE\DeadIslandRiptideGame.exe
FirewallRules: [{3EB26B25-289C-47EB-8DF6-457D34F84E22}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DIRDE\DeadIslandRiptideGame.exe
FirewallRules: [{397CC797-76F6-4A69-B916-1FBE281D8E86}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F4891926-02DC-4C3B-BDCE-FC00FF54E01A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F7BD0CC-944B-406C-AF12-D5B8D7DF1A23}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{D59B92BB-D889-4DED-AF8D-EF8FC9833CD0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{99DF73E3-7CEE-4A8A-A526-21892B9F2BA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{80E99D7F-7955-4CD4-9C45-BF243AD2C744}] => (Allow) E:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{041BF958-72A6-4ECF-941A-A01DEC445700}] => (Allow) E:\Steam\steamapps\common\DARK SOULS III\Game\DarkSoulsIII.exe
FirewallRules: [{080A2821-8257-45FB-8CDE-96D15BB98E32}] => (Allow) E:\Ubisoft\Anno 2205\Bin\Win64\Anno2205.exe
FirewallRules: [{A8F5E879-3933-491C-9DA4-43C05AABB627}] => (Allow) D:\Program Files (x86)\Ubisoft\Related Designs\Anno 1701\Anno1701.exe
FirewallRules: [{A1415013-E795-48D5-A43B-4DB34118CDAB}] => (Allow) D:\Program Files (x86)\Ubisoft\Related Designs\Anno 1701\Anno1701.exe
FirewallRules: [{76951124-558B-4F1A-953C-973F4171F087}] => (Allow) E:\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe
FirewallRules: [{73768070-6C00-46AF-A85A-BE5C89206110}] => (Allow) E:\Steam\steamapps\common\BioShock Remastered\Build\Final\BioshockHD.exe
FirewallRules: [{CCBF3D1E-CA0B-4C3D-8CF9-E6D60F45E152}] => (Allow) E:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{51A44C27-5E8F-49E5-BCAF-E4BB78D8472B}] => (Allow) E:\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{585A4EDB-8A52-462D-99E4-6873643AA562}] => (Allow) E:\Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe
FirewallRules: [{5DC514B6-3542-4F39-91CF-3D9D4126D575}] => (Allow) E:\Steam\steamapps\common\Lords Of The Fallen\bin\LordsOfTheFallen.exe
FirewallRules: [{16AAEBFF-E8EB-47AF-AF13-35E58103325D}] => (Allow) C:\Users\Thorsten\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{741BD457-6DBE-45C2-95E9-3CD800C626A8}] => (Allow) C:\Users\Thorsten\AppData\Roaming\Resilio Sync\Resilio Sync.exe
FirewallRules: [{3DB27B25-7184-48B7-9C2E-4BA038EE126E}] => (Allow) E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{D9E3FF33-0ADE-43D1-AA4F-DECA7C498A15}] => (Allow) E:\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{2ECBF74D-40A1-40B0-ACE9-7F8B9B88DDCE}] => (Allow) D:\Program Files (x86)\Electronic Arts\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{416F9C5B-5657-4B8A-8D5E-20E5ABF60DF2}] => (Allow) D:\Program Files (x86)\Electronic Arts\Mass Effect 3\Binaries\Win32\MassEffect3.exe
FirewallRules: [{8D0C82BD-E48A-4EE6-8BCF-77999C1CF927}] => (Allow) D:\Program Files (x86)\Electronic Arts\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{890AE306-4263-477F-B096-5132D1CA4ACF}] => (Allow) D:\Program Files (x86)\Electronic Arts\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{8E4A4143-B1B3-4E79-AADB-E37D82D9E30B}] => (Allow) D:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{0C3D0737-F7DF-460F-97AD-28E917B7A18A}] => (Allow) D:\Program Files (x86)\Electronic Arts\Mass Effect\Binaries\MassEffect.exe
FirewallRules: [{024CBA58-F148-4778-88E3-FF133BB22213}] => (Allow) E:\Ubisoft\Tom Clancy's The Division\TheDivision.exe
FirewallRules: [{EF63B2E9-BA39-441F-94AC-0C28DF3A760B}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{47B6C331-7F36-4171-A2F8-B627EB3BB2F9}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\left 4 dead 2\left4dead2.exe
FirewallRules: [{A0D056F5-2D39-4251-9BA3-F8E5D86E66F6}] => (Allow) E:\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{CC318337-C535-4A49-9799-A475AF60F2C5}] => (Allow) E:\Steam\steamapps\common\DDDA\DDDA.exe
FirewallRules: [{10377A8E-153C-4DE8-82E7-4F4BBAB2141D}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{13068EAE-4082-4314-8047-21BB556AA210}] => (Allow) E:\Steam\steamapps\common\Skyrim Special Edition\SkyrimSELauncher.exe
FirewallRules: [{0478D872-2BAE-45AE-AB4C-B691054B93B8}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{43AF8C54-EDBD-4BD6-96E6-1C8E6E07D357}] => (Allow) D:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{FFBB8CA6-8FDB-47C4-9B7E-247D8A45356C}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{A832FFA3-717E-47F7-A686-CAEE308B5799}] => (Allow) D:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{965DDF8F-E1EE-4754-9BB9-DA1E16DF77EA}] => (Allow) E:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F4933751-18A7-4BE2-A26C-1BF1A0B3466D}] => (Allow) E:\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{E2777161-B430-4F05-A0BE-1BFCBB4E719A}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C0B30F5D-0FEF-49E6-A705-4217F6E5BA8C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{98547060-E470-4260-A1C6-C9CDCC3B0352}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{022BB4A7-9415-472F-8947-A7FEE3EB6A63}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{40DAF89D-337E-430A-B521-F31C6E344385}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{872C3F69-74D1-426D-965E-BB607422AA97}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{11437927-1197-45B6-BBD1-B1901F6DA966}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{565CCADA-8CAB-41A2-9D79-E0792E2E96E8}] => (Allow) D:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{C4C8B035-79C7-4908-916C-8EAC12206064}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{29963FAC-B76B-445B-AA6F-4F79ADC0721A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{48A4C02A-198A-4011-ACE2-2A524B983DD8}] => (Allow) E:\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{3338B533-6677-4608-BC98-77ADD4BB81BB}] => (Allow) E:\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{1CEF5F1F-AACF-4C3C-94D4-718AFB429C25}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{1B1E5D23-D814-465E-8DA5-CC348BD1CD9C}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{48A03255-080D-4D21-9415-345E40DCF89B}] => (Allow) E:\EA\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{26001B94-B72E-47CB-BA11-E7F4F6A2B056}] => (Allow) E:\EA\Mass Effect Andromeda\MassEffectAndromedaTrial.exe
FirewallRules: [{F66D9EAB-DA6F-4345-9050-5C78EE2F7883}] => (Allow) E:\EA\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{23CF2322-057F-4252-B5FB-83B137E38BE8}] => (Allow) E:\EA\Mass Effect Andromeda\MassEffectAndromeda.exe
FirewallRules: [{A5BB6034-D3FB-4E85-9DE3-80FCBCEFC7AE}] => (Allow) E:\Ubisoft\Tom Clancy's Ghost Recon Wildlands\GRW.exe
FirewallRules: [{FABDEE56-1E2A-46CC-BB3D-06E142C597BE}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{D9446DFD-B291-46C6-AC82-0407C8242B40}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\Resident Evil 5\Launcher.exe
FirewallRules: [{C622BBB7-C684-4137-B261-223E5BAED78E}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{4086DC84-DD16-485C-A50B-895FBAC5A638}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\BioShockInfinite.exe
FirewallRules: [{4B153D38-5AA2-4820-A14B-F004908D8DA6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DIDE\DeadIslandGame.exe
FirewallRules: [{4BA125D1-A118-47BA-8ED5-DF9716D801F6}] => (Allow) D:\Program Files (x86)\Steam\SteamApps\common\DIDE\DeadIslandGame.exe

==================== Restore Points =========================

23-06-2017 16:04:28 Removed Java 8 Update 121

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2017 11:51:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 10.0.15063.332 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1b40

Startzeit: 01d2ead4bf1c5d20

Beendigungszeit: 2168

Anwendungspfad: C:\Windows\explorer.exe

Berichts-ID: f37cd79e-de80-4a3a-b765-5e9a4463afc6

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (06/21/2017 11:37:48 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (06/21/2017 11:37:48 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (06/21/2017 11:37:41 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (06/21/2017 11:37:41 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (06/21/2017 11:22:05 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x8007001f, Ein an das System angeschlossenes Gerät funktioniert nicht.
.


Vorgang:
Asynchroner Vorgang wird ausgeführt

Kontext:
Aktueller Status: DoSnapshotSet

Error: (06/21/2017 11:22:00 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
Generatordaten werden gesammelt

Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {1c19c935-1239-4ab3-9a5b-0015c162cecd}

Error: (06/21/2017 10:51:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (06/21/2017 10:51:15 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000

Error: (06/21/2017 10:51:07 PM) (Source: Microsoft Security Client) (EventID: 5000) (User: )
Description: Event-ID 5000


System errors:
=============
Error: (06/23/2017 04:09:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.

Error: (06/23/2017 04:06:23 PM) (Source: DCOM) (EventID: 10010) (User: MIFCOM2013)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (06/23/2017 01:44:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.

Error: (06/22/2017 09:46:30 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/22/2017 07:57:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.

Error: (06/21/2017 11:54:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet:
Die Anforderung wird nicht unterstützt.

Error: (06/21/2017 11:50:22 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (06/21/2017 11:50:21 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (06/21/2017 11:50:20 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.

Error: (06/21/2017 11:50:20 PM) (Source: cdrom) (EventID: 7) (User: )
Description: Fehlerhafter Block bei Gerät \Device\CdRom0.


CodeIntegrity:
===================================
Date: 2017-06-23 16:33:27.889
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-23 16:33:14.023
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-23 00:39:21.768
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-23 00:39:21.644
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-21 23:29:06.613
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-21 23:25:34.361
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-21 23:25:34.250
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-21 20:33:12.501
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-21 20:33:12.447
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

Date: 2017-06-21 02:05:35.553
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 44%
Total physical RAM: 16328.04 MB
Available physical RAM: 9013.66 MB
Total Virtual: 18760.04 MB
Available Virtual: 11217.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.3 GB) (Free:76.59 GB) NTFS
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:427.67 GB) NTFS
Drive e: (Volume) (Fixed) (Total:1863.01 GB) (Free:1349.31 GB) NTFS
Drive f: (ANNO1701) (CDROM) (Total:1.95 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: CE621444)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E71C38B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 495AE50F)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 June 2017 - 01:26 PM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 23 June 2017 - 01:43 PM

Thank you for the information.

Please do this. Make sure to copy and paste all information in your reply unless I request you attach the file.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\MountPoints2: {236921cf-bf26-11e6-9bc1-806e6f6e6963} - "F:\Autorun.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24}
U3 aspnet_state; no ImagePath
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Malwarebytes AdwCleaner

-------------------
  • Please download AdwCleaner and save it on your desktop.
  • Close all open programs and browsers
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed if there are threats found you will see Found 3 threats or something similar above the progress bar
  • Click each tab under Results and uncheck any items you want to keep
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Click OK twice to finish the removal process by automatically rebooting your computer
  • Once completed an AdwCleaner document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • MTB log
  • Update on computer performance

Edited by Oh My!, 23 June 2017 - 01:46 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 24 June 2017 - 05:17 AM

Hello Oh My!

Here the logs.

My friend has runned frst on german. I have translate you to english.

 

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version: 21-06-2017 01
durchgeführt von Totte (24-06-2017 11:58:53) Run:1
Gestartet von C:\Users\Thorsten\Desktop
Geladene Profile: Thorsten & Totte (Verfügbare Profile: Thorsten & Totte)
Start-Modus: Normal
==============================================
 
fixlist Inhalt:
*****************
 
CreateRestorePoint:
CloseProcesses:
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\...\MountPoints2: {236921cf-bf26-11e6-9bc1-806e6f6e6963} - "F:\Autorun.exe"
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24}
U3 aspnet_state; no ImagePath
emptytemp:
 
*****************
 
Wiederherstellungspunkt wurde erfolgreich erstellt. (ok)
Prozesse erfolgreich geschlossen. (process are closed)
HKLM Group Policy restriction on software: %systemroot%\system32\mrt.exe => erfolgreich wiederhergestellt (success)
HKU\S-1-5-21-3759429136-1646547072-1336200546-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{236921cf-bf26-11e6-9bc1-806e6f6e6963} => Schlüssel erfolgreich entfernt (removed)
HKLM\Software\Classes\CLSID\{236921cf-bf26-11e6-9bc1-806e6f6e6963} => Schlüssel nicht gefunden. (not found)
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden. (not found) 
HKLM\Software\Classes\CLSID\ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => Schlüssel nicht gefunden. (not found) 
HKLM\System\CurrentControlSet\Services\aspnet_state => Schlüssel erfolgreich entfernt (removed)
aspnet_state => Dienst erfolgreich entfernt (removed)
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 6053888 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9526590 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 26266 B
Edge => 15455397 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 818 B
NetworkService => 0 B
Thorsten => 214980885 B
Totte => 337671 B
 
RecycleBin => 0 B
EmptyTemp: => 235 MB temporäre Dateien entfernt.
 
================================
 
 
Das System musste neu gestartet werden.
 
==== Ende von Fixlog 11:59:04 ====


#8 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 24 June 2017 - 05:41 AM

# AdwCleaner v6.047 - Report created on 24/06/2017 at 12:34:34 # Updated on 19/05/2017 by Malwarebytes # Database: 2017-06-23.1 [Server] # Operating System: Windows 10 Home (X64) # Username: Totte - MIFCOM2013 # Started by: C: \ Users \ Thorsten \ Desktop \ sync \ Cleanup \ adwcleaner_6.047.exe # Mode: search # Support: https://www.malwarebytes.com/support ***** [Services] ***** No harmful services found. ***** [Folder] ***** No harmful folders found. ***** [files] ***** No malicious files found. ***** [DLL] ***** No infected DLLs found. ***** [WMI] ***** No harmful keys found. ***** [Connections] ***** No infected links found. ***** [Task Scheduling] ***** No harmful tasks found. ***** [Registration database] ***** No harmful items found in the registry database. ***** [ Web browser ] ***** No harmful elements found in Firefox based browsers. No harmful items found in Chrome based browsers. *************************** \ AdwCleaner \ AdwCleaner [S0] .txt - [1209 Bytes] - [24/06/2017 12:34:34] ########## EOF - \ AdwCleaner \ AdwCleaner [S0] .txt - [1280 Bytes] ##########



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 24 June 2017 - 09:22 AM

Thank you.

Was your friend able to run MiniToolBox?

How is the computer running?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 25 June 2017 - 07:29 AM

Computer is running normal
 
MiniToolBox by Farbar  Version: 17-06-2016
Ran by Totte (administrator) on 25-06-2017 at 12:56:53
Running from "C:\Users\Thorsten\Desktop\sync\Bereinigung"
Microsoft Windows 10 Home  (X64)
Model: MS-7816 Manufacturer: MSI
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows-IP-Konfiguration
 
Der DNS-Auflsungscache wurde geleert.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
FRITZ!WLAN USB Stick N v2 = WLAN (Connected)
TAP-Windows Adapter V9 = Ethernet 2 (Media disconnected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4-Konfiguration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet8" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WLAN" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VMware Network Adapter VMnet1" address=192.168.15.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.67.1 mask=255.255.255.0
 
 
popd
# Ende der IPv4-Konfiguration
 
 
 
Windows-IP-Konfiguration
 
   Hostname  . . . . . . . . . . . . : Mifcom2013
   Prim„res DNS-Suffix . . . . . . . : 
   Knotentyp . . . . . . . . . . . . : Hybrid
   IP-Routing aktiviert  . . . . . . : Nein
   WINS-Proxy aktiviert  . . . . . . : Nein
   DNS-Suffixsuchliste . . . . . . . : speedport.ip
 
Ethernet-Adapter Ethernet:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physische Adresse . . . . . . . . : D4-3D-7E-D8-AA-7D
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
 
Drahtlos-LAN-Adapter LAN-Verbindung* 9:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physische Adresse . . . . . . . . : 24-65-11-44-4E-E2
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
 
Ethernet-Adapter VMware Network Adapter VMnet1:
 
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physische Adresse . . . . . . . . : 00-50-56-C0-00-01
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::443a:ac3f:7155:47b3%8(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.15.1(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : 
   DHCPv6-IAID . . . . . . . . . . . : 50352214
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1F-DE-44-D3-D4-3D-7E-D8-AA-7D
   DNS-Server  . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert
 
Ethernet-Adapter VMware Network Adapter VMnet8:
 
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physische Adresse . . . . . . . . : 00-50-56-C0-00-08
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   Verbindungslokale IPv6-Adresse  . : fe80::c4dc:c8cf:7383:9824%15(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.67.1(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : 
   DHCPv6-IAID . . . . . . . . . . . : 184569942
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1F-DE-44-D3-D4-3D-7E-D8-AA-7D
   DNS-Server  . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert
 
Ethernet-Adapter Ethernet 2:
 
   Medienstatus. . . . . . . . . . . : Medium getrennt
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : TAP-Windows Adapter V9
   Physische Adresse . . . . . . . . : 00-FF-92-B8-2E-46
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
 
Drahtlos-LAN-Adapter WLAN:
 
   Verbindungsspezifisches DNS-Suffix: speedport.ip
   Beschreibung. . . . . . . . . . . : FRITZ!WLAN USB Stick N v2
   Physische Adresse . . . . . . . . : 24-65-11-44-4E-E3
   DHCP aktiviert. . . . . . . . . . : Ja
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2003:69:6d6d:7054:c029:b90e:2cc2:37b4(Bevorzugt) 
   Tempor„re IPv6-Adresse. . . . . . : 2003:69:6d6d:7054:b0c4:d7f3:6015:41b8(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::c029:b90e:2cc2:37b4%9(Bevorzugt) 
   IPv4-Adresse  . . . . . . . . . . : 192.168.2.102(Bevorzugt) 
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Lease erhalten. . . . . . . . . . : Sonntag, 25. Juni 2017 12:00:30
   Lease l„uft ab. . . . . . . . . . : Sonntag, 16. Juli 2017 12:00:49
   Standardgateway . . . . . . . . . : fe80::1%9
                                       192.168.2.1
   DHCP-Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6-IAID . . . . . . . . . . . : 354706705
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1F-DE-44-D3-D4-3D-7E-D8-AA-7D
   DNS-Server  . . . . . . . . . . . : fe80::1%9
                                       192.168.2.1
   NetBIOS ber TCP/IP . . . . . . . : Aktiviert
 
Tunneladapter Teredo Tunneling Pseudo-Interface:
 
   Verbindungsspezifisches DNS-Suffix: 
   Beschreibung. . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physische Adresse . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP aktiviert. . . . . . . . . . : Nein
   Autokonfiguration aktiviert . . . : Ja
   IPv6-Adresse. . . . . . . . . . . : 2001:0:9d38:78cf:3cb2:767:a87b:9366(Bevorzugt) 
   Verbindungslokale IPv6-Adresse  . : fe80::3cb2:767:a87b:9366%6(Bevorzugt) 
   Standardgateway . . . . . . . . . : 
   DHCPv6-IAID . . . . . . . . . . . : 637534208
   DHCPv6-Client-DUID. . . . . . . . : 00-01-00-01-1F-DE-44-D3-D4-3D-7E-D8-AA-7D
   NetBIOS ber TCP/IP . . . . . . . : Deaktiviert
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  fe80::1
 
Name:    google.com
Addresses:  2a00:1450:4001:81d::200e
 172.217.22.110
 
 
Ping wird ausgefhrt fr google.com [2a00:1450:4001:81d::200e] mit 32 Bytes Daten:
Zeitberschreitung der Anforderung.
Zeitberschreitung der Anforderung.
 
Ping-Statistik fr 2a00:1450:4001:81d::200e:
    Pakete: Gesendet = 2, Empfangen = 0, Verloren = 2
    (100% Verlust),
Server:  speedport.ip
Address:  fe80::1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.180.149
 206.190.36.45
 98.138.253.109
 
 
Ping wird ausgefhrt fr yahoo.com [2001:4998:58:c02::a9] mit 32 Bytes Daten:
Zeitberschreitung der Anforderung.
Zeitberschreitung der Anforderung.
 
Ping-Statistik fr 2001:4998:58:c02::a9:
    Pakete: Gesendet = 2, Empfangen = 0, Verloren = 2
    (100% Verlust),
 
Ping wird ausgefhrt fr 127.0.0.1 mit 32 Bytes Daten:
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
Antwort von 127.0.0.1: Bytes=32 Zeit<1ms TTL=128
 
Ping-Statistik fr 127.0.0.1:
    Pakete: Gesendet = 2, Empfangen = 2, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 0ms, Maximum = 0ms, Mittelwert = 0ms
===========================================================================
Schnittstellenliste
 11...d4 3d 7e d8 aa 7d ......Realtek PCIe GBE Family Controller
 16...24 65 11 44 4e e2 ......Microsoft Hosted Network Virtual Adapter
  8...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 15...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
 10...00 ff 92 b8 2e 46 ......TAP-Windows Adapter V9
  9...24 65 11 44 4e e3 ......FRITZ!WLAN USB Stick N v2
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
 
IPv4-Routentabelle
===========================================================================
Aktive Routen:
     Netzwerkziel    Netzwerkmaske          Gateway    Schnittstelle Metrik
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.102     50
        127.0.0.0        255.0.0.0   Auf Verbindung         127.0.0.1    331
        127.0.0.1  255.255.255.255   Auf Verbindung         127.0.0.1    331
  127.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
      192.168.2.0    255.255.255.0   Auf Verbindung     192.168.2.102    306
    192.168.2.102  255.255.255.255   Auf Verbindung     192.168.2.102    306
    192.168.2.255  255.255.255.255   Auf Verbindung     192.168.2.102    306
     192.168.15.0    255.255.255.0   Auf Verbindung      192.168.15.1    291
     192.168.15.1  255.255.255.255   Auf Verbindung      192.168.15.1    291
   192.168.15.255  255.255.255.255   Auf Verbindung      192.168.15.1    291
     192.168.67.0    255.255.255.0   Auf Verbindung      192.168.67.1    291
     192.168.67.1  255.255.255.255   Auf Verbindung      192.168.67.1    291
   192.168.67.255  255.255.255.255   Auf Verbindung      192.168.67.1    291
        224.0.0.0        240.0.0.0   Auf Verbindung         127.0.0.1    331
        224.0.0.0        240.0.0.0   Auf Verbindung      192.168.15.1    291
        224.0.0.0        240.0.0.0   Auf Verbindung      192.168.67.1    291
        224.0.0.0        240.0.0.0   Auf Verbindung     192.168.2.102    306
  255.255.255.255  255.255.255.255   Auf Verbindung         127.0.0.1    331
  255.255.255.255  255.255.255.255   Auf Verbindung      192.168.15.1    291
  255.255.255.255  255.255.255.255   Auf Verbindung      192.168.67.1    291
  255.255.255.255  255.255.255.255   Auf Verbindung     192.168.2.102    306
===========================================================================
St„ndige Routen:
  Keine
 
IPv6-Routentabelle
===========================================================================
Aktive Routen:
 If Metrik Netzwerkziel             Gateway
  9     66 ::/0                     fe80::1
  1    331 ::1/128                  Auf Verbindung
  6    331 2001::/32                Auf Verbindung
  6    331 2001:0:9d38:78cf:3cb2:767:a87b:9366/128
                                    Auf Verbindung
  9     66 2003:69:6d6d:7054::/64   Auf Verbindung
  9    306 2003:69:6d6d:7054:b0c4:d7f3:6015:41b8/128
                                    Auf Verbindung
  9    306 2003:69:6d6d:7054:c029:b90e:2cc2:37b4/128
                                    Auf Verbindung
  8    291 fe80::/64                Auf Verbindung
 15    291 fe80::/64                Auf Verbindung
  9    306 fe80::/64                Auf Verbindung
  6    331 fe80::/64                Auf Verbindung
  6    331 fe80::3cb2:767:a87b:9366/128
                                    Auf Verbindung
  8    291 fe80::443a:ac3f:7155:47b3/128
                                    Auf Verbindung
  9    306 fe80::c029:b90e:2cc2:37b4/128
                                    Auf Verbindung
 15    291 fe80::c4dc:c8cf:7383:9824/128
                                    Auf Verbindung
  1    331 ff00::/8                 Auf Verbindung
  8    291 ff00::/8                 Auf Verbindung
 15    291 ff00::/8                 Auf Verbindung
  9    306 ff00::/8                 Auf Verbindung
  6    331 ff00::/8                 Auf Verbindung
===========================================================================
St„ndige Routen:
  Keine
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 \Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 \Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 \Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 \Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 \Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 \Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
 
**** End of log ****

Edited by Cookie97, 25 June 2017 - 07:52 AM.


#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 25 June 2017 - 08:44 AM

Thank you.

By running normal does that mean the slow Internet issue is gone?

Please do this.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Review the list of entries and if there are any you want to keep stop and copy/paste the ESET.txt report in your reply for my review
  • If you do not wish to keep any of the entries check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running? Internet connection normal?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 26 June 2017 - 10:44 AM

Hi Oh My!
computer and internet is running nomal
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27d28c035cedb9489b6498b1173f39a9
# end=init
# utc_time=2017-06-25 08:15:46
# local_time=2017-06-25 10:15:46 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 33841
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27d28c035cedb9489b6498b1173f39a9
# end=updated
# utc_time=2017-06-25 08:28:32
# local_time=2017-06-25 10:28:32 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=27d28c035cedb9489b6498b1173f39a9
# engine=33841
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2017-06-25 09:47:56
# local_time=2017-06-25 11:47:56 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1313 16777213 100 100 42500 31361410 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 477953 8560272 0 0
# scanned=457225
# found=0
# cleaned=0
# scan_time=4763
 
 

Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Kaspersky Internet Security   
Windows Defender              
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
````````Process Check: objlist.exe by Laurent````````  
 ESET ESET Online Scanner OnlineScannerApp.exe  
 ESET ESET Online Scanner OnlineCmdLineScanner.exe  
 Kaspersky Lab Kaspersky Internet Security 17.0.0 avp.exe  
 Kaspersky Lab Kaspersky Internet Security 17.0.0 avpui.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 26 June 2017 - 11:36 AM

That looks fantastic.

Any other issues or questions before I post some closing instructions and information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Cookie97

Cookie97
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:05 PM

Posted 26 June 2017 - 02:28 PM

No all right. Very thanks for you Help :-)

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:05 PM

Posted 26 June 2017 - 05:12 PM

Very good.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and we will now remove the tools used and logs created during our steps. Please do this.

===================================================

Delfix by Xplode

--------------------
  • Download Delfix and save it to your Desktop
  • Double click the icon
  • Place checkmarks in:

Remove disinfection tools
Create registry backup
Purge system restore

  • Click Run
===================================================

You may delete any additional programs or logs on your computer which were not automatically removed by Delfix. Simply delete the log files or desktop icons. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users