Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: RAT Trojaner?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.10.2016, 13:38   #1
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



Hallo!

Heute hat sich mir während der PC Nutzung die Maus bewegt, ein neues Chrome Fenster geöffnet und jemand wollte mir pazpal öffnen. Gut, dass ich ein deutsches Keyboard Layout habe und es mir ein paar Sekunden gegeben hat noch das Netzwerkkabel zu ziehen und den PC runterzufahren. Malwarebytes hat nichts gefunden, jedoch Avira (ja ich weiß, ich wollte nur schnell etwas machen).

Code:
ATTFilter
Free Antivirus
Report file date: Thursday, October 27, 2016  12:21


The program is running as an unrestricted full version.
Online services are available.

Licensee        : Free
Serial number   : 0000149996-AVHOE-0000001
Platform        : Windows 10 Education
Windows version : (plain)  [10.0.14393]
Boot mode       : Normally booted
Username        : Gregor
Computer name   : DESKTOP-5EGOQLI

Version information:
build.dat       : 15.0.23.58     92766 Bytes  17/10/2016 12:18:00
AVSCAN.EXE      : 15.0.23.58   1483560 Bytes  17/10/2016 11:18:31
AVSCANRC.DLL    : 15.0.23.48     54456 Bytes  17/10/2016 11:18:31
LUKE.DLL        : 15.0.23.58     80224 Bytes  17/10/2016 11:18:33
AVSCPLR.DLL     : 15.0.23.58    144560 Bytes  17/10/2016 11:18:31
REPAIR.DLL      : 15.0.23.58    687424 Bytes  17/10/2016 11:18:30
repair.rdf      : 1.0.21.14    1799772 Bytes  27/10/2016 11:15:40
AVREG.DLL       : 15.0.23.58    427864 Bytes  17/10/2016 11:18:30
avlode.dll      : 15.0.23.58    786256 Bytes  17/10/2016 11:18:30
avlode.rdf      : 14.0.5.62     142475 Bytes  27/10/2016 11:15:40
XBV00006.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00007.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00008.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00009.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00010.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00011.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00012.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00013.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00014.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00015.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00016.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00017.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00018.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00019.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00020.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00021.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00022.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00023.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00024.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00025.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00026.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00027.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00028.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00029.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00030.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00031.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00032.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00033.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00034.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00035.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00036.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00037.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00038.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00039.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00040.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00041.VDF    : 8.12.107.34     2048 Bytes  27/07/2016 11:18:34
XBV00166.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00167.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00168.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00169.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00170.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00171.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00172.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00173.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:34
XBV00174.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00175.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00176.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00177.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00178.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00179.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00180.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00181.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00182.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00183.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00184.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00185.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00186.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00187.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00188.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00189.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00190.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00191.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00192.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00193.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00194.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00195.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00196.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00197.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00198.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00199.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00200.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00201.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00202.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00203.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00204.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00205.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00206.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00207.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00208.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00209.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00210.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00211.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00212.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00213.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00214.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00215.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00216.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00217.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00218.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00219.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00220.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00221.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00222.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00223.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00224.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00225.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00226.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00227.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00228.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00229.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00230.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00231.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00232.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00233.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00234.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00235.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00236.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00237.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00238.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00239.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00240.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00241.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00242.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00243.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00244.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00245.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00246.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00247.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00248.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00249.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00250.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00251.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00252.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00253.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00254.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00255.VDF    : 8.12.125.14     2048 Bytes  11/10/2016 11:18:35
XBV00000.VDF    : 7.11.70.0   66736640 Bytes  04/04/2013 11:18:34
XBV00001.VDF    : 7.11.237.0  48041984 Bytes  02/06/2015 11:18:34
XBV00002.VDF    : 7.12.106.228 44941312 Bytes  27/07/2016 11:18:34
XBV00003.VDF    : 8.12.113.174  5299200 Bytes  22/08/2016 11:18:34
XBV00004.VDF    : 8.12.118.140  3998720 Bytes  15/09/2016 11:18:34
XBV00005.VDF    : 8.12.125.14  6024704 Bytes  11/10/2016 11:18:34
XBV00042.VDF    : 8.12.125.16    10240 Bytes  11/10/2016 11:18:34
XBV00043.VDF    : 8.12.125.18    21504 Bytes  11/10/2016 11:18:34
XBV00044.VDF    : 8.12.125.20    14336 Bytes  11/10/2016 11:18:34
XBV00045.VDF    : 8.12.125.24   112640 Bytes  12/10/2016 11:18:34
XBV00046.VDF    : 8.12.125.26    18432 Bytes  12/10/2016 11:18:34
XBV00047.VDF    : 8.12.125.28     2048 Bytes  12/10/2016 11:18:34
XBV00048.VDF    : 8.12.125.30    22528 Bytes  12/10/2016 11:18:34
XBV00049.VDF    : 8.12.125.46    13824 Bytes  12/10/2016 11:18:34
XBV00050.VDF    : 8.12.125.48     2048 Bytes  12/10/2016 11:18:34
XBV00051.VDF    : 8.12.125.66    51712 Bytes  12/10/2016 11:18:34
XBV00052.VDF    : 8.12.125.82    22016 Bytes  12/10/2016 11:18:34
XBV00053.VDF    : 8.12.125.100   114176 Bytes  13/10/2016 11:18:34
XBV00054.VDF    : 8.12.125.102    25600 Bytes  13/10/2016 11:18:34
XBV00055.VDF    : 8.12.125.104    10752 Bytes  13/10/2016 11:18:34
XBV00056.VDF    : 8.12.125.106     2048 Bytes  13/10/2016 11:18:34
XBV00057.VDF    : 8.12.125.110   111104 Bytes  13/10/2016 11:18:34
XBV00058.VDF    : 8.12.125.126     9728 Bytes  13/10/2016 11:18:34
XBV00059.VDF    : 8.12.125.140     9728 Bytes  13/10/2016 11:18:34
XBV00060.VDF    : 8.12.125.154    12800 Bytes  13/10/2016 11:18:34
XBV00061.VDF    : 8.12.125.168    19968 Bytes  13/10/2016 11:18:34
XBV00062.VDF    : 8.12.125.172    95232 Bytes  14/10/2016 11:18:34
XBV00063.VDF    : 8.12.125.174    30720 Bytes  14/10/2016 11:18:34
XBV00064.VDF    : 8.12.125.176    18432 Bytes  14/10/2016 11:18:34
XBV00065.VDF    : 8.12.125.178    11776 Bytes  14/10/2016 11:18:34
XBV00066.VDF    : 8.12.125.180    13312 Bytes  14/10/2016 11:18:34
XBV00067.VDF    : 8.12.125.184    86528 Bytes  14/10/2016 11:18:34
XBV00068.VDF    : 8.12.125.210    10752 Bytes  14/10/2016 11:18:34
XBV00069.VDF    : 8.12.125.224    20992 Bytes  14/10/2016 11:18:34
XBV00070.VDF    : 8.12.125.238    16384 Bytes  14/10/2016 11:18:34
XBV00071.VDF    : 8.12.125.252    16384 Bytes  14/10/2016 11:18:34
XBV00072.VDF    : 8.12.126.0    105472 Bytes  15/10/2016 11:18:34
XBV00073.VDF    : 8.12.126.2     17920 Bytes  15/10/2016 11:18:34
XBV00074.VDF    : 8.12.126.4      2048 Bytes  15/10/2016 11:18:34
XBV00075.VDF    : 8.12.126.6     16384 Bytes  15/10/2016 11:18:34
XBV00076.VDF    : 8.12.126.8     15360 Bytes  15/10/2016 11:18:34
XBV00077.VDF    : 8.12.126.12   202752 Bytes  16/10/2016 11:18:34
XBV00078.VDF    : 8.12.126.14     2048 Bytes  16/10/2016 11:18:34
XBV00079.VDF    : 8.12.126.26    29696 Bytes  16/10/2016 11:18:34
XBV00080.VDF    : 8.12.126.38    15872 Bytes  16/10/2016 11:18:34
XBV00081.VDF    : 8.12.126.50    15872 Bytes  16/10/2016 11:18:34
XBV00082.VDF    : 8.12.126.64   171520 Bytes  17/10/2016 11:15:33
XBV00083.VDF    : 8.12.126.66     2048 Bytes  17/10/2016 11:15:33
XBV00084.VDF    : 8.12.126.68    15360 Bytes  17/10/2016 11:15:33
XBV00085.VDF    : 8.12.126.70    18432 Bytes  17/10/2016 11:15:33
XBV00086.VDF    : 8.12.126.72    22528 Bytes  17/10/2016 11:15:33
XBV00087.VDF    : 8.12.126.76   114176 Bytes  17/10/2016 11:15:33
XBV00088.VDF    : 8.12.126.80    10752 Bytes  17/10/2016 11:15:33
XBV00089.VDF    : 8.12.126.82    12800 Bytes  17/10/2016 11:15:33
XBV00090.VDF    : 8.12.126.84    13824 Bytes  17/10/2016 11:15:33
XBV00091.VDF    : 8.12.126.88   109568 Bytes  18/10/2016 11:15:33
XBV00092.VDF    : 8.12.126.100     2048 Bytes  18/10/2016 11:15:33
XBV00093.VDF    : 8.12.126.110    19968 Bytes  18/10/2016 11:15:33
XBV00094.VDF    : 8.12.126.120    11264 Bytes  18/10/2016 11:15:33
XBV00095.VDF    : 8.12.126.130    12800 Bytes  18/10/2016 11:15:33
XBV00096.VDF    : 8.12.126.132    13824 Bytes  18/10/2016 11:15:33
XBV00097.VDF    : 8.12.126.134    31232 Bytes  18/10/2016 11:15:33
XBV00098.VDF    : 8.12.126.136    56320 Bytes  18/10/2016 11:15:33
XBV00099.VDF    : 8.12.126.138     2048 Bytes  18/10/2016 11:15:33
XBV00100.VDF    : 8.12.126.140    22016 Bytes  18/10/2016 11:15:34
XBV00101.VDF    : 8.12.126.142    13824 Bytes  18/10/2016 11:15:34
XBV00102.VDF    : 8.12.126.144    31744 Bytes  18/10/2016 11:15:34
XBV00103.VDF    : 8.12.126.146    45056 Bytes  19/10/2016 11:15:34
XBV00104.VDF    : 8.12.126.148     2048 Bytes  19/10/2016 11:15:34
XBV00105.VDF    : 8.12.126.150    17920 Bytes  19/10/2016 11:15:34
XBV00106.VDF    : 8.12.126.152    11776 Bytes  19/10/2016 11:15:34
XBV00107.VDF    : 8.12.126.170    14336 Bytes  19/10/2016 11:15:34
XBV00108.VDF    : 8.12.126.190     2048 Bytes  19/10/2016 11:15:34
XBV00109.VDF    : 8.12.126.208     2560 Bytes  19/10/2016 11:15:34
XBV00110.VDF    : 8.12.126.226    60928 Bytes  19/10/2016 11:15:34
XBV00111.VDF    : 8.12.126.244    24576 Bytes  19/10/2016 11:15:34
XBV00112.VDF    : 8.12.127.6     14848 Bytes  19/10/2016 11:15:34
XBV00113.VDF    : 8.12.127.24    11264 Bytes  19/10/2016 11:15:34
XBV00114.VDF    : 8.12.127.42    13312 Bytes  19/10/2016 11:15:34
XBV00115.VDF    : 8.12.127.60    11776 Bytes  19/10/2016 11:15:34
XBV00116.VDF    : 8.12.127.78     2048 Bytes  19/10/2016 11:15:34
XBV00117.VDF    : 8.12.127.98   105984 Bytes  20/10/2016 11:15:34
XBV00118.VDF    : 8.12.127.100    26624 Bytes  20/10/2016 11:15:34
XBV00119.VDF    : 8.12.127.118     2048 Bytes  20/10/2016 11:15:34
XBV00120.VDF    : 8.12.127.136    29184 Bytes  20/10/2016 11:15:34
XBV00121.VDF    : 8.12.127.154    14336 Bytes  20/10/2016 11:15:34
XBV00122.VDF    : 8.12.127.206   125952 Bytes  20/10/2016 11:15:34
XBV00123.VDF    : 8.12.127.224     2048 Bytes  20/10/2016 11:15:34
XBV00124.VDF    : 8.12.127.242     2048 Bytes  20/10/2016 11:15:34
XBV00125.VDF    : 8.12.128.4     35840 Bytes  20/10/2016 11:15:35
XBV00126.VDF    : 8.12.128.22    12800 Bytes  20/10/2016 11:15:35
XBV00127.VDF    : 8.12.128.42    84480 Bytes  21/10/2016 11:15:35
XBV00128.VDF    : 8.12.128.60    25600 Bytes  21/10/2016 11:15:35
XBV00129.VDF    : 8.12.128.78     4608 Bytes  21/10/2016 11:15:35
XBV00130.VDF    : 8.12.128.96    35840 Bytes  21/10/2016 11:15:35
XBV00131.VDF    : 8.12.128.132   183296 Bytes  21/10/2016 11:15:36
XBV00132.VDF    : 8.12.128.150     2048 Bytes  21/10/2016 11:15:36
XBV00133.VDF    : 8.12.128.152     2048 Bytes  21/10/2016 11:15:36
XBV00134.VDF    : 8.12.128.170    32256 Bytes  21/10/2016 11:15:36
XBV00135.VDF    : 8.12.128.188    18944 Bytes  21/10/2016 11:15:36
XBV00136.VDF    : 8.12.128.210   100864 Bytes  22/10/2016 11:15:36
XBV00137.VDF    : 8.12.128.242    58368 Bytes  22/10/2016 11:15:36
XBV00138.VDF    : 8.12.129.4     24064 Bytes  22/10/2016 11:15:36
XBV00139.VDF    : 8.12.129.22   125952 Bytes  23/10/2016 11:15:36
XBV00140.VDF    : 8.12.129.40     2048 Bytes  23/10/2016 11:15:36
XBV00141.VDF    : 8.12.129.58    23040 Bytes  23/10/2016 11:15:36
XBV00142.VDF    : 8.12.129.76    13312 Bytes  23/10/2016 11:15:36
XBV00143.VDF    : 8.12.129.94    90112 Bytes  24/10/2016 11:15:36
XBV00144.VDF    : 8.12.129.110    16896 Bytes  24/10/2016 11:15:36
XBV00145.VDF    : 8.12.129.124    12288 Bytes  24/10/2016 11:15:36
XBV00146.VDF    : 8.12.129.140    60928 Bytes  24/10/2016 11:15:36
XBV00147.VDF    : 8.12.129.154     2048 Bytes  24/10/2016 11:15:36
XBV00148.VDF    : 8.12.129.156     2048 Bytes  24/10/2016 11:15:36
XBV00149.VDF    : 8.12.129.158    18944 Bytes  24/10/2016 11:15:36
XBV00150.VDF    : 8.12.129.160    13312 Bytes  24/10/2016 11:15:36
XBV00151.VDF    : 8.12.129.166    58880 Bytes  25/10/2016 11:15:36
XBV00152.VDF    : 8.12.129.168    45056 Bytes  25/10/2016 11:15:36
XBV00153.VDF    : 8.12.129.170    27648 Bytes  25/10/2016 11:15:36
XBV00154.VDF    : 8.12.129.188    88576 Bytes  25/10/2016 11:15:36
XBV00155.VDF    : 8.12.129.202    22528 Bytes  25/10/2016 11:15:36
XBV00156.VDF    : 8.12.129.216    17920 Bytes  25/10/2016 11:15:36
XBV00157.VDF    : 8.12.129.244    99840 Bytes  26/10/2016 11:15:36
XBV00158.VDF    : 8.12.130.2      2048 Bytes  26/10/2016 11:15:36
XBV00159.VDF    : 8.12.130.16    22528 Bytes  26/10/2016 11:15:36
XBV00160.VDF    : 8.12.130.30    48128 Bytes  26/10/2016 11:15:36
XBV00161.VDF    : 8.12.130.46    30720 Bytes  26/10/2016 11:15:36
XBV00162.VDF    : 8.12.130.58    97280 Bytes  26/10/2016 11:15:37
XBV00163.VDF    : 8.12.130.82   135168 Bytes  27/10/2016 11:15:37
XBV00164.VDF    : 8.12.130.94     2048 Bytes  27/10/2016 11:15:37
XBV00165.VDF    : 8.12.130.116    19456 Bytes  27/10/2016 11:15:37
LOCAL001.VDF    : 8.12.130.116 182472192 Bytes  27/10/2016 11:15:56
Engine version  : 8.3.42.28 
AEBB.DLL        : 8.1.3.0        59296 Bytes  17/10/2016 11:18:29
AECORE.DLL      : 8.3.12.4      247720 Bytes  17/10/2016 11:18:29
AECRYPTO.DLL    : 8.2.1.0       129904 Bytes  17/10/2016 11:18:29
AEDROID.DLL     : 8.4.3.384    2726768 Bytes  27/10/2016 11:15:39
AEEMU.DLL       : 8.1.3.8       404328 Bytes  17/10/2016 11:18:29
AEEXP.DLL       : 8.4.3.2       325536 Bytes  27/10/2016 11:15:38
AEGEN.DLL       : 8.1.8.216     609136 Bytes  27/10/2016 11:15:37
AEHELP.DLL      : 8.3.2.10      284584 Bytes  17/10/2016 11:18:29
AEHEUR.DLL      : 8.1.4.2544  10532776 Bytes  27/10/2016 11:15:38
AELIBINF.DLL    : 8.2.1.4        68464 Bytes  17/10/2016 11:18:29
AEMOBILE.DLL    : 8.1.18.0      346024 Bytes  27/10/2016 11:15:39
AEOFFICE.DLL    : 8.3.6.50      538536 Bytes  27/10/2016 11:15:38
AEPACK.DLL      : 8.4.2.22      805744 Bytes  17/10/2016 11:18:29
AERDL.DLL       : 8.2.1.46      812960 Bytes  17/10/2016 11:18:29
AESBX.DLL       : 8.2.22.4     1633128 Bytes  17/10/2016 11:18:29
AESCN.DLL       : 8.3.4.6       141216 Bytes  17/10/2016 11:18:29
AESCRIPT.DLL    : 8.3.1.16      707440 Bytes  27/10/2016 11:15:38
AEVDF.DLL       : 8.3.3.4       142184 Bytes  17/10/2016 11:18:29
AVWINLL.DLL     : 15.0.23.48     29200 Bytes  17/10/2016 11:18:31
AVPREF.DLL      : 15.0.23.48     55456 Bytes  17/10/2016 11:18:30
AVREP.DLL       : 15.0.23.48    223400 Bytes  17/10/2016 11:18:30
AVARKT.DLL      : 15.0.23.48    229032 Bytes  17/10/2016 11:18:29
SQLITE3.DLL     : 15.0.23.48    459752 Bytes  17/10/2016 11:18:34
AVSMTP.DLL      : 15.0.23.48     80200 Bytes  17/10/2016 11:18:31
NETNT.DLL       : 15.0.23.48     16880 Bytes  17/10/2016 11:18:33
CommonImageRc.dll: 15.0.23.48   4099760 Bytes  17/10/2016 11:18:33
CommonTextRc.dll: 15.0.23.48     70400 Bytes  17/10/2016 11:18:33

Configuration settings for the scan:
Jobname.............................: Full scan
Configuration file..................: C:\Program Files (x86)\Avira\Antivirus\sysscan.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, F:, K:, 
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Skipped files.......................: 

Start of the scan: Thursday, October 27, 2016  12:21

Start scanning boot sectors:
Boot sector 'HDD2(C:, K:)'
    [INFO]      No virus was found!
Boot sector 'HDD1(D:)'
    [INFO]      No virus was found!
Boot sector 'HDD0(F:)'
    [INFO]      No virus was found!

Starting search for hidden objects.

The scan of running processes will be started:
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'dwm.exe' - '64' Module(s) have been scanned
Scan process 'svchost.exe' - '233' Module(s) have been scanned
Scan process 'svchost.exe' - '88' Module(s) have been scanned
Scan process 'svchost.exe' - '76' Module(s) have been scanned
Scan process 'svchost.exe' - '84' Module(s) have been scanned
Scan process 'svchost.exe' - '92' Module(s) have been scanned
Scan process 'svchost.exe' - '77' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '35' Module(s) have been scanned
Scan process 'spoolsv.exe' - '79' Module(s) have been scanned
Scan process 'svchost.exe' - '94' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '63' Module(s) have been scanned
Scan process 'OfficeClickToRun.exe' - '102' Module(s) have been scanned
Scan process 'nvwirelesscontroller.exe' - '37' Module(s) have been scanned
Scan process 'DbxSvc.exe' - '27' Module(s) have been scanned
Scan process 'NVDisplay.Container.exe' - '43' Module(s) have been scanned
Scan process 'RzSDKService.exe' - '36' Module(s) have been scanned
Scan process 'GameScannerService.exe' - '74' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '33' Module(s) have been scanned
Scan process 'nvcontainer.exe' - '81' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'nvxdsync.exe' - '66' Module(s) have been scanned
Scan process 'sihost.exe' - '75' Module(s) have been scanned
Scan process 'svchost.exe' - '121' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '58' Module(s) have been scanned
Scan process 'taskhostw.exe' - '65' Module(s) have been scanned
Scan process 'DropboxUpdate.exe' - '54' Module(s) have been scanned
Scan process 'RuntimeBroker.exe' - '100' Module(s) have been scanned
Scan process 'Explorer.EXE' - '265' Module(s) have been scanned
Scan process 'nvcontainer.exe' - '74' Module(s) have been scanned
Scan process 'ShellExperienceHost.exe' - '120' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '55' Module(s) have been scanned
Scan process 'SkypeHost.exe' - '153' Module(s) have been scanned
Scan process 'NVIDIA Web Helper.exe' - '95' Module(s) have been scanned
Scan process 'conhost.exe' - '29' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '66' Module(s) have been scanned
Scan process 'svchost.exe' - '44' Module(s) have been scanned
Scan process 'nvtray.exe' - '51' Module(s) have been scanned
Scan process 'SettingSyncHost.exe' - '82' Module(s) have been scanned
Scan process 'smartscreen.exe' - '86' Module(s) have been scanned
Scan process 'MSASCuiL.exe' - '48' Module(s) have been scanned
Scan process 'RtkNGUI64.exe' - '57' Module(s) have been scanned
Scan process 'Greenshot.exe' - '75' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '71' Module(s) have been scanned
Scan process 'OneDrive.exe' - '128' Module(s) have been scanned
Scan process 'Steam.exe' - '133' Module(s) have been scanned
Scan process 'chrome.exe' - '124' Module(s) have been scanned
Scan process 'chrome.exe' - '40' Module(s) have been scanned
Scan process 'iPodService.exe' - '32' Module(s) have been scanned
Scan process 'nvspcaps64.exe' - '74' Module(s) have been scanned
Scan process 'chrome.exe' - '76' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'chrome.exe' - '55' Module(s) have been scanned
Scan process 'NVIDIA Share.exe' - '90' Module(s) have been scanned
Scan process 'steamwebhelper.exe' - '76' Module(s) have been scanned
Scan process 'NVIDIA Share.exe' - '65' Module(s) have been scanned
Scan process 'SteamService.exe' - '56' Module(s) have been scanned
Scan process 'Discord.exe' - '120' Module(s) have been scanned
Scan process 'Discord.exe' - '78' Module(s) have been scanned
Scan process 'AUDIODG.EXE' - '44' Module(s) have been scanned
Scan process 'hostex.exe' - '74' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '44' Module(s) have been scanned
Scan process 'RzSynapse.exe' - '159' Module(s) have been scanned
Scan process 'Discord.exe' - '74' Module(s) have been scanned
Scan process 'Dropbox.exe' - '214' Module(s) have been scanned
Scan process 'fontdrvhost.exe' - '10' Module(s) have been scanned
Scan process 'Agile1pAgent.exe' - '65' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '35' Module(s) have been scanned
Scan process 'DllHost.exe' - '30' Module(s) have been scanned
Scan process 'SearchUI.exe' - '139' Module(s) have been scanned
Scan process 'Avira.ServiceHost.exe' - '117' Module(s) have been scanned
Scan process 'Avira.Systray.exe' - '149' Module(s) have been scanned
Scan process 'ApplicationFrameHost.exe' - '51' Module(s) have been scanned
Scan process 'MSASCui.exe' - '55' Module(s) have been scanned
Scan process 'avguard.exe' - '131' Module(s) have been scanned
Scan process 'avshadow.exe' - '45' Module(s) have been scanned
Scan process 'sched.exe' - '83' Module(s) have been scanned
Scan process 'avgnt.exe' - '91' Module(s) have been scanned
Scan process 'Avira.SystemSpeedup.SpeedupService.exe' - '110' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'Avira.VpnService.exe' - '86' Module(s) have been scanned
Scan process 'avcenter.exe' - '130' Module(s) have been scanned
Scan process 'avscan.exe' - '79' Module(s) have been scanned
Scan process 'avscan.exe' - '119' Module(s) have been scanned
Scan process 'vssvc.exe' - '37' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '36' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '23' Module(s) have been scanned
Scan process 'winlogon.exe' - '38' Module(s) have been scanned
Scan process 'lsass.exe' - '100' Module(s) have been scanned

Starting to scan executable files (registry):
The registry was scanned ( '2075' files ).


Starting the file scan:

Begin scan in 'C:\'
    [0] Archive type: Runtime Packed
    --> C:\Users\Gregor\cheavy.7z
        [1] Archive type: 7-Zip
      --> Maintrance/start.exe
          [DETECTION] Is the TR/ATRAPS.vqpab Trojan
          [WARNING]   Infected files in archives cannot be repaired
C:\Users\Gregor\cheavy.7z
  [DETECTION] Is the TR/ATRAPS.vqpab Trojan
Begin scan in 'D:\' <Games>
Begin scan in 'F:\' <Data Dump>
Begin scan in 'K:\' <Windows 7>
K:\hiberfil.sys
  [WARNING]   The file could not be opened!

Beginning disinfection:
C:\Users\Gregor\cheavy.7z
  [DETECTION] Is the TR/ATRAPS.vqpab Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '385e49a8.qua'!


End of the scan: Thursday, October 27, 2016  13:19
Used time: 58:02 Minute(s)

The scan has been done completely.

  81635 Scanned directories
 3180533 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 3180530 Files not concerned
  21678 Archives were scanned
      2 Warnings
      1 Notes
 338306 Objects were scanned with rootkit scan
      0 Hidden objects were found
         
Malwarebytes
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 10/27/2016
Scan Time: 1:31 PM
Logfile: AMB.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.27.05
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Gregor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345893
Time Elapsed: 3 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
FRST

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 10/27/2016
Scan Time: 1:31 PM
Logfile: AMB.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.10.27.05
Rootkit Database: v2016.09.26.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Gregor

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345893
Time Elapsed: 3 min, 56 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
         
Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Gregor (27-10-2016 13:28:44)
Running from C:\Users\Gregor\Downloads
Windows 10 Education Version 1607 (X64) (2016-08-17 17:53:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2517125553-2289925176-1808856583-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2517125553-2289925176-1808856583-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2517125553-2289925176-1808856583-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gregor (S-1-5-21-2517125553-2289925176-1808856583-1001 - Administrator - Enabled) => C:\Users\Gregor
Guest (S-1-5-21-2517125553-2289925176-1808856583-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password 4.6.1.616 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
Ansel (Version: 375.63 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{772ed258-65d1-4d57-ac70-7087049d1576}) (Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG) Hidden
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 1.8.1.23778 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 2.7.0.3165 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Discord (HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1013 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2517125553-2289925176-1808856583-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F98804-A75C-4093-9750-EF2A7FBD788D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {06DE5636-578C-4B5D-84EF-43A7405ED7AF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {090E1755-0113-4D39-AA52-00EEB9470606} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {2C0BCEDB-0A12-4597-BECC-32DC3AED8CF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {3AB50A2B-30FE-4FC3-BDF5-990F0C050A99} - System32\Tasks\Avira System Speedup Tray => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe [2016-10-18] (Avira Operations GmbH & Co. KG)
Task: {45B2E87D-AC76-4118-8441-A7649CCE26B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {4FD5D09D-44AA-4FDA-8C10-84A406A5B4A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation)
Task: {559A9E96-30B7-4764-9E3E-E27D85644192} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-17] (Dropbox, Inc.)
Task: {673C1216-417F-49DC-961F-7C504A5A4295} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {7FE723A8-BF74-421F-BE62-F982DFED213F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {9DD81C87-F465-4FC9-8D61-28C1D9217089} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-17] (Dropbox, Inc.)
Task: {9F8096A3-0AF0-4632-9213-851944A474B6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {A94DA948-87EC-4CCE-98C2-A30348AEAFD5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {CC96FB80-21E9-4A88-AB14-2F23A10D7155} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {EAA58ED6-1873-4D31-B9AA-9BF1ADEA884D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {EBAFBB26-F8E1-4171-9C3E-3CF46C9C878C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00039424 _____ () C:\Windows\SYSTEM32\efsext.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-24 23:20 - 2016-09-24 23:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-10-14 11:15 - 2016-09-30 05:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-08-17 18:57 - 2016-10-22 07:04 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-18 18:55 - 2016-08-18 18:55 - 01864384 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00130048 _____ () C:\Windows\SYSTEM32\CHARTV.dll
2016-09-22 08:31 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 13:19 - 2016-10-20 13:19 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00110592 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2016-10-26 17:53 - 2016-10-20 09:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-26 17:53 - 2016-10-20 09:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00181760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00040960 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2016-08-28 22:24 - 2016-08-28 22:24 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-10-14 11:15 - 2016-09-30 05:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-14 11:15 - 2016-09-29 18:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-14 11:15 - 2016-09-29 18:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-08-18 18:55 - 2016-08-18 18:55 - 01383616 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-18 18:55 - 2016-08-18 18:55 - 00118976 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-17 19:26 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-17 19:26 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-17 19:26 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-17 19:26 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 60819000 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-10-15 10:19 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-08-28 22:20 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-28 22:20 - 2016-08-28 22:20 - 01050296 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-28 22:20 - 2016-08-28 22:20 - 03793080 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-28 22:20 - 2016-08-28 22:20 - 00894136 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-28 22:20 - 2016-08-28 22:20 - 01119416 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-28 22:20 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-28 22:20 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-20 07:33 - 2016-10-20 07:33 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-10-27 12:11 - 2016-10-27 12:11 - 00170496 _____ () \\?\C:\Users\Gregor\AppData\Local\Temp\955A.tmp.node
2016-08-28 22:20 - 2016-10-14 11:13 - 02658304 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-22 08:28 - 2016-10-14 11:13 - 02147328 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node
2016-08-17 20:06 - 2016-09-22 02:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-13 20:53 - 2016-09-22 02:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-17 20:06 - 2016-09-22 02:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-17 20:06 - 2016-09-22 02:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-17 20:06 - 2016-09-22 02:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-13 20:53 - 2016-09-22 02:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-13 20:53 - 2016-09-22 02:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-13 20:53 - 2016-10-10 19:35 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-10-13 20:53 - 2016-10-10 19:30 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-10-13 20:53 - 2016-10-10 19:35 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-13 20:53 - 2016-10-10 19:35 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-13 20:53 - 2016-09-22 02:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-13 20:53 - 2016-09-22 02:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-17 20:06 - 2016-09-22 02:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-17 22:36 - 2016-03-17 17:04 - 00376832 _____ () C:\Program Files (x86)\1Password 4\js3215R.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B06E59C-6DD2-4277-AB18-72864D5B1255}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8BA341C7-8C12-435C-8CF5-32C64DFE0994}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA935703-281B-447B-B275-375C3C479800}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A82B8021-D5F9-4ADC-A069-379BAE3CA65D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4711E74F-5508-4F4F-BABF-1A6DA2A6CD19}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{31186C5F-B602-43F2-902A-4FBE7039F5C8}] => (Allow) D:\SteamLibrary\steamapps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{B9C6195C-36CA-4814-AF65-158195D9C6F8}] => (Allow) D:\SteamLibrary\steamapps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{70C5E0D4-ADB4-42AC-BFBE-83918188E883}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{512CA846-0E9C-4B6B-ADC5-D345A51421F4}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{4BABCD7C-A615-4930-AD59-B21109B0F334}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C92D1568-8768-4739-8003-C704AC317B18}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{64112DFA-008A-48EF-ACE6-586559D1A500}] => (Allow) D:\SteamLibrary\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{832AC24B-7745-4507-AF5C-7165E774888C}] => (Allow) D:\SteamLibrary\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{CFFBF928-930A-4DBE-BBEC-483512B6884D}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{23CA234B-5FCF-4848-92A8-655A088F6646}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{DC1CAD8D-FBB1-4D26-A7AF-9E4F2EAB008C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D475E5CB-DBD9-42FD-82EB-063067B69AF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{713E1470-9694-4C06-A984-38F7CE9340BC}D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{2FD3CC73-9FB7-471D-903B-B00AC0F289A8}D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{15F22BF2-8637-40E9-9422-7E67E59C6F1B}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A7EAAB5A-2035-445C-9C48-F6B41F36C0AD}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{34A44EF0-4B3E-4EAC-91DE-4CCE663C4A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24AA3F0A-E712-4108-8769-780598541055}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CB3C5C8-6060-4FFF-9507-C76EA6FC5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57D551EA-01F4-49AE-9870-F7421F7DFAD1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C336E04-E62A-4A1A-A704-8F465B4C009C}] => (Allow) D:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F35AA936-CCD8-4ABD-BFB8-99593A6E4D15}] => (Allow) D:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{81CCC2C1-CB4E-4FE0-9313-A8E8B44EA213}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AEA4F2CD-10CB-4617-8700-6349EA4134F3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{3562EA4E-06DC-4B9F-8AE1-4C96C100A87F}C:\users\gregor\maintrance\hostex.exe] => (Block) C:\users\gregor\maintrance\hostex.exe
FirewallRules: [UDP Query User{F1F7A6E6-4AFB-4748-9C87-78B4BC7A8A33}C:\users\gregor\maintrance\hostex.exe] => (Block) C:\users\gregor\maintrance\hostex.exe
FirewallRules: [{6EA5E38B-5080-4306-8E3B-CFB5DFF82B02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2B04DDCE-6752-4ABB-8B81-FD8D2409B9C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E975F0E1-DD62-485F-873C-F948D2F91DBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{983B25F4-A3C7-45B4-94BA-2BDE61E9821D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A791368-B6A0-41ED-B416-BB6A8B5B13DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{387FC42E-5236-4C6B-B98D-52C612192239}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-10-2016 14:35:05 Windows Update
14-10-2016 11:16:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
17-10-2016 19:00:43 paint.net 4.0.12
26-10-2016 19:25:32 Scheduled Checkpoint
27-10-2016 12:15:39 Avira System Speedup 2.7.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2016 12:15:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/27/2016 12:11:38 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/27/2016 10:33:44 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/26/2016 07:25:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/26/2016 11:30:25 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/25/2016 12:21:55 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5453

Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5453

Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (10/24/2016 02:56:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4406


System errors:
=============
Error: (10/27/2016 12:11:06 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 12:11:00 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:59:02 on ‎27/‎10/‎2016 was unexpected.

Error: (10/27/2016 10:33:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 12:34:17 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (10/27/2016 12:34:17 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (10/26/2016 11:30:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/25/2016 09:40:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (10/25/2016 09:40:51 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.

Error: (10/25/2016 12:21:56 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/24/2016 11:02:57 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-5EGOQLI)
Description: The server {4AA0A5C4-1B9B-4F2E-99D7-99C6AEC83474} did not register with DCOM within the required timeout.


CodeIntegrity:
===================================
  Date: 2016-10-14 11:14:40.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-14 11:14:40.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 47%
Total physical RAM: 8133.64 MB
Available physical RAM: 4258.61 MB
Total Virtual: 9413.64 MB
Available Virtual: 4076.04 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.51 GB) (Free:107.74 GB) NTFS
Drive d: (Games) (Fixed) (Total:931.51 GB) (Free:726.38 GB) NTFS
Drive f: (Data Dump) (Fixed) (Total:931.51 GB) (Free:544.81 GB) NTFS
Drive k: (Windows 7) (Fixed) (Total:85.37 GB) (Free:12.01 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E03AB4B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 260D3280)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5E9AE640)
Partition 1: (Active) - (Size=85.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         

Alt 27.10.2016, 13:39   #2
M-K-D-B
/// TB-Ausbilder
 
RAT Trojaner? - Standard

RAT Trojaner?






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
  • Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
  • Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.



Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:
So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!




Was ist das für eine Datei?
C:\Users\Gregor\cheavy.7z



Zur ersten Analyse bitte FRST und TDSS-Killer ausführen:



Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)






Schritt 2
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.







Bitte poste mit deiner nächsten Antwort
  • die Logdatei von TDSS-Killer,
  • die beiden neuen Logdateien von FRST.
__________________

__________________

Alt 27.10.2016, 13:47   #3
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



Hallo Matthias,

die cheavy.7z wird mir nicht angezeigt im Explorer. FRST und Addition logs sind im Eingangspost, soll ich sie nochmal frisch ziehen?

TDSS-Killer Teil 1

Code:
ATTFilter
13:41:38.0171 0x0938  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
13:41:43.0410 0x0938  ============================================================
13:41:43.0410 0x0938  Current date / time: 2016/10/27 13:41:43.0410
13:41:43.0410 0x0938  SystemInfo:
13:41:43.0410 0x0938  
13:41:43.0410 0x0938  OS Version: 10.0.14393 ServicePack: 0.0
13:41:43.0410 0x0938  Product type: Workstation
13:41:43.0410 0x0938  ComputerName: DESKTOP-5EGOQLI
13:41:43.0410 0x0938  UserName: Gregor
13:41:43.0410 0x0938  Windows directory: C:\Windows
13:41:43.0410 0x0938  System windows directory: C:\Windows
13:41:43.0410 0x0938  Running under WOW64
13:41:43.0410 0x0938  Processor architecture: Intel x64
13:41:43.0410 0x0938  Number of processors: 8
13:41:43.0410 0x0938  Page size: 0x1000
13:41:43.0410 0x0938  Boot type: Normal boot
13:41:43.0410 0x0938  CodeIntegrityOptions = 0x00000001
13:41:43.0410 0x0938  ============================================================
13:41:43.0453 0x0938  KLMD registered as C:\Windows\system32\drivers\60335284.sys
13:41:43.0453 0x0938  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.321, osProperties = 0x19
13:41:43.0505 0x0938  System UUID: {06F37F70-3A4A-3069-1C1C-A81705934EC0}
13:41:43.0715 0x0938  Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 ( 232.89 Gb ), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:41:43.0716 0x0938  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:41:43.0717 0x0938  Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:41:43.0720 0x0938  ============================================================
13:41:43.0720 0x0938  \Device\Harddisk2\DR2:
13:41:43.0721 0x0938  MBR partitions:
13:41:43.0721 0x0938  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAAC0000
13:41:43.0721 0x0938  \Device\Harddisk2\DR2\Partition2: MBR, Type 0x7, StartLBA 0xAAC1000, BlocksNum 0x12704800
13:41:43.0721 0x0938  \Device\Harddisk0\DR0:
13:41:43.0721 0x0938  MBR partitions:
13:41:43.0721 0x0938  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
13:41:43.0721 0x0938  \Device\Harddisk1\DR1:
13:41:43.0721 0x0938  MBR partitions:
13:41:43.0722 0x0938  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
13:41:43.0722 0x0938  ============================================================
13:41:43.0723 0x0938  C: <-> \Device\Harddisk2\DR2\Partition2
13:41:43.0757 0x0938  F: <-> \Device\Harddisk0\DR0\Partition1
13:41:43.0758 0x0938  K: <-> \Device\Harddisk2\DR2\Partition1
13:41:43.0759 0x0938  D: <-> \Device\Harddisk1\DR1\Partition1
13:41:43.0759 0x0938  ============================================================
13:41:43.0759 0x0938  Initialize success
13:41:43.0759 0x0938  ============================================================
13:41:45.0206 0x2a6c  ============================================================
13:41:45.0206 0x2a6c  Scan started
13:41:45.0206 0x2a6c  Mode: Manual; 
13:41:45.0206 0x2a6c  ============================================================
13:41:45.0206 0x2a6c  KSN ping started
13:41:45.0367 0x2a6c  KSN ping finished: true
13:41:45.0940 0x2a6c  ================ Scan system memory ========================
13:41:45.0940 0x2a6c  System memory - ok
13:41:45.0940 0x2a6c  ================ Scan services =============================
13:41:45.0970 0x2a6c  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
13:41:45.0972 0x2a6c  1394ohci - ok
13:41:45.0979 0x2a6c  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\Windows\system32\drivers\3ware.sys
13:41:45.0981 0x2a6c  3ware - ok
13:41:45.0993 0x2a6c  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\Windows\system32\drivers\ACPI.sys
13:41:46.0001 0x2a6c  ACPI - ok
13:41:46.0004 0x2a6c  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\Windows\System32\drivers\AcpiDev.sys
13:41:46.0004 0x2a6c  AcpiDev - ok
13:41:46.0008 0x2a6c  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
13:41:46.0010 0x2a6c  acpiex - ok
13:41:46.0012 0x2a6c  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
13:41:46.0012 0x2a6c  acpipagr - ok
13:41:46.0014 0x2a6c  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
13:41:46.0015 0x2a6c  AcpiPmi - ok
13:41:46.0017 0x2a6c  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
13:41:46.0018 0x2a6c  acpitime - ok
13:41:46.0037 0x2a6c  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\Windows\system32\drivers\ADP80XX.SYS
13:41:46.0049 0x2a6c  ADP80XX - ok
13:41:46.0060 0x2a6c  [ 983266DA83FFF73DBDDD3730A4712228, 433A2731DAC687C52FB7E23093B8E11D92CCCF4C35B493D73AC30C6A4A6D2A6C ] AFD             C:\Windows\system32\drivers\afd.sys
13:41:46.0066 0x2a6c  AFD - ok
13:41:46.0072 0x2a6c  [ E44DB3F7225EC3E119560738B3619972, 32946FBC2BD74072F22E48D769A034183F6C3728FCCC3CF0DD561602511E39B2 ] ahcache         C:\Windows\system32\DRIVERS\ahcache.sys
13:41:46.0074 0x2a6c  ahcache - ok
13:41:46.0077 0x2a6c  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\Windows\System32\AJRouter.dll
13:41:46.0078 0x2a6c  AJRouter - ok
13:41:46.0081 0x2a6c  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\Windows\System32\alg.exe
13:41:46.0083 0x2a6c  ALG - ok
13:41:46.0086 0x2a6c  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
13:41:46.0088 0x2a6c  AmdK8 - ok
13:41:46.0091 0x2a6c  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
13:41:46.0093 0x2a6c  AmdPPM - ok
13:41:46.0096 0x2a6c  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
13:41:46.0097 0x2a6c  amdsata - ok
13:41:46.0102 0x2a6c  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
13:41:46.0105 0x2a6c  amdsbs - ok
13:41:46.0108 0x2a6c  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
13:41:46.0108 0x2a6c  amdxata - ok
13:41:46.0132 0x2a6c  [ 04B856A07EDCFEE14C4CB0D389531020, 38094E6FECF22FBC72B46C4A78519F9E698092DF28A81C5742332FCA6609CB9B ] AntiVirMailService C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
13:41:46.0145 0x2a6c  AntiVirMailService - ok
13:41:46.0154 0x2a6c  [ FE817303FA4308B6149D2FC1D07D0DF2, 471EA57785EE40FE244BB2AF10FB5F5B113F1D79F34CAE28CC46177AB3F15141 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\Antivirus\sched.exe
13:41:46.0159 0x2a6c  AntiVirSchedulerService - ok
13:41:46.0168 0x2a6c  [ FE817303FA4308B6149D2FC1D07D0DF2, 471EA57785EE40FE244BB2AF10FB5F5B113F1D79F34CAE28CC46177AB3F15141 ] AntiVirService  C:\Program Files (x86)\Avira\Antivirus\avguard.exe
13:41:46.0173 0x2a6c  AntiVirService - ok
13:41:46.0196 0x2a6c  [ 82A7739C01B7FBD6738B08C6FEB13CE5, 49BD8764CC7BB8F3AEFD8A8585A2F492C0B48A6AAACA86BDE7CB6D182EADD703 ] AntiVirWebService C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
13:41:46.0212 0x2a6c  AntiVirWebService - ok
13:41:46.0217 0x2a6c  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\Windows\system32\drivers\appid.sys
13:41:46.0219 0x2a6c  AppID - ok
13:41:46.0223 0x2a6c  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\Windows\System32\appidsvc.dll
13:41:46.0225 0x2a6c  AppIDSvc - ok
13:41:46.0228 0x2a6c  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\Windows\System32\appinfo.dll
13:41:46.0230 0x2a6c  Appinfo - ok
13:41:46.0235 0x2a6c  [ 885888F8AAD89108A5EE2D0174690220, 9B148C117EBE400F40BF7F32B66B20AA4628BA9E233D707DFA2EB4A8A65E7C52 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:41:46.0237 0x2a6c  Apple Mobile Device Service - ok
13:41:46.0239 0x2a6c  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\Windows\system32\drivers\applockerfltr.sys
13:41:46.0240 0x2a6c  applockerfltr - ok
13:41:46.0244 0x2a6c  [ 76A12AC673B0F8A607ACDD0583C247D4, CBC6C0EB82C7A8E3998344280BBB5A697AFA7206CA2BADFDA7ED6E7DD20E3DAC ] AppMgmt         C:\Windows\System32\appmgmts.dll
13:41:46.0247 0x2a6c  AppMgmt - ok
13:41:46.0257 0x2a6c  [ 21DC11DA29484AE026E536F2EA7E79E5, 6E17B679494CB293DE13DFA18F79A9DFAFEEBAAE41943F95B5E1AE0720A5CA26 ] AppReadiness    C:\Windows\system32\AppReadiness.dll
13:41:46.0263 0x2a6c  AppReadiness - ok
13:41:46.0278 0x2a6c  [ 6010A920FDE5BFE4EA056F9736FBDC06, F55F68D5AD1F272BC285E716E02090C62FC87476DD6CE7ABA6BE7EF8EF6178DE ] AppVClient      C:\Windows\system32\AppVClient.exe
13:41:46.0286 0x2a6c  AppVClient - ok
13:41:46.0291 0x2a6c  [ B66ED2CB37F7E4696A51612AFBA08834, 70BA67AF7F1290E3145B873B53516F138E50D8AAC80CD00CBA66467ABC6643CB ] AppvStrm        C:\Windows\system32\drivers\AppvStrm.sys
13:41:46.0292 0x2a6c  AppvStrm - ok
13:41:46.0297 0x2a6c  [ 8DC924848E20F890BEFC6B31136D46BE, B7603425B4970F505B5A3EB0F6652A9CDD188059BDC945D6DF2BADC2DF8F4B5D ] AppvVemgr       C:\Windows\system32\drivers\AppvVemgr.sys
13:41:46.0299 0x2a6c  AppvVemgr - ok
13:41:46.0303 0x2a6c  [ 9ADC5A8BEE10E174F95349E9232D8E76, F322991323DCDC51199BB3AB0DA20F6C3CC7EE6E804400B473C610FDB895F0AE ] AppvVfs         C:\Windows\system32\drivers\AppvVfs.sys
13:41:46.0304 0x2a6c  AppvVfs - ok
13:41:46.0338 0x2a6c  [ BC45C66ABEF4756F68F51B14C975F7CD, AD7034B49D6FF2C310CB615A674164F4D1B9E1A7E64095FAF4F88D574954705C ] AppXSvc         C:\Windows\system32\appxdeploymentserver.dll
13:41:46.0361 0x2a6c  AppXSvc - ok
13:41:46.0367 0x2a6c  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
13:41:46.0368 0x2a6c  arcsas - ok
13:41:46.0371 0x2a6c  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\Windows\System32\drivers\asyncmac.sys
13:41:46.0371 0x2a6c  AsyncMac - ok
13:41:46.0374 0x2a6c  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\Windows\system32\drivers\atapi.sys
13:41:46.0374 0x2a6c  atapi - ok
13:41:46.0382 0x2a6c  [ 5D637DF654D6386487876ADF5AF301B3, 7B53356237369D892F5BBEA9C967B20DCA40FA2B6B3C5AF7A4304FFD00DF1BFC ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
13:41:46.0385 0x2a6c  AudioEndpointBuilder - ok
13:41:46.0400 0x2a6c  [ A0F7114A69A67316B9707F1809061F86, 3B501B6C9E48CD6DD38F2C9880BE9885E17D3477FFAD1207631CD9E31CD05B13 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
13:41:46.0410 0x2a6c  Audiosrv - ok
13:41:46.0415 0x2a6c  [ 5BAD6576E9DB51C6FB1AA4F74A1491F0, 60BE48FD4C15D49425EAB2B53731D73CD19ED456F42EE2C2D32FE9FD0638A1D0 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
13:41:46.0417 0x2a6c  avgntflt - ok
13:41:46.0422 0x2a6c  [ E73A2960A54F83B96415BAE10E66CCB2, C44CE2A638D2CB219A0BCDFEE2855E14A9BEAB032788D7661992735726EFC983 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
13:41:46.0424 0x2a6c  avipbb - ok
13:41:46.0431 0x2a6c  [ 24477237F3E401D81BBAE6698BB54354, EB846AE29C72C6C163BD129E99455673C8EDE7BF220A2C00D96E97B12D9BABFF ] Avira.ServiceHost C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
13:41:46.0435 0x2a6c  Avira.ServiceHost - ok
13:41:46.0442 0x2a6c  [ EFFF0BA6A97693F8012E5B3E7C3ACAB1, A28689BC7BF6F99399C8E6F34598BD144CFE334E474C1A972792B98A8E3A9798 ] AviraPhantomVPN C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
13:41:46.0445 0x2a6c  AviraPhantomVPN - ok
13:41:46.0447 0x2a6c  [ 79F7741A773FF194EEC64A8161AE26D5, 3DDEA5FBDCB74A2BACC895A44C8C2A947F09E2649ED61D781E99DD61DBFACA5D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
13:41:46.0448 0x2a6c  avkmgr - ok
13:41:46.0451 0x2a6c  [ 899D89FDF015BBAF628076987D74C295, 7534A10F652FBE559431B9B1C6BC13874E8BC7438D7AFD7553F96811FD3E59BD ] avnetflt        C:\Windows\system32\DRIVERS\avnetflt.sys
13:41:46.0452 0x2a6c  avnetflt - ok
13:41:46.0454 0x2a6c  [ D0A1E2DAC2378B5C630131C2EC2923AD, 21BF3F33E206E3658F1F461EF95BC71BACD83351445C1EEE941D2C4B7EAD7B6C ] avusbflt        C:\Windows\system32\Drivers\avusbflt.sys
13:41:46.0455 0x2a6c  avusbflt - ok
13:41:46.0459 0x2a6c  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
13:41:46.0460 0x2a6c  AxInstSV - ok
13:41:46.0470 0x2a6c  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
13:41:46.0476 0x2a6c  b06bdrv - ok
13:41:46.0480 0x2a6c  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
13:41:46.0480 0x2a6c  BasicDisplay - ok
13:41:46.0484 0x2a6c  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
13:41:46.0485 0x2a6c  BasicRender - ok
13:41:46.0488 0x2a6c  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\Windows\System32\drivers\bcmfn.sys
13:41:46.0489 0x2a6c  bcmfn - ok
13:41:46.0491 0x2a6c  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\Windows\System32\drivers\bcmfn2.sys
13:41:46.0491 0x2a6c  bcmfn2 - ok
13:41:46.0498 0x2a6c  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\Windows\System32\bdesvc.dll
13:41:46.0502 0x2a6c  BDESVC - ok
13:41:46.0505 0x2a6c  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\Windows\system32\drivers\Beep.sys
13:41:46.0506 0x2a6c  Beep - ok
13:41:46.0518 0x2a6c  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\Windows\System32\bfe.dll
13:41:46.0527 0x2a6c  BFE - ok
13:41:46.0545 0x2a6c  [ BFDCC935236AAEBA39CD3DE9BC2F73DA, C7511FAB014F20FBECA56A9BA5880DFD8F020B8A33A7A30B12DBE961640F3FC9 ] BITS            C:\Windows\System32\qmgr.dll
13:41:46.0558 0x2a6c  BITS - ok
13:41:46.0568 0x2a6c  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
13:41:46.0574 0x2a6c  Bonjour Service - ok
13:41:46.0579 0x2a6c  [ EEBFAEB4702E1049ECD44B10485E6C0C, 8F4D31E36717101B6172D7346E86EBC77B9CDAA5CC14AA1379661C16A7FF05E2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
13:41:46.0580 0x2a6c  bowser - ok
13:41:46.0592 0x2a6c  [ BD33624B1F5C35F519E87B53DBC30B34, 3EFE680D7E9FCD89492DCF4E53980D01FC92DC1F63935DF16429B66DCA2AA865 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
13:41:46.0600 0x2a6c  BrokerInfrastructure - ok
13:41:46.0605 0x2a6c  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\Windows\System32\browser.dll
13:41:46.0607 0x2a6c  Browser - ok
13:41:46.0610 0x2a6c  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
13:41:46.0611 0x2a6c  BthAvrcpTg - ok
13:41:46.0614 0x2a6c  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
13:41:46.0614 0x2a6c  BthHFEnum - ok
13:41:46.0617 0x2a6c  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
13:41:46.0617 0x2a6c  bthhfhid - ok
13:41:46.0624 0x2a6c  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\Windows\System32\BthHFSrv.dll
13:41:46.0627 0x2a6c  BthHFSrv - ok
13:41:46.0630 0x2a6c  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
13:41:46.0631 0x2a6c  BTHMODEM - ok
13:41:46.0637 0x2a6c  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\Windows\system32\bthserv.dll
13:41:46.0639 0x2a6c  bthserv - ok
13:41:46.0641 0x2a6c  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\Windows\System32\drivers\buttonconverter.sys
13:41:46.0642 0x2a6c  buttonconverter - ok
13:41:46.0645 0x2a6c  [ 4C61113687EB66035A70A55EE9B7DB4A, 3339821A3853B90F3B468470493A813053D82014E2677E726C16E19AABE2A440 ] CapImg          C:\Windows\System32\drivers\capimg.sys
13:41:46.0646 0x2a6c  CapImg - ok
13:41:46.0649 0x2a6c  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
13:41:46.0651 0x2a6c  cdfs - ok
13:41:46.0659 0x2a6c  [ 2439A82EC0BB421FA2B21E0A1C6C997F, 1B1DF0B628BE796E046DBC5597DB09681DA1785A148F2FBEC96F3AE45AA0ECB2 ] CDPSvc          C:\Windows\System32\CDPSvc.dll
13:41:46.0663 0x2a6c  CDPSvc - ok
13:41:46.0671 0x2a6c  [ 4279D54DD2273B06EEAD7006D6938813, 7DB1BC3424A72978375B9DE26103104213F3645DE0AD748EF431A2C858FAC1E1 ] CDPUserSvc      C:\Windows\System32\CDPUserSvc.dll
13:41:46.0675 0x2a6c  CDPUserSvc - ok
13:41:46.0682 0x2a6c  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\Windows\System32\drivers\cdrom.sys
13:41:46.0684 0x2a6c  cdrom - ok
13:41:46.0688 0x2a6c  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] CertPropSvc     C:\Windows\System32\certprop.dll
13:41:46.0690 0x2a6c  CertPropSvc - ok
13:41:46.0698 0x2a6c  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\Windows\system32\drivers\cht4sx64.sys
13:41:46.0701 0x2a6c  cht4iscsi - ok
13:41:46.0733 0x2a6c  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\Windows\System32\drivers\cht4vx64.sys
13:41:46.0754 0x2a6c  cht4vbd - ok
13:41:46.0759 0x2a6c  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\Windows\System32\drivers\circlass.sys
13:41:46.0759 0x2a6c  circlass - ok
13:41:46.0767 0x2a6c  [ 09D0B94D3A06EFD1EB70189EC4B26DF7, 47E73C536C63F4C21E4ADBB122A152D3A291CF4EDD4CB4D07D09D14E1A9961F1 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
13:41:46.0771 0x2a6c  CLFS - ok
13:41:46.0823 0x2a6c  [ 2FFC3A679CF4FF05AA762E2B8D095574, 5CA2B9898E7493AF71B7D3A35FFB5D9F072DD0381AF89B0F47158895FBF58772 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
13:41:46.0867 0x2a6c  ClickToRunSvc - ok
13:41:46.0881 0x2a6c  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\Windows\System32\ClipSVC.dll
13:41:46.0889 0x2a6c  ClipSVC - ok
13:41:46.0892 0x2a6c  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\Windows\System32\drivers\registry.sys
13:41:46.0894 0x2a6c  clreg - ok
13:41:46.0899 0x2a6c  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
13:41:46.0900 0x2a6c  CmBatt - ok
13:41:46.0911 0x2a6c  [ 8F5C24F4F47120157AB6D889B96A2AC2, 0C5EA247C2CE16980945CD4768B74E9129CCEA58C6D31FDB1715D12196B0740D ] CNG             C:\Windows\system32\Drivers\cng.sys
13:41:46.0918 0x2a6c  CNG - ok
13:41:46.0921 0x2a6c  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\Windows\system32\DRIVERS\cnghwassist.sys
13:41:46.0922 0x2a6c  cnghwassist - ok
13:41:46.0934 0x2a6c  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
13:41:46.0934 0x2a6c  CompositeBus - ok
13:41:46.0936 0x2a6c  COMSysApp - ok
13:41:46.0939 0x2a6c  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\Windows\system32\drivers\condrv.sys
13:41:46.0940 0x2a6c  condrv - ok
13:41:46.0953 0x2a6c  [ 03DCC01047713690E312B013C60881AE, B98174222DDFDA2A31BAC4795D99FA07D1D03107ABDB27BF5069FAFBBF00D278 ] CoreMessagingRegistrar C:\Windows\system32\coremessaging.dll
13:41:46.0961 0x2a6c  CoreMessagingRegistrar - ok
13:41:46.0967 0x2a6c  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
13:41:46.0969 0x2a6c  CryptSvc - ok
13:41:46.0979 0x2a6c  [ 03214883D52FAD46573233852344C72C, 63DCCDD895EB804D205ABB8EA381B34FB0879D09E4D0EB0B28F9B2BB1024BAB7 ] CSC             C:\Windows\system32\drivers\csc.sys
13:41:46.0985 0x2a6c  CSC - ok
13:41:46.0999 0x2a6c  [ BE35D1BAC3F18C9EB1C1CFBA31ED95E3, 4255475D173868A0E5583E844A1884E819E229838C4DEACAC47F1A4DEF388C9D ] CscService      C:\Windows\System32\cscsvc.dll
13:41:47.0007 0x2a6c  CscService - ok
13:41:47.0011 0x2a6c  [ 68B1E0DA1BB1680494227E88CE821E2F, DE9AFCE4CC28F3484180D6A63FBBDA5B89F208E056BD17870C074094159ED6AF ] dam             C:\Windows\system32\drivers\dam.sys
13:41:47.0012 0x2a6c  dam - ok
13:41:47.0016 0x2a6c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
13:41:47.0018 0x2a6c  dbupdate - ok
13:41:47.0022 0x2a6c  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
13:41:47.0023 0x2a6c  dbupdatem - ok
13:41:47.0026 0x2a6c  dbx - ok
13:41:47.0029 0x2a6c  [ A8352D11F8E2F7E8FA0BD6F8EF599C61, 72B9F8B96433CCFE5CC9FB786BF976068BDDC04D39F9F3BCFA5132E61A97C3FD ] DbxSvc          C:\Windows\system32\DbxSvc.exe
13:41:47.0030 0x2a6c  DbxSvc - ok
13:41:47.0032 0x2a6c  [ 8AE2B187551B9B4BBFF9D65E5BEBA598, 9C3C6D45B5CB456B6798E41ACC5C50C4D433C4523C34ED0C13D98C6F6A5288E8 ] dc1-controller  C:\Windows\System32\drivers\dc1-controller.sys
13:41:47.0033 0x2a6c  dc1-controller - ok
13:41:47.0049 0x2a6c  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\Windows\system32\rpcss.dll
13:41:47.0059 0x2a6c  DcomLaunch - ok
13:41:47.0064 0x2a6c  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\Windows\system32\dcpsvc.dll
13:41:47.0067 0x2a6c  DcpSvc - ok
13:41:47.0076 0x2a6c  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\Windows\System32\defragsvc.dll
13:41:47.0082 0x2a6c  defragsvc - ok
13:41:47.0091 0x2a6c  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\Windows\system32\das.dll
13:41:47.0096 0x2a6c  DeviceAssociationService - ok
13:41:47.0100 0x2a6c  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
13:41:47.0103 0x2a6c  DeviceInstall - ok
13:41:47.0105 0x2a6c  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\Windows\system32\DevQueryBroker.dll
13:41:47.0106 0x2a6c  DevQueryBroker - ok
13:41:47.0110 0x2a6c  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
13:41:47.0112 0x2a6c  Dfsc - ok
13:41:47.0116 0x2a6c  [ 0F4A5D01156B948B54550375498B08A2, 1CAE3D744429A06E9C9EC46AC6B216AB68154EF8FACDD0721C47902B83820F56 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
13:41:47.0117 0x2a6c  dg_ssudbus - ok
13:41:47.0126 0x2a6c  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\Windows\system32\dhcpcore.dll
13:41:47.0130 0x2a6c  Dhcp - ok
13:41:47.0134 0x2a6c  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
13:41:47.0135 0x2a6c  diagnosticshub.standardcollector.service - ok
13:41:47.0165 0x2a6c  [ AE204AEE1408DA5F82B0BC26CBB43C5C, 8194F6F9BDC5904E3D1D3CDCE209375D231161D4F0508F56FF1934DD01BFE024 ] DiagTrack       C:\Windows\system32\diagtrack.dll
13:41:47.0186 0x2a6c  DiagTrack - ok
13:41:47.0191 0x2a6c  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\Windows\system32\drivers\disk.sys
13:41:47.0193 0x2a6c  disk - ok
13:41:47.0201 0x2a6c  [ 44A5CAF4E736BCD4360015BB3B841179, 8CD74620C3E163FF998CA8C09A999FED5C9EFDC88D07493192A57032D18CA973 ] DmEnrollmentSvc C:\Windows\system32\Windows.Internal.Management.dll
13:41:47.0207 0x2a6c  DmEnrollmentSvc - ok
13:41:47.0210 0x2a6c  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
13:41:47.0211 0x2a6c  dmvsc - ok
13:41:47.0213 0x2a6c  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\Windows\system32\dmwappushsvc.dll
13:41:47.0215 0x2a6c  dmwappushservice - ok
13:41:47.0220 0x2a6c  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\Windows\System32\dnsrslvr.dll
13:41:47.0224 0x2a6c  Dnscache - ok
13:41:47.0230 0x2a6c  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\Windows\System32\dot3svc.dll
13:41:47.0234 0x2a6c  dot3svc - ok
13:41:47.0238 0x2a6c  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\Windows\system32\dps.dll
13:41:47.0241 0x2a6c  DPS - ok
13:41:47.0243 0x2a6c  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\Windows\system32\DRIVERS\drmkaud.sys
13:41:47.0243 0x2a6c  drmkaud - ok
13:41:47.0248 0x2a6c  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
13:41:47.0251 0x2a6c  DsmSvc - ok
13:41:47.0255 0x2a6c  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\Windows\System32\DsSvc.dll
13:41:47.0257 0x2a6c  DsSvc - ok
13:41:47.0290 0x2a6c  [ D2EC2AD9C2F514AEECD5EC2B46107228, 478B9119285730D41929E4C3773A67C4DC3C5FE598728509ADFB933C1E259C7A ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
13:41:47.0313 0x2a6c  DXGKrnl - ok
13:41:47.0324 0x2a6c  [ 83E4A14F851341C933C3235BFB882ECA, 152EDEF6B566D010FE519FE4B046050A5281069B48AFF8A2395D7D2BD0519701 ] e1iexpress      C:\Windows\System32\drivers\e1i63x64.sys
13:41:47.0329 0x2a6c  e1iexpress - ok
13:41:47.0333 0x2a6c  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\Windows\System32\eapsvc.dll
13:41:47.0335 0x2a6c  EapHost - ok
13:41:47.0385 0x2a6c  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
13:41:47.0420 0x2a6c  ebdrv - ok
13:41:47.0425 0x2a6c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\Windows\System32\lsass.exe
13:41:47.0428 0x2a6c  EFS - ok
13:41:47.0431 0x2a6c  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
13:41:47.0432 0x2a6c  EhStorClass - ok
13:41:47.0436 0x2a6c  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
13:41:47.0437 0x2a6c  EhStorTcgDrv - ok
13:41:47.0441 0x2a6c  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\Windows\System32\embeddedmodesvc.dll
13:41:47.0443 0x2a6c  embeddedmode - ok
13:41:47.0449 0x2a6c  [ B4264DEF962801CDB83C008DE30758D1, 57886688102BE727450BA45932044A5A389B5822A0C1C08C2AFFBA380F70C3F3 ] EntAppSvc       C:\Windows\system32\EnterpriseAppMgmtSvc.dll
13:41:47.0453 0x2a6c  EntAppSvc - ok
13:41:47.0455 0x2a6c  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
13:41:47.0456 0x2a6c  ErrDev - ok
13:41:47.0466 0x2a6c  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\Windows\system32\es.dll
13:41:47.0472 0x2a6c  EventSystem - ok
13:41:47.0478 0x2a6c  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\Windows\system32\drivers\exfat.sys
13:41:47.0482 0x2a6c  exfat - ok
13:41:47.0489 0x2a6c  [ C077AA74EDDAF69985EB27597BCB342A, 8CE48D37E39A6DFA3C8E959CA92A49029100446DC40044EE009D55FB9CDE378A ] fastfat         C:\Windows\system32\drivers\fastfat.sys
13:41:47.0493 0x2a6c  fastfat - ok
13:41:47.0505 0x2a6c  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\Windows\system32\fxssvc.exe
13:41:47.0512 0x2a6c  Fax - ok
13:41:47.0515 0x2a6c  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\Windows\System32\drivers\fdc.sys
13:41:47.0516 0x2a6c  fdc - ok
13:41:47.0518 0x2a6c  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\Windows\system32\fdPHost.dll
13:41:47.0519 0x2a6c  fdPHost - ok
13:41:47.0522 0x2a6c  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\Windows\system32\fdrespub.dll
13:41:47.0523 0x2a6c  FDResPub - ok
13:41:47.0527 0x2a6c  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\Windows\system32\fhsvc.dll
13:41:47.0529 0x2a6c  fhsvc - ok
13:41:47.0532 0x2a6c  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\Windows\system32\drivers\filecrypt.sys
13:41:47.0533 0x2a6c  FileCrypt - ok
13:41:47.0536 0x2a6c  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
13:41:47.0537 0x2a6c  FileInfo - ok
13:41:47.0539 0x2a6c  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
13:41:47.0540 0x2a6c  Filetrace - ok
13:41:47.0543 0x2a6c  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
13:41:47.0544 0x2a6c  flpydisk - ok
13:41:47.0551 0x2a6c  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
13:41:47.0555 0x2a6c  FltMgr - ok
13:41:47.0584 0x2a6c  [ 9ACA7C29C3D81A2D0810517F070B447F, 4FF50CFCC0392C9FCF8C0D750EB5AC6906DC79D8267790B891266C36279ECD81 ] FontCache       C:\Windows\system32\FntCache.dll
13:41:47.0603 0x2a6c  FontCache - ok
13:41:47.0608 0x2a6c  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:41:47.0609 0x2a6c  FontCache3.0.0.0 - ok
13:41:47.0623 0x2a6c  [ 2D6CC779108F3D10EFEB68694F56AA94, 5C0097245526D6834E16E22D5DD64FE8AC7F7FB3EA4C184C465536F891AA6BF5 ] FrameServer     C:\Windows\system32\FrameServer.dll
13:41:47.0632 0x2a6c  FrameServer - ok
13:41:47.0636 0x2a6c  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
13:41:47.0637 0x2a6c  FsDepends - ok
13:41:47.0639 0x2a6c  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
13:41:47.0640 0x2a6c  Fs_Rec - ok
13:41:47.0651 0x2a6c  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
13:41:47.0658 0x2a6c  fvevol - ok
13:41:47.0661 0x2a6c  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
13:41:47.0661 0x2a6c  gencounter - ok
13:41:47.0664 0x2a6c  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\Windows\System32\drivers\genericusbfn.sys
13:41:47.0664 0x2a6c  genericusbfn - ok
13:41:47.0669 0x2a6c  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
13:41:47.0671 0x2a6c  GPIOClx0101 - ok
13:41:47.0691 0x2a6c  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\Windows\System32\gpsvc.dll
13:41:47.0704 0x2a6c  gpsvc - ok
13:41:47.0707 0x2a6c  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\Windows\system32\drivers\gpuenergydrv.sys
13:41:47.0708 0x2a6c  GpuEnergyDrv - ok
13:41:47.0712 0x2a6c  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:41:47.0714 0x2a6c  gupdate - ok
13:41:47.0719 0x2a6c  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:41:47.0720 0x2a6c  gupdatem - ok
13:41:47.0728 0x2a6c  [ 217230B984AB2954E2FA5E36578D7B08, BB7B79EA7501A28EB2A0303FDF66FB9D59D567994C25A1523CD6D2081C403AF6 ] HdAudAddService C:\Windows\system32\DRIVERS\HdAudio.sys
13:41:47.0733 0x2a6c  HdAudAddService - ok
13:41:47.0736 0x2a6c  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
13:41:47.0737 0x2a6c  HDAudBus - ok
13:41:47.0740 0x2a6c  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
13:41:47.0740 0x2a6c  HidBatt - ok
13:41:47.0744 0x2a6c  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\Windows\System32\drivers\hidbth.sys
13:41:47.0745 0x2a6c  HidBth - ok
13:41:47.0747 0x2a6c  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
13:41:47.0748 0x2a6c  hidi2c - ok
13:41:47.0751 0x2a6c  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\Windows\System32\drivers\hidinterrupt.sys
13:41:47.0751 0x2a6c  hidinterrupt - ok
13:41:47.0754 0x2a6c  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\Windows\System32\drivers\hidir.sys
13:41:47.0754 0x2a6c  HidIr - ok
13:41:47.0757 0x2a6c  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\Windows\system32\hidserv.dll
13:41:47.0758 0x2a6c  hidserv - ok
13:41:47.0760 0x2a6c  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
13:41:47.0761 0x2a6c  HidUsb - ok
13:41:47.0767 0x2a6c  [ 44D54C8356588525D7AD0FDCFDDA0811, 46963ADBF14FA8A9B0E6564106ADEA49BBD4EBD9E43DF389CCD31F9B9BD080D9 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
13:41:47.0771 0x2a6c  HomeGroupListener - ok
13:41:47.0779 0x2a6c  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
13:41:47.0785 0x2a6c  HomeGroupProvider - ok
13:41:47.0788 0x2a6c  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
13:41:47.0789 0x2a6c  HpSAMD - ok
13:41:47.0806 0x2a6c  [ BAFD8946905DF03E6ECDDB154A4BAA9C, FAD178FAFA5760132F3A9FC862C2726B337CA0CE1D66EA819CB5AFEB2D664618 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
13:41:47.0817 0x2a6c  HTTP - ok
13:41:47.0821 0x2a6c  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\Windows\System32\hvhostsvc.dll
13:41:47.0823 0x2a6c  HvHost - ok
13:41:47.0826 0x2a6c  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\Windows\system32\drivers\hvservice.sys
13:41:47.0827 0x2a6c  hvservice - ok
13:41:47.0830 0x2a6c  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
13:41:47.0830 0x2a6c  hwpolicy - ok
13:41:47.0832 0x2a6c  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
13:41:47.0833 0x2a6c  hyperkbd - ok
13:41:47.0836 0x2a6c  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
13:41:47.0838 0x2a6c  i8042prt - ok
13:41:47.0840 0x2a6c  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\Windows\System32\drivers\iagpio.sys
13:41:47.0841 0x2a6c  iagpio - ok
13:41:47.0846 0x2a6c  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\Windows\System32\drivers\iai2c.sys
13:41:47.0848 0x2a6c  iai2c - ok
13:41:47.0851 0x2a6c  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\Windows\System32\drivers\iaLPSS2i_GPIO2.sys
13:41:47.0852 0x2a6c  iaLPSS2i_GPIO2 - ok
13:41:47.0856 0x2a6c  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\Windows\System32\drivers\iaLPSS2i_I2C.sys
13:41:47.0858 0x2a6c  iaLPSS2i_I2C - ok
13:41:47.0861 0x2a6c  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\Windows\System32\drivers\iaLPSSi_GPIO.sys
13:41:47.0861 0x2a6c  iaLPSSi_GPIO - ok
13:41:47.0865 0x2a6c  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\Windows\System32\drivers\iaLPSSi_I2C.sys
13:41:47.0866 0x2a6c  iaLPSSi_I2C - ok
13:41:47.0878 0x2a6c  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\Windows\system32\drivers\iaStorAV.sys
13:41:47.0885 0x2a6c  iaStorAV - ok
13:41:47.0893 0x2a6c  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
13:41:47.0897 0x2a6c  iaStorV - ok
13:41:47.0907 0x2a6c  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\Windows\System32\drivers\ibbus.sys
13:41:47.0912 0x2a6c  ibbus - ok
13:41:47.0918 0x2a6c  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\Windows\System32\tetheringservice.dll
13:41:47.0922 0x2a6c  icssvc - ok
13:41:47.0938 0x2a6c  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\Windows\System32\ikeext.dll
13:41:47.0948 0x2a6c  IKEEXT - ok
13:41:47.0951 0x2a6c  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\Windows\System32\drivers\IndirectKmd.sys
13:41:47.0952 0x2a6c  IndirectKmd - ok
13:41:48.0026 0x2a6c  [ 08A2E765F066DA6957D8CA66C6CBFD1B, 9B3DCAF78BF53B60FB8F92B2E5C994FBC4006082FE114A26009F7CEB10735EE2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
13:41:48.0078 0x2a6c  IntcAzAudAddService - ok
13:41:48.0085 0x2a6c  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\Windows\system32\drivers\intelide.sys
13:41:48.0085 0x2a6c  intelide - ok
13:41:48.0088 0x2a6c  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\Windows\system32\drivers\intelpep.sys
13:41:48.0088 0x2a6c  intelpep - ok
13:41:48.0092 0x2a6c  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
13:41:48.0093 0x2a6c  intelppm - ok
13:41:48.0096 0x2a6c  [ 4A922CAB4AB5F29F1BECC9D95B4B7F05, 7C1006799E26A0B4DF49373A4D0509748C602588CFB3C1CBB409E335F5DF9593 ] iorate          C:\Windows\system32\drivers\iorate.sys
13:41:48.0097 0x2a6c  iorate - ok
13:41:48.0100 0x2a6c  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:41:48.0101 0x2a6c  IpFilterDriver - ok
13:41:48.0117 0x2a6c  [ 89548E57FD0A7BC703541C69C0286B13, 261698B302DF5B80C57FC4257E0A0AABC8DEFFED16D8CD142AD8E7CB51AF2007 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
13:41:48.0127 0x2a6c  iphlpsvc - ok
13:41:48.0131 0x2a6c  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
13:41:48.0132 0x2a6c  IPMIDRV - ok
13:41:48.0137 0x2a6c  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
13:41:48.0140 0x2a6c  IPNAT - ok
13:41:48.0151 0x2a6c  [ 16A6D49E7698FC6F1730D3FF9F5561A8, 860D2601BA3A71C81A6B21F4D92A5E9C47772C9DE0F047D49000FA4A484D7932 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
13:41:48.0160 0x2a6c  iPod Service - ok
13:41:48.0164 0x2a6c  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\Windows\system32\drivers\irda.sys
13:41:48.0165 0x2a6c  irda - ok
13:41:48.0167 0x2a6c  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
13:41:48.0168 0x2a6c  IRENUM - ok
13:41:48.0171 0x2a6c  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\Windows\System32\irmon.dll
13:41:48.0172 0x2a6c  irmon - ok
13:41:48.0174 0x2a6c  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
13:41:48.0175 0x2a6c  isapnp - ok
13:41:48.0180 0x2a6c  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
13:41:48.0183 0x2a6c  iScsiPrt - ok
13:41:48.0186 0x2a6c  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
13:41:48.0187 0x2a6c  kbdclass - ok
13:41:48.0190 0x2a6c  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
13:41:48.0191 0x2a6c  kbdhid - ok
13:41:48.0193 0x2a6c  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\Windows\System32\drivers\kdnic.sys
13:41:48.0194 0x2a6c  kdnic - ok
13:41:48.0196 0x2a6c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\Windows\system32\lsass.exe
13:41:48.0198 0x2a6c  KeyIso - ok
13:41:48.0202 0x2a6c  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
13:41:48.0204 0x2a6c  KSecDD - ok
13:41:48.0208 0x2a6c  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
13:41:48.0210 0x2a6c  KSecPkg - ok
13:41:48.0213 0x2a6c  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
13:41:48.0213 0x2a6c  ksthunk - ok
13:41:48.0221 0x2a6c  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\Windows\system32\msdtckrm.dll
13:41:48.0226 0x2a6c  KtmRm - ok
13:41:48.0233 0x2a6c  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\Windows\system32\srvsvc.dll
13:41:48.0238 0x2a6c  LanmanServer - ok
13:41:48.0244 0x2a6c  [ B581907FD94F1FF148BF695331F67612, 05D1FFA456557A291566D788B8DE2485552E361EC3C0F63EA1A710BE940A5398 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:41:48.0249 0x2a6c  LanmanWorkstation - ok
13:41:48.0252 0x2a6c  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\Windows\System32\lfsvc.dll
13:41:48.0254 0x2a6c  lfsvc - ok
13:41:48.0256 0x2a6c  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\Windows\system32\LicenseManagerSvc.dll
13:41:48.0257 0x2a6c  LicenseManager - ok
13:41:48.0260 0x2a6c  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\Windows\system32\drivers\lltdio.sys
13:41:48.0261 0x2a6c  lltdio - ok
13:41:48.0266 0x2a6c  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
13:41:48.0270 0x2a6c  lltdsvc - ok
13:41:48.0273 0x2a6c  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\Windows\System32\lmhsvc.dll
13:41:48.0274 0x2a6c  lmhosts - ok
13:41:48.0278 0x2a6c  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
13:41:48.0280 0x2a6c  LSI_SAS - ok
13:41:48.0283 0x2a6c  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\Windows\system32\drivers\lsi_sas2i.sys
13:41:48.0284 0x2a6c  LSI_SAS2i - ok
13:41:48.0287 0x2a6c  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\Windows\system32\drivers\lsi_sas3i.sys
13:41:48.0289 0x2a6c  LSI_SAS3i - ok
13:41:48.0292 0x2a6c  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
13:41:48.0293 0x2a6c  LSI_SSS - ok
13:41:48.0305 0x2a6c  [ 06276381A0797FD417E7068C1210FA06, 204144E9792216F952CED869ECB6B26FB466BF730B8A73FA4799B1EBC1A630AB ] LSM             C:\Windows\System32\lsm.dll
13:41:48.0314 0x2a6c  LSM - ok
13:41:48.0318 0x2a6c  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\Windows\system32\drivers\luafv.sys
13:41:48.0320 0x2a6c  luafv - ok
13:41:48.0323 0x2a6c  [ ED5B42D75F3DEE93040B3930DA9F3009, E919DA20E46FE1C81CB76090B799DD858DD4771DB0EBDE4545DB4681A0AFFE8E ] MapsBroker      C:\Windows\System32\moshost.dll
13:41:48.0325 0x2a6c  MapsBroker - ok
13:41:48.0328 0x2a6c  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\Windows\system32\drivers\megasas.sys
13:41:48.0329 0x2a6c  megasas - ok
13:41:48.0332 0x2a6c  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\Windows\system32\drivers\MegaSas2i.sys
13:41:48.0333 0x2a6c  megasas2i - ok
13:41:48.0343 0x2a6c  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\Windows\system32\drivers\megasr.sys
13:41:48.0350 0x2a6c  megasr - ok
13:41:48.0355 0x2a6c  [ 8EC6459491D8508BBA5E3CEC5C930914, E01AEE2E6F569429BC5582AEB63A2CB288499A878B0806D21CC9D78F00E0B284 ] MEIx64          C:\Windows\System32\drivers\TeeDriverW8x64.sys
13:41:48.0358 0x2a6c  MEIx64 - ok
13:41:48.0361 0x2a6c  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\Windows\System32\MessagingService.dll
13:41:48.0362 0x2a6c  MessagingService - ok
13:41:48.0379 0x2a6c  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\Windows\System32\drivers\mlx4_bus.sys
13:41:48.0389 0x2a6c  mlx4_bus - ok
13:41:48.0393 0x2a6c  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\Windows\system32\drivers\mmcss.sys
13:41:48.0394 0x2a6c  MMCSS - ok
13:41:48.0396 0x2a6c  [ D842ADDB5911945D51F61A0B1C8F36E3, 5EB93A1FD2D2D9FAB6121356E1AB18F2ADE9550D3033274AF7CA8F7FD51E59ED ] Modem           C:\Windows\system32\drivers\modem.sys
13:41:48.0397 0x2a6c  Modem - ok
13:41:48.0399 0x2a6c  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\Windows\System32\drivers\monitor.sys
13:41:48.0400 0x2a6c  monitor - ok
13:41:48.0403 0x2a6c  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
13:41:48.0404 0x2a6c  mouclass - ok
13:41:48.0407 0x2a6c  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\Windows\System32\drivers\mouhid.sys
13:41:48.0407 0x2a6c  mouhid - ok
13:41:48.0411 0x2a6c  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
13:41:48.0412 0x2a6c  mountmgr - ok
13:41:48.0417 0x2a6c  [ CBCC3A1E47A664CCCBC7A25081C4D88B, BDE4510CED8EF3BB091118FEA8AEB61F0DB402C9B53615A4824896DF9DE3030E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:41:48.0419 0x2a6c  MozillaMaintenance - ok
13:41:48.0422 0x2a6c  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
13:41:48.0423 0x2a6c  mpsdrv - ok
13:41:48.0438 0x2a6c  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
13:41:48.0448 0x2a6c  MpsSvc - ok
13:41:48.0453 0x2a6c  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
13:41:48.0455 0x2a6c  MRxDAV - ok
13:41:48.0464 0x2a6c  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
13:41:48.0468 0x2a6c  mrxsmb - ok
13:41:48.0475 0x2a6c  [ 200E4A385F5F370D8866BAE25B0D9D32, 114AD45000A0C74EAE26C3075BBFEF80B9386C69D58CE4436CAFCF13613EAEFA ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:41:48.0478 0x2a6c  mrxsmb10 - ok
13:41:48.0484 0x2a6c  [ F7C22604CD8AFB9AF1C1E3CE39A5A09F, 3F7B39336F8A72525C667D45C9300CA6D017BDE17A6E23EF794BA59D2F3C78F3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:41:48.0486 0x2a6c  mrxsmb20 - ok
13:41:48.0490 0x2a6c  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\Windows\system32\drivers\bridge.sys
13:41:48.0491 0x2a6c  MsBridge - ok
13:41:48.0496 0x2a6c  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\Windows\System32\msdtc.exe
13:41:48.0498 0x2a6c  MSDTC - ok
13:41:48.0503 0x2a6c  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
13:41:48.0503 0x2a6c  Msfs - ok
13:41:48.0506 0x2a6c  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
13:41:48.0507 0x2a6c  msgpiowin32 - ok
13:41:48.0509 0x2a6c  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
13:41:48.0509 0x2a6c  mshidkmdf - ok
13:41:48.0511 0x2a6c  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
13:41:48.0512 0x2a6c  mshidumdf - ok
13:41:48.0514 0x2a6c  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
13:41:48.0514 0x2a6c  msisadrv - ok
13:41:48.0518 0x2a6c  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
13:41:48.0520 0x2a6c  MSiSCSI - ok
13:41:48.0522 0x2a6c  msiserver - ok
13:41:48.0525 0x2a6c  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\Windows\system32\DRIVERS\MSKSSRV.sys
13:41:48.0526 0x2a6c  MSKSSRV - ok
13:41:48.0529 0x2a6c  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\Windows\system32\drivers\mslldp.sys
13:41:48.0530 0x2a6c  MsLldp - ok
13:41:48.0532 0x2a6c  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\Windows\system32\DRIVERS\MSPCLOCK.sys
13:41:48.0532 0x2a6c  MSPCLOCK - ok
13:41:48.0534 0x2a6c  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\Windows\system32\DRIVERS\MSPQM.sys
13:41:48.0534 0x2a6c  MSPQM - ok
13:41:48.0541 0x2a6c  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
13:41:48.0545 0x2a6c  MsRPC - ok
13:41:48.0551 0x2a6c  [ 7ACFE7435317E791FF9EED2F49B402F2, EAF2CE12403A9D975112A22EDBC313EE63B926C070B35E62D515403DD34BD88D ] MsSecFlt        C:\Windows\system32\drivers\mssecflt.sys
13:41:48.0553 0x2a6c  MsSecFlt - ok
13:41:48.0555 0x2a6c  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
13:41:48.0556 0x2a6c  mssmbios - ok
13:41:48.0558 0x2a6c  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\Windows\system32\DRIVERS\MSTEE.sys
13:41:48.0558 0x2a6c  MSTEE - ok
13:41:48.0560 0x2a6c  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
13:41:48.0561 0x2a6c  MTConfig - ok
13:41:48.0564 0x2a6c  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\Windows\system32\Drivers\mup.sys
13:41:48.0566 0x2a6c  Mup - ok
13:41:48.0568 0x2a6c  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
13:41:48.0569 0x2a6c  mvumis - ok
13:41:48.0580 0x2a6c  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
13:41:48.0586 0x2a6c  NativeWifiP - ok
13:41:48.0590 0x2a6c  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\Windows\System32\ncasvc.dll
13:41:48.0593 0x2a6c  NcaSvc - ok
13:41:48.0600 0x2a6c  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\Windows\System32\ncbservice.dll
13:41:48.0605 0x2a6c  NcbService - ok
13:41:48.0609 0x2a6c  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
13:41:48.0611 0x2a6c  NcdAutoSetup - ok
13:41:48.0614 0x2a6c  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\Windows\System32\drivers\ndfltr.sys
13:41:48.0615 0x2a6c  ndfltr - ok
13:41:48.0633 0x2a6c  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\Windows\system32\drivers\ndis.sys
13:41:48.0646 0x2a6c  NDIS - ok
13:41:48.0649 0x2a6c  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\Windows\system32\drivers\ndiscap.sys
13:41:48.0650 0x2a6c  NdisCap - ok
13:41:48.0653 0x2a6c  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\Windows\system32\drivers\NdisImPlatform.sys
13:41:48.0655 0x2a6c  NdisImPlatform - ok
13:41:48.0657 0x2a6c  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
13:41:48.0658 0x2a6c  NdisTapi - ok
13:41:48.0660 0x2a6c  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\Windows\system32\drivers\ndisuio.sys
13:41:48.0661 0x2a6c  Ndisuio - ok
13:41:48.0663 0x2a6c  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\Windows\System32\drivers\NdisVirtualBus.sys
13:41:48.0664 0x2a6c  NdisVirtualBus - ok
13:41:48.0668 0x2a6c  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\Windows\System32\drivers\ndiswan.sys
13:41:48.0671 0x2a6c  NdisWan - ok
13:41:48.0675 0x2a6c  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\Windows\system32\DRIVERS\ndiswan.sys
13:41:48.0677 0x2a6c  ndiswanlegacy - ok
13:41:48.0680 0x2a6c  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\Windows\system32\DRIVERS\NDProxy.sys
13:41:48.0681 0x2a6c  ndproxy - ok
13:41:48.0684 0x2a6c  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
         
__________________

Alt 27.10.2016, 13:48   #4
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



TDSS-Killer Teil 2
Code:
ATTFilter
13:41:48.0686 0x2a6c  Ndu - ok
13:41:48.0689 0x2a6c  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\Windows\system32\drivers\NetAdapterCx.sys
13:41:48.0690 0x2a6c  NetAdapterCx - ok
13:41:48.0693 0x2a6c  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\Windows\system32\drivers\netbios.sys
13:41:48.0694 0x2a6c  NetBIOS - ok
13:41:48.0701 0x2a6c  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
13:41:48.0704 0x2a6c  NetBT - ok
13:41:48.0707 0x2a6c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\Windows\system32\lsass.exe
13:41:48.0709 0x2a6c  Netlogon - ok
13:41:48.0714 0x2a6c  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\Windows\System32\netman.dll
13:41:48.0718 0x2a6c  Netman - ok
13:41:48.0727 0x2a6c  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\Windows\System32\netprofmsvc.dll
13:41:48.0734 0x2a6c  netprofm - ok
13:41:48.0740 0x2a6c  [ 724EA060EF56BAB4DED8F731FA56279B, E07FFE11D7B5C94D6B56940C6423ACB85910F6E8789E788EC91EEEE1C02B247F ] NetSetupSvc     C:\Windows\System32\NetSetupSvc.dll
13:41:48.0744 0x2a6c  NetSetupSvc - ok
13:41:48.0750 0x2a6c  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
13:41:48.0753 0x2a6c  NetTcpPortSharing - ok
13:41:48.0762 0x2a6c  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\Windows\System32\NgcCtnrSvc.dll
13:41:48.0766 0x2a6c  NgcCtnrSvc - ok
13:41:48.0783 0x2a6c  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\Windows\system32\ngcsvc.dll
13:41:48.0794 0x2a6c  NgcSvc - ok
13:41:48.0802 0x2a6c  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\Windows\System32\nlasvc.dll
13:41:48.0807 0x2a6c  NlaSvc - ok
13:41:48.0810 0x2a6c  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
13:41:48.0811 0x2a6c  Npfs - ok
13:41:48.0813 0x2a6c  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
13:41:48.0814 0x2a6c  npsvctrig - ok
13:41:48.0816 0x2a6c  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\Windows\system32\nsisvc.dll
13:41:48.0818 0x2a6c  nsi - ok
13:41:48.0820 0x2a6c  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
13:41:48.0821 0x2a6c  nsiproxy - ok
13:41:48.0855 0x2a6c  [ 5DD8CB01C0394F8D052763D2E3C6E684, BF58C1586A2402576B91D7F862861974F7BDB38704E88F4974FF3F1D1B481386 ] NTFS            C:\Windows\system32\drivers\NTFS.sys
13:41:48.0879 0x2a6c  NTFS - ok
13:41:48.0883 0x2a6c  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\Windows\system32\drivers\Null.sys
13:41:48.0883 0x2a6c  Null - ok
13:41:48.0891 0x2a6c  [ 681E911AA54E4AC2184C8FC0CEA74EBC, 92E421EEE50E404B3EDC6864097E63BDB80F7CDF0EFEA6DC19977B4DE06F23E2 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
13:41:48.0898 0x2a6c  NvContainerLocalSystem - ok
13:41:48.0906 0x2a6c  [ 681E911AA54E4AC2184C8FC0CEA74EBC, 92E421EEE50E404B3EDC6864097E63BDB80F7CDF0EFEA6DC19977B4DE06F23E2 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
13:41:48.0910 0x2a6c  NvContainerNetworkService - ok
13:41:48.0917 0x2a6c  [ 64DA1993B1973F049C1347DA1B05185E, 2A04E263DB13751D033E2F9B9518820CF4942EEAFA5A32488570EEB699EE2A96 ] NVHDA           C:\Windows\system32\drivers\nvhda64v.sys
13:41:48.0919 0x2a6c  NVHDA - ok
13:41:48.0937 0x2a6c  [ 5BF89AFD025AC007AD31B67A2D9AD986, 16D60B506C215A6AEC3AB0DB2BCE1DF7C9846FE11AAECFF55D17798833C9290B ] NVIDIA Wireless Controller Service C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
13:41:48.0953 0x2a6c  NVIDIA Wireless Controller Service - ok
13:41:49.0165 0x2a6c  [ 6E3DFC6B3113AC24B5002C117FCD4633, 83FA6B0F9A0E0324CD4737789352F423BAA6D7004DD7C3E643F70276D8286671 ] nvlddmkm        C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_49b226e6441043f1\nvlddmkm.sys
13:41:49.0310 0x2a6c  nvlddmkm - ok
13:41:49.0324 0x2a6c  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
13:41:49.0326 0x2a6c  nvraid - ok
13:41:49.0330 0x2a6c  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\Windows\system32\drivers\nvstor.sys
13:41:49.0332 0x2a6c  nvstor - ok
13:41:49.0335 0x2a6c  [ DDA83A50B7F46195281CCADD4AF43300, ABF091AED09B57DEF3000EEAE3B47612893F58CD5560C26F64438A89930A1C83 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
13:41:49.0336 0x2a6c  NvStreamKms - ok
13:41:49.0339 0x2a6c  [ E0277CB18E86B1A37470A0CD65B3E9CC, F4DC71B00C40FD8AC79BDC27A571D27D24AB94B468BEBFA68A0102FF9B2B6590 ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
13:41:49.0340 0x2a6c  nvvad_WaveExtensible - ok
13:41:49.0347 0x2a6c  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\Windows\System32\APHostService.dll
13:41:49.0351 0x2a6c  OneSyncSvc - ok
13:41:49.0358 0x2a6c  [ 63511820A101C1C5DB95B9ECFFEDA089, AD517FFE1FFD103FF1F371A0406CA8CDCAD762CE4DDC829759BE1914F4DF0675 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:41:49.0360 0x2a6c  ose - ok
13:41:49.0368 0x2a6c  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
13:41:49.0372 0x2a6c  p2pimsvc - ok
13:41:49.0380 0x2a6c  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\Windows\system32\p2psvc.dll
13:41:49.0386 0x2a6c  p2psvc - ok
13:41:49.0389 0x2a6c  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\Windows\System32\drivers\parport.sys
13:41:49.0391 0x2a6c  Parport - ok
13:41:49.0394 0x2a6c  [ 9DB326B54C03EF2892E7551D8B354036, 64CD77E8A4425E80CFB61DEE33C1A677A4044C6FC0614D74B20BDDD7C5D5334D ] partmgr         C:\Windows\system32\drivers\partmgr.sys
13:41:49.0396 0x2a6c  partmgr - ok
13:41:49.0405 0x2a6c  [ CE515B2C6E2EA50053A8862398646B38, C85D370E5250AFCF44796CE274B5A100C6829DC28BF1D4C6991EF61DE46FD10A ] PcaSvc          C:\Windows\System32\pcasvc.dll
13:41:49.0412 0x2a6c  PcaSvc - ok
13:41:49.0419 0x2a6c  [ D723D2C98598B0DF5832427740B2825D, C2B26A1F4FA2B43D842954403F134908D77892FF4BF7F320D692E685846D5C97 ] pci             C:\Windows\system32\drivers\pci.sys
13:41:49.0423 0x2a6c  pci - ok
13:41:49.0425 0x2a6c  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\Windows\system32\drivers\pciide.sys
13:41:49.0426 0x2a6c  pciide - ok
13:41:49.0429 0x2a6c  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
13:41:49.0431 0x2a6c  pcmcia - ok
13:41:49.0433 0x2a6c  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\Windows\system32\drivers\pcw.sys
13:41:49.0434 0x2a6c  pcw - ok
13:41:49.0437 0x2a6c  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\Windows\system32\drivers\pdc.sys
13:41:49.0439 0x2a6c  pdc - ok
13:41:49.0451 0x2a6c  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
13:41:49.0459 0x2a6c  PEAUTH - ok
13:41:49.0489 0x2a6c  [ 2B55ACB1727A8E5E7514D2D75AC4EBEB, 5E7449F3EE0B15E400E405DE561ED2D3932259107A9D9320AE42CA1A5C5AB992 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
13:41:49.0511 0x2a6c  PeerDistSvc - ok
13:41:49.0515 0x2a6c  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\Windows\system32\drivers\percsas2i.sys
13:41:49.0516 0x2a6c  percsas2i - ok
13:41:49.0519 0x2a6c  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\Windows\system32\drivers\percsas3i.sys
13:41:49.0520 0x2a6c  percsas3i - ok
13:41:49.0535 0x2a6c  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
13:41:49.0536 0x2a6c  PerfHost - ok
13:41:49.0552 0x2a6c  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\Windows\System32\PhoneService.dll
13:41:49.0562 0x2a6c  PhoneSvc - ok
13:41:49.0567 0x2a6c  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\Windows\System32\PimIndexMaintenance.dll
13:41:49.0571 0x2a6c  PimIndexMaintenanceSvc - ok
13:41:49.0595 0x2a6c  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\Windows\system32\pla.dll
13:41:49.0612 0x2a6c  pla - ok
13:41:49.0616 0x2a6c  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
13:41:49.0619 0x2a6c  PlugPlay - ok
13:41:49.0622 0x2a6c  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
13:41:49.0623 0x2a6c  PNRPAutoReg - ok
13:41:49.0630 0x2a6c  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
13:41:49.0635 0x2a6c  PNRPsvc - ok
13:41:49.0644 0x2a6c  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
13:41:49.0649 0x2a6c  PolicyAgent - ok
13:41:49.0654 0x2a6c  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\Windows\system32\umpo.dll
13:41:49.0657 0x2a6c  Power - ok
13:41:49.0661 0x2a6c  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\Windows\System32\drivers\raspptp.sys
13:41:49.0662 0x2a6c  PptpMiniport - ok
13:41:49.0711 0x2a6c  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll
13:41:49.0746 0x2a6c  PrintNotify - ok
13:41:49.0752 0x2a6c  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\Windows\System32\drivers\processr.sys
13:41:49.0753 0x2a6c  Processor - ok
13:41:49.0761 0x2a6c  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\Windows\system32\profsvc.dll
13:41:49.0766 0x2a6c  ProfSvc - ok
13:41:49.0770 0x2a6c  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\Windows\system32\drivers\pacer.sys
13:41:49.0772 0x2a6c  Psched - ok
13:41:49.0774 0x2a6c  [ C32ECB99AD25E9A04F01C8665DF29EF8, 0489B3DEC6A33E50D8A48A8DAD3F5B923A81F7300E4A71358D90D2879BAC9AA2 ] pwdrvio         C:\Windows\system32\pwdrvio.sys
13:41:49.0776 0x2a6c  pwdrvio - ok
13:41:49.0778 0x2a6c  [ D619356B955EEFA642F5FF72755E8B3C, 1FD54978A77ACD6FBF1236E177ED074894743A9141E4169FE9AFE28680FC93C5 ] pwdspio         C:\Windows\system32\pwdspio.sys
13:41:49.0780 0x2a6c  pwdspio - ok
13:41:49.0786 0x2a6c  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\Windows\system32\qwave.dll
13:41:49.0790 0x2a6c  QWAVE - ok
13:41:49.0793 0x2a6c  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
13:41:49.0794 0x2a6c  QWAVEdrv - ok
13:41:49.0796 0x2a6c  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
13:41:49.0797 0x2a6c  RasAcd - ok
13:41:49.0800 0x2a6c  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\Windows\System32\drivers\AgileVpn.sys
13:41:49.0801 0x2a6c  RasAgileVpn - ok
13:41:49.0804 0x2a6c  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\Windows\System32\rasauto.dll
13:41:49.0807 0x2a6c  RasAuto - ok
13:41:49.0810 0x2a6c  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\Windows\System32\drivers\rasl2tp.sys
13:41:49.0812 0x2a6c  Rasl2tp - ok
13:41:49.0826 0x2a6c  [ 3C0A10FFC3CB95D249CA64D62BC912EF, 8A75398EF3FF4BBE822031B3D1C63BFC75ABE11AB35BC0451DFF3B1D56477D97 ] RasMan          C:\Windows\System32\rasmans.dll
13:41:49.0838 0x2a6c  RasMan - ok
13:41:49.0842 0x2a6c  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
13:41:49.0843 0x2a6c  RasPppoe - ok
13:41:49.0846 0x2a6c  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\Windows\System32\drivers\rassstp.sys
13:41:49.0847 0x2a6c  RasSstp - ok
13:41:49.0850 0x2a6c  [ FA41702291C140DC2B832B0FC217D8FC, 02EBFE83094D788B57E642EF056AB7BA3904D76AA0923CF2A6C55667403A0DF3 ] Razer Chroma SDK Service C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
13:41:49.0852 0x2a6c  Razer Chroma SDK Service - ok
13:41:49.0857 0x2a6c  [ 5753CD9159718444F6D9E1634B984BF5, A4D6FB6583724F3DDDBA768D7786EB7E3AB1C8074F66DA9462BBB159CDFA2868 ] Razer Game Scanner Service C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
13:41:49.0860 0x2a6c  Razer Game Scanner Service - ok
13:41:49.0868 0x2a6c  [ EDAF0E161BE98CCC4FC9671481600745, 50DB73C341086E346F6EF57E40A7C3A8F6279E5EBB53A67F9B71B7877EB75734 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
13:41:49.0873 0x2a6c  rdbss - ok
13:41:49.0876 0x2a6c  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
13:41:49.0877 0x2a6c  rdpbus - ok
13:41:49.0881 0x2a6c  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
13:41:49.0883 0x2a6c  RDPDR - ok
13:41:49.0887 0x2a6c  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
13:41:49.0888 0x2a6c  RdpVideoMiniport - ok
13:41:49.0894 0x2a6c  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
13:41:49.0897 0x2a6c  rdyboost - ok
13:41:49.0913 0x2a6c  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\Windows\system32\drivers\ReFSv1.sys
13:41:49.0926 0x2a6c  ReFSv1 - ok
13:41:49.0937 0x2a6c  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\Windows\System32\mprdim.dll
13:41:49.0944 0x2a6c  RemoteAccess - ok
13:41:49.0949 0x2a6c  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
13:41:49.0952 0x2a6c  RemoteRegistry - ok
13:41:49.0963 0x2a6c  [ FA62C4E1D753B489832DD0A7033665EE, BB0B59ABC79CEFA949632179239D711944C29E93EBCE60E629DE75AF2C3268B2 ] RetailDemo      C:\Windows\system32\RDXService.dll
13:41:49.0972 0x2a6c  RetailDemo - ok
13:41:49.0976 0x2a6c  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\Windows\System32\RMapi.dll
13:41:49.0980 0x2a6c  RmSvc - ok
13:41:49.0983 0x2a6c  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
13:41:49.0986 0x2a6c  RpcEptMapper - ok
13:41:49.0988 0x2a6c  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\Windows\system32\locator.exe
13:41:49.0989 0x2a6c  RpcLocator - ok
13:41:50.0003 0x2a6c  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\Windows\system32\rpcss.dll
13:41:50.0014 0x2a6c  RpcSs - ok
13:41:50.0018 0x2a6c  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\Windows\system32\drivers\rspndr.sys
13:41:50.0019 0x2a6c  rspndr - ok
13:41:50.0022 0x2a6c  [ BD467D118A493A1AD7B3902A20086469, B14215F0F87DB9A8C4C048A75B12CE77CA807631463897C08815C0EC7E2D38EC ] rzendpt         C:\Windows\System32\drivers\rzendpt.sys
13:41:50.0023 0x2a6c  rzendpt - ok
13:41:50.0026 0x2a6c  [ 22E74395A908DECA7B2EB118C7E497A7, 7710B28C9BA7906F98534308B1AB065CAE5B5B333C8B66A513A1FCD70AC88286 ] rzmpos          C:\Windows\System32\drivers\rzmpos.sys
13:41:50.0027 0x2a6c  rzmpos - ok
13:41:50.0030 0x2a6c  [ 30A186D6A2A2853EEFAD7011E212E41B, 367B8FCCF29470C9237FC1F0EAEB59AE51E33778BC9914A2730AC7DDBC84942B ] rzpmgrk         C:\Windows\system32\drivers\rzpmgrk.sys
13:41:50.0030 0x2a6c  rzpmgrk - ok
13:41:50.0034 0x2a6c  [ B4598C05D5440250633E25933FFF42B0, A66D2FB7EF7350EA74D4290C57FB62BC59C6EA93F759D4CA93C3FEBCA7AEB512 ] rzpnk           C:\Windows\system32\drivers\rzpnk.sys
13:41:50.0036 0x2a6c  rzpnk - ok
13:41:50.0041 0x2a6c  [ 131BFDB9523AEA93747160CC5E984229, AA9D45C6B4A41E308F2670F347EDAAD3D537517FA3215B2FA2D9ED6339C5D5D5 ] rzudd           C:\Windows\System32\drivers\rzudd.sys
13:41:50.0043 0x2a6c  rzudd - ok
13:41:50.0045 0x2a6c  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
13:41:50.0046 0x2a6c  s3cap - ok
13:41:50.0048 0x2a6c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\Windows\system32\lsass.exe
13:41:50.0050 0x2a6c  SamSs - ok
13:41:50.0053 0x2a6c  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
13:41:50.0055 0x2a6c  sbp2port - ok
13:41:50.0060 0x2a6c  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
13:41:50.0064 0x2a6c  SCardSvr - ok
13:41:50.0069 0x2a6c  [ 9EE060D6560FFBFBDB2ED5D6ED192294, 14387B69CD26D12BE31A23251B6AA8EDFC4D6CDE4FA558F0950DE91D2DD03946 ] ScDeviceEnum    C:\Windows\System32\ScDeviceEnum.dll
13:41:50.0073 0x2a6c  ScDeviceEnum - ok
13:41:50.0075 0x2a6c  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
13:41:50.0076 0x2a6c  scfilter - ok
13:41:50.0092 0x2a6c  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\Windows\system32\schedsvc.dll
13:41:50.0103 0x2a6c  Schedule - ok
13:41:50.0107 0x2a6c  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\Windows\system32\drivers\scmbus.sys
13:41:50.0109 0x2a6c  scmbus - ok
13:41:50.0112 0x2a6c  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\Windows\System32\drivers\scmdisk0101.sys
13:41:50.0114 0x2a6c  scmdisk0101 - ok
13:41:50.0118 0x2a6c  [ 9450FA11E9DE6715FCB71A519A8FF90B, B7E341C6E4CE967FCDD0D17A497C07E8A1C6B0AACE8A6E8E5D6C21EF73F13E16 ] SCPolicySvc     C:\Windows\System32\certprop.dll
13:41:50.0120 0x2a6c  SCPolicySvc - ok
13:41:50.0127 0x2a6c  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\Windows\System32\drivers\sdbus.sys
13:41:50.0130 0x2a6c  sdbus - ok
13:41:50.0135 0x2a6c  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\Windows\System32\SDRSVC.dll
13:41:50.0138 0x2a6c  SDRSVC - ok
13:41:50.0141 0x2a6c  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
13:41:50.0143 0x2a6c  sdstor - ok
13:41:50.0145 0x2a6c  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\Windows\system32\seclogon.dll
13:41:50.0147 0x2a6c  seclogon - ok
13:41:50.0150 0x2a6c  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\Windows\System32\sens.dll
13:41:50.0152 0x2a6c  SENS - ok
13:41:50.0154 0x2a6c  Sense - ok
13:41:50.0174 0x2a6c  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\Windows\System32\SensorDataService.exe
13:41:50.0190 0x2a6c  SensorDataService - ok
13:41:50.0199 0x2a6c  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\Windows\system32\SensorService.dll
13:41:50.0205 0x2a6c  SensorService - ok
13:41:50.0209 0x2a6c  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
13:41:50.0213 0x2a6c  SensrSvc - ok
13:41:50.0216 0x2a6c  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
13:41:50.0217 0x2a6c  SerCx - ok
13:41:50.0222 0x2a6c  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\Windows\system32\drivers\SerCx2.sys
13:41:50.0223 0x2a6c  SerCx2 - ok
13:41:50.0226 0x2a6c  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\Windows\System32\drivers\serenum.sys
13:41:50.0226 0x2a6c  Serenum - ok
13:41:50.0229 0x2a6c  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\Windows\System32\drivers\serial.sys
13:41:50.0230 0x2a6c  Serial - ok
13:41:50.0234 0x2a6c  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\Windows\System32\drivers\sermouse.sys
13:41:50.0235 0x2a6c  sermouse - ok
13:41:50.0245 0x2a6c  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\Windows\system32\sessenv.dll
13:41:50.0250 0x2a6c  SessionEnv - ok
13:41:50.0253 0x2a6c  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
13:41:50.0253 0x2a6c  sfloppy - ok
13:41:50.0263 0x2a6c  [ 3D0069B8F0C2FB1B0F13DBDB57593DAD, 4CEC91BC45A51C4E445D2DD8A13AC97719D5AAC1DBA8EA9166D2A354E7857378 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
13:41:50.0270 0x2a6c  SharedAccess - ok
13:41:50.0282 0x2a6c  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:41:50.0290 0x2a6c  ShellHWDetection - ok
13:41:50.0295 0x2a6c  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\Windows\system32\Windows.SharedPC.AccountManager.dll
13:41:50.0299 0x2a6c  shpamsvc - ok
13:41:50.0302 0x2a6c  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
13:41:50.0302 0x2a6c  SiSRaid2 - ok
13:41:50.0306 0x2a6c  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
13:41:50.0307 0x2a6c  SiSRaid4 - ok
13:41:50.0309 0x2a6c  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\Windows\System32\smphost.dll
13:41:50.0311 0x2a6c  smphost - ok
13:41:50.0321 0x2a6c  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\Windows\system32\SmsRouterSvc.dll
13:41:50.0329 0x2a6c  SmsRouter - ok
13:41:50.0334 0x2a6c  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
13:41:50.0336 0x2a6c  SNMPTRAP - ok
13:41:50.0347 0x2a6c  [ 43AC4C5CC233BCE9D7C46DA0E7EC0676, DC41B118A43A5B8401FA4848DD113976077A32147944FD948AA61AFDF6639E5B ] spaceport       C:\Windows\system32\drivers\spaceport.sys
13:41:50.0353 0x2a6c  spaceport - ok
13:41:50.0356 0x2a6c  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
13:41:50.0357 0x2a6c  SpbCx - ok
13:41:50.0362 0x2a6c  [ F89406D9224E9B75AE09758F03FA72C9, DEFC407E327E36D03984FDE09B68E0141E591CFA8A9CBC48596C5394087B43F8 ] SpeedupService  C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
13:41:50.0363 0x2a6c  SpeedupService - ok
13:41:50.0376 0x2a6c  [ 63F12E1361F06E5395EDABB587CE093A, BE66550AD4273D2F7118F06084C947628C99BD58F53ACF4FAA50849801B1B11C ] Spooler         C:\Windows\System32\spoolsv.exe
13:41:50.0389 0x2a6c  Spooler - ok
13:41:50.0468 0x2a6c  [ 3DFC1881AEE1C606333E9E82B4343C79, FBC6A6DEE8333D908A944E56877B2E8B007D745EFECB03EA714589C8DB67B26B ] sppsvc          C:\Windows\system32\sppsvc.exe
13:41:50.0529 0x2a6c  sppsvc - ok
13:41:50.0540 0x2a6c  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\Windows\system32\DRIVERS\srv.sys
13:41:50.0545 0x2a6c  srv - ok
13:41:50.0557 0x2a6c  [ 1312896CAE6AF0D4557DB7B37283C116, 9E3701DBBF0F45368A217549A7DFDA2543C4AB3AC9CCF65A73E1FE27CC4A278E ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
13:41:50.0565 0x2a6c  srv2 - ok
13:41:50.0571 0x2a6c  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
13:41:50.0574 0x2a6c  srvnet - ok
13:41:50.0579 0x2a6c  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
13:41:50.0583 0x2a6c  SSDPSRV - ok
13:41:50.0588 0x2a6c  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
13:41:50.0592 0x2a6c  SstpSvc - ok
13:41:50.0596 0x2a6c  [ D08FFE34AF5B7AC5F69EEA1E0E8C6ECE, CC43752CE5C879E24229C84443DBEE667CE629ECF992AD0D42F0F77FE04F6751 ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
13:41:50.0598 0x2a6c  ssudmdm - ok
13:41:50.0603 0x2a6c  [ 8E76C2124786C198CDB63982E1B871F2, C2DB454BB6E9C279EC588CC24E11FE57AF6530B0ECF4C0BA2D166ED936233DA8 ] ssudserd        C:\Windows\system32\DRIVERS\ssudserd.sys
13:41:50.0605 0x2a6c  ssudserd - ok
13:41:50.0664 0x2a6c  [ FD881B87C853EB2F0B8B7B5CC71D6FE3, 780038C203C9277C366794302D90BC0AE75568863F1FB7044197BA20D798E4BA ] StateRepository C:\Windows\system32\windows.staterepository.dll
13:41:50.0708 0x2a6c  StateRepository - ok
13:41:50.0733 0x2a6c  [ 90E22D7CDE08E07446D238A569BCAB7C, 3D4F413D0B0C9CF28D06E0476F24AC6441C8678DF786D9971B39C91C9F9B8020 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
13:41:50.0749 0x2a6c  Steam Client Service - ok
13:41:50.0752 0x2a6c  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
13:41:50.0753 0x2a6c  stexstor - ok
13:41:50.0764 0x2a6c  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\Windows\System32\wiaservc.dll
13:41:50.0773 0x2a6c  stisvc - ok
13:41:50.0777 0x2a6c  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\Windows\system32\drivers\storahci.sys
13:41:50.0778 0x2a6c  storahci - ok
13:41:50.0781 0x2a6c  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
13:41:50.0782 0x2a6c  storflt - ok
13:41:50.0785 0x2a6c  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\Windows\system32\drivers\stornvme.sys
13:41:50.0786 0x2a6c  stornvme - ok
13:41:50.0790 0x2a6c  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\Windows\system32\drivers\storqosflt.sys
13:41:50.0791 0x2a6c  storqosflt - ok
13:41:50.0799 0x2a6c  [ 6C982BC7E4DB161530A0D831718D7113, B0FAEACC91023031E53A161ECEFCF62764C96B8705E9089B4A7B4F7A2F3B6BAA ] StorSvc         C:\Windows\system32\storsvc.dll
13:41:50.0805 0x2a6c  StorSvc - ok
13:41:50.0807 0x2a6c  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\Windows\system32\drivers\storufs.sys
13:41:50.0808 0x2a6c  storufs - ok
13:41:50.0811 0x2a6c  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
13:41:50.0811 0x2a6c  storvsc - ok
13:41:50.0814 0x2a6c  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\Windows\system32\svsvc.dll
13:41:50.0816 0x2a6c  svsvc - ok
13:41:50.0818 0x2a6c  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\Windows\System32\drivers\swenum.sys
13:41:50.0818 0x2a6c  swenum - ok
13:41:50.0827 0x2a6c  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\Windows\System32\swprv.dll
13:41:50.0834 0x2a6c  swprv - ok
13:41:50.0837 0x2a6c  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\Windows\System32\drivers\Synth3dVsc.sys
13:41:50.0838 0x2a6c  Synth3dVsc - ok
13:41:50.0854 0x2a6c  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\Windows\system32\sysmain.dll
13:41:50.0865 0x2a6c  SysMain - ok
13:41:50.0873 0x2a6c  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
13:41:50.0879 0x2a6c  SystemEventsBroker - ok
13:41:50.0883 0x2a6c  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:41:50.0887 0x2a6c  TabletInputService - ok
13:41:50.0894 0x2a6c  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\Windows\System32\tapisrv.dll
13:41:50.0898 0x2a6c  TapiSrv - ok
13:41:50.0936 0x2a6c  [ FE33B645A2E0F5AB0B42318355B85178, B24EAB2CF42A826176C54739DC387E3E71BE062F82BF0D84624C10119ED979D5 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
13:41:50.0962 0x2a6c  Tcpip - ok
13:41:51.0000 0x2a6c  [ FE33B645A2E0F5AB0B42318355B85178, B24EAB2CF42A826176C54739DC387E3E71BE062F82BF0D84624C10119ED979D5 ] Tcpip6          C:\Windows\system32\drivers\tcpip.sys
13:41:51.0026 0x2a6c  Tcpip6 - ok
13:41:51.0032 0x2a6c  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
13:41:51.0033 0x2a6c  tcpipreg - ok
13:41:51.0038 0x2a6c  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
13:41:51.0039 0x2a6c  tdx - ok
13:41:51.0042 0x2a6c  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
13:41:51.0043 0x2a6c  terminpt - ok
13:41:51.0058 0x2a6c  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\Windows\System32\termsrv.dll
13:41:51.0070 0x2a6c  TermService - ok
13:41:51.0074 0x2a6c  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\Windows\system32\themeservice.dll
13:41:51.0077 0x2a6c  Themes - ok
13:41:51.0082 0x2a6c  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\Windows\system32\TieringEngineService.exe
13:41:51.0087 0x2a6c  TieringEngineService - ok
13:41:51.0098 0x2a6c  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\Windows\system32\tileobjserver.dll
13:41:51.0106 0x2a6c  tiledatamodelsvc - ok
13:41:51.0111 0x2a6c  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\Windows\System32\TimeBrokerServer.dll
13:41:51.0115 0x2a6c  TimeBrokerSvc - ok
13:41:51.0120 0x2a6c  [ 3D04046C468AD2868A093925B5E2AA0A, 44696259BEF49AC200DEE146DE0E4375B0CD09F9356CCFA22BD7AD8B53E48658 ] TPM             C:\Windows\System32\drivers\tpm.sys
13:41:51.0122 0x2a6c  TPM - ok
13:41:51.0126 0x2a6c  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\Windows\System32\trkwks.dll
13:41:51.0129 0x2a6c  TrkWks - ok
13:41:51.0133 0x2a6c  [ AF343840E793BE63A9C646760BE8F2CD, 483FE55873A01DB7ACEC99B6823DAACC9EA7C67D36C6F12698113B31A7D5B8BE ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:41:51.0134 0x2a6c  TrustedInstaller - ok
13:41:51.0139 0x2a6c  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\Windows\system32\drivers\TsUsbFlt.sys
13:41:51.0140 0x2a6c  tsusbflt - ok
13:41:51.0143 0x2a6c  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
13:41:51.0144 0x2a6c  TsUsbGD - ok
13:41:51.0147 0x2a6c  [ 5A91FDBA4D3FCB56DAEB8C091B3EB8E1, 8AB91F4423125267FA8509A1C3A9AD1CBD642FA6A96D8789F9AB8CB75ABAD58C ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
13:41:51.0149 0x2a6c  tsusbhub - ok
13:41:51.0153 0x2a6c  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\Windows\System32\drivers\tunnel.sys
13:41:51.0155 0x2a6c  tunnel - ok
13:41:51.0159 0x2a6c  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\Windows\system32\tzautoupdate.dll
13:41:51.0161 0x2a6c  tzautoupdate - ok
13:41:51.0164 0x2a6c  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
13:41:51.0165 0x2a6c  UASPStor - ok
13:41:51.0169 0x2a6c  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\Windows\system32\Drivers\UcmCx.sys
13:41:51.0170 0x2a6c  UcmCx0101 - ok
13:41:51.0173 0x2a6c  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\Windows\system32\Drivers\UcmTcpciCx.sys
13:41:51.0174 0x2a6c  UcmTcpciCx0101 - ok
13:41:51.0177 0x2a6c  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\Windows\System32\drivers\UcmUcsi.sys
13:41:51.0178 0x2a6c  UcmUcsi - ok
13:41:51.0184 0x2a6c  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\Windows\system32\drivers\ucx01000.sys
13:41:51.0186 0x2a6c  Ucx01000 - ok
13:41:51.0189 0x2a6c  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\Windows\system32\drivers\udecx.sys
13:41:51.0190 0x2a6c  UdeCx - ok
13:41:51.0196 0x2a6c  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
13:41:51.0200 0x2a6c  udfs - ok
13:41:51.0202 0x2a6c  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\Windows\System32\drivers\UEFI.sys
13:41:51.0203 0x2a6c  UEFI - ok
13:41:51.0205 0x2a6c  [ 166B17AE1DD24D8BA8CA474C7C31148F, D34E786277093278F58EFAC957279DC4ED43A190538C875B80F5B1E0A0C30381 ] UevAgentDriver  C:\Windows\system32\drivers\UevAgentDriver.sys
13:41:51.0206 0x2a6c  UevAgentDriver - ok
13:41:51.0226 0x2a6c  [ FCA4D901FB9934DAB82ED31C4EE89A11, 8EDF8DD71C13DE77AC83D1086670E9E90C69DE379F1CF768C8B9C789254C04AA ] UevAgentService C:\Windows\system32\AgentService.exe
13:41:51.0239 0x2a6c  UevAgentService - ok
13:41:51.0245 0x2a6c  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\Windows\system32\drivers\ufx01000.sys
13:41:51.0248 0x2a6c  Ufx01000 - ok
13:41:51.0252 0x2a6c  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\Windows\System32\drivers\UfxChipidea.sys
13:41:51.0253 0x2a6c  UfxChipidea - ok
13:41:51.0257 0x2a6c  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\Windows\System32\drivers\ufxsynopsys.sys
13:41:51.0259 0x2a6c  ufxsynopsys - ok
13:41:51.0263 0x2a6c  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
13:41:51.0266 0x2a6c  UI0Detect - ok
13:41:51.0268 0x2a6c  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\Windows\System32\drivers\umbus.sys
13:41:51.0269 0x2a6c  umbus - ok
13:41:51.0271 0x2a6c  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\Windows\System32\drivers\umpass.sys
13:41:51.0271 0x2a6c  UmPass - ok
13:41:51.0277 0x2a6c  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\Windows\System32\umrdp.dll
13:41:51.0282 0x2a6c  UmRdpService - ok
13:41:51.0302 0x2a6c  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\Windows\System32\unistore.dll
13:41:51.0316 0x2a6c  UnistoreSvc - ok
13:41:51.0327 0x2a6c  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\Windows\System32\upnphost.dll
13:41:51.0333 0x2a6c  upnphost - ok
13:41:51.0336 0x2a6c  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\Windows\System32\drivers\urschipidea.sys
13:41:51.0337 0x2a6c  UrsChipidea - ok
13:41:51.0340 0x2a6c  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\Windows\system32\drivers\urscx01000.sys
13:41:51.0341 0x2a6c  UrsCx01000 - ok
13:41:51.0343 0x2a6c  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\Windows\System32\drivers\urssynopsys.sys
13:41:51.0344 0x2a6c  UrsSynopsys - ok
13:41:51.0348 0x2a6c  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
13:41:51.0350 0x2a6c  usbccgp - ok
13:41:51.0353 0x2a6c  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\Windows\System32\drivers\usbcir.sys
13:41:51.0355 0x2a6c  usbcir - ok
13:41:51.0358 0x2a6c  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
13:41:51.0359 0x2a6c  usbehci - ok
13:41:51.0368 0x2a6c  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
13:41:51.0374 0x2a6c  usbhub - ok
13:41:51.0384 0x2a6c  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
13:41:51.0390 0x2a6c  USBHUB3 - ok
13:41:51.0392 0x2a6c  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\Windows\System32\drivers\usbohci.sys
13:41:51.0393 0x2a6c  usbohci - ok
13:41:51.0396 0x2a6c  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
13:41:51.0396 0x2a6c  usbprint - ok
13:41:51.0400 0x2a6c  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\Windows\System32\drivers\usbser.sys
13:41:51.0401 0x2a6c  usbser - ok
13:41:51.0404 0x2a6c  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
13:41:51.0406 0x2a6c  USBSTOR - ok
13:41:51.0408 0x2a6c  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
13:41:51.0409 0x2a6c  usbuhci - ok
13:41:51.0416 0x2a6c  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
13:41:51.0420 0x2a6c  USBXHCI - ok
13:41:51.0445 0x2a6c  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\Windows\System32\userdataservice.dll
13:41:51.0462 0x2a6c  UserDataSvc - ok
13:41:51.0481 0x2a6c  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\Windows\System32\usermgr.dll
13:41:51.0493 0x2a6c  UserManager - ok
13:41:51.0504 0x2a6c  [ 0F3C4209200F3DAD2015DA3044FA8DC3, 84DC9CB21ECD79C3BFDBBDF66173F4E2D7E6CB118E0EEA4516A6661636D4CE8F ] UsoSvc          C:\Windows\system32\usocore.dll
13:41:51.0512 0x2a6c  UsoSvc - ok
13:41:51.0515 0x2a6c  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\Windows\system32\lsass.exe
13:41:51.0516 0x2a6c  VaultSvc - ok
13:41:51.0520 0x2a6c  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
13:41:51.0521 0x2a6c  vdrvroot - ok
13:41:51.0532 0x2a6c  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\Windows\System32\vds.exe
13:41:51.0540 0x2a6c  vds - ok
13:41:51.0546 0x2a6c  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
13:41:51.0548 0x2a6c  VerifierExt - ok
13:41:51.0560 0x2a6c  [ C12B4859FC255AA6B3021CF8BB14A11F, E95922351825D23ABCADD173E9256FC9AFFF28555DD1971CFF5666A2055958C5 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
13:41:51.0568 0x2a6c  vhdmp - ok
13:41:51.0571 0x2a6c  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\Windows\System32\drivers\vhf.sys
13:41:51.0572 0x2a6c  vhf - ok
13:41:51.0575 0x2a6c  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\Windows\system32\drivers\vmbus.sys
13:41:51.0577 0x2a6c  vmbus - ok
13:41:51.0579 0x2a6c  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
13:41:51.0580 0x2a6c  VMBusHID - ok
13:41:51.0582 0x2a6c  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\Windows\System32\drivers\vmgid.sys
13:41:51.0583 0x2a6c  vmgid - ok
13:41:51.0590 0x2a6c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\Windows\System32\icsvc.dll
13:41:51.0593 0x2a6c  vmicguestinterface - ok
13:41:51.0600 0x2a6c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\Windows\System32\icsvc.dll
13:41:51.0604 0x2a6c  vmicheartbeat - ok
13:41:51.0610 0x2a6c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\Windows\System32\icsvc.dll
13:41:51.0614 0x2a6c  vmickvpexchange - ok
13:41:51.0621 0x2a6c  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\Windows\System32\icsvcext.dll
13:41:51.0626 0x2a6c  vmicrdv - ok
13:41:51.0632 0x2a6c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\Windows\System32\icsvc.dll
13:41:51.0636 0x2a6c  vmicshutdown - ok
13:41:51.0642 0x2a6c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\Windows\System32\icsvc.dll
13:41:51.0646 0x2a6c  vmictimesync - ok
13:41:51.0652 0x2a6c  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\Windows\System32\icsvc.dll
13:41:51.0656 0x2a6c  vmicvmsession - ok
13:41:51.0663 0x2a6c  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\Windows\System32\icsvcext.dll
13:41:51.0668 0x2a6c  vmicvss - ok
13:41:51.0671 0x2a6c  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
13:41:51.0672 0x2a6c  volmgr - ok
13:41:51.0679 0x2a6c  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
13:41:51.0683 0x2a6c  volmgrx - ok
13:41:51.0692 0x2a6c  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
13:41:51.0696 0x2a6c  volsnap - ok
13:41:51.0699 0x2a6c  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\Windows\system32\drivers\volume.sys
13:41:51.0700 0x2a6c  volume - ok
13:41:51.0702 0x2a6c  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\Windows\System32\drivers\vpci.sys
13:41:51.0704 0x2a6c  vpci - ok
13:41:51.0707 0x2a6c  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
13:41:51.0709 0x2a6c  vsmraid - ok
13:41:51.0732 0x2a6c  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\Windows\system32\vssvc.exe
13:41:51.0749 0x2a6c  VSS - ok
13:41:51.0756 0x2a6c  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
13:41:51.0760 0x2a6c  VSTXRAID - ok
13:41:51.0762 0x2a6c  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
13:41:51.0763 0x2a6c  vwifibus - ok
13:41:51.0766 0x2a6c  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\Windows\system32\drivers\vwififlt.sys
13:41:51.0767 0x2a6c  vwififlt - ok
13:41:51.0777 0x2a6c  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\Windows\system32\w32time.dll
13:41:51.0784 0x2a6c  W32Time - ok
13:41:51.0787 0x2a6c  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
13:41:51.0788 0x2a6c  WacomPen - ok
13:41:51.0796 0x2a6c  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\Windows\system32\WalletService.dll
13:41:51.0802 0x2a6c  WalletService - ok
13:41:51.0806 0x2a6c  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
13:41:51.0807 0x2a6c  wanarp - ok
13:41:51.0810 0x2a6c  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
13:41:51.0811 0x2a6c  wanarpv6 - ok
13:41:51.0835 0x2a6c  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\Windows\system32\wbengine.exe
13:41:51.0853 0x2a6c  wbengine - ok
13:41:51.0868 0x2a6c  [ 7C4FAE7A8D55C897E5AE681B245A005F, 7E1E6299579BF02E89C5B828A1C19A43FF4E1F43D46D058F8DC0A8E6421C86A7 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
13:41:51.0879 0x2a6c  WbioSrvc - ok
13:41:51.0883 0x2a6c  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\Windows\system32\drivers\wcifs.sys
13:41:51.0885 0x2a6c  wcifs - ok
13:41:51.0898 0x2a6c  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
13:41:51.0907 0x2a6c  Wcmsvc - ok
13:41:51.0917 0x2a6c  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\Windows\System32\wcncsvc.dll
13:41:51.0923 0x2a6c  wcncsvc - ok
13:41:51.0927 0x2a6c  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\Windows\system32\drivers\wcnfs.sys
13:41:51.0928 0x2a6c  wcnfs - ok
13:41:51.0931 0x2a6c  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
13:41:51.0932 0x2a6c  WdBoot - ok
13:41:51.0946 0x2a6c  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
13:41:51.0955 0x2a6c  Wdf01000 - ok
13:41:51.0962 0x2a6c  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
13:41:51.0965 0x2a6c  WdFilter - ok
13:41:51.0969 0x2a6c  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\Windows\system32\wdi.dll
13:41:51.0972 0x2a6c  WdiServiceHost - ok
13:41:51.0975 0x2a6c  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\Windows\system32\wdi.dll
13:41:51.0978 0x2a6c  WdiSystemHost - ok
13:41:51.0990 0x2a6c  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\Windows\system32\DRIVERS\wdiwifi.sys
13:41:51.0998 0x2a6c  wdiwifi - ok
13:41:52.0002 0x2a6c  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\Windows\system32\Drivers\WdNisDrv.sys
13:41:52.0004 0x2a6c  WdNisDrv - ok
13:41:52.0006 0x2a6c  WdNisSvc - ok
13:41:52.0012 0x2a6c  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\Windows\System32\webclnt.dll
13:41:52.0017 0x2a6c  WebClient - ok
13:41:52.0022 0x2a6c  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\Windows\system32\wecsvc.dll
13:41:52.0026 0x2a6c  Wecsvc - ok
13:41:52.0029 0x2a6c  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\Windows\system32\wephostsvc.dll
13:41:52.0031 0x2a6c  WEPHOSTSVC - ok
13:41:52.0035 0x2a6c  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\Windows\System32\wercplsupport.dll
13:41:52.0038 0x2a6c  wercplsupport - ok
13:41:52.0043 0x2a6c  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\Windows\System32\WerSvc.dll
13:41:52.0046 0x2a6c  WerSvc - ok
13:41:52.0050 0x2a6c  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\Windows\system32\drivers\wfplwfs.sys
13:41:52.0053 0x2a6c  WFPLWFS - ok
13:41:52.0057 0x2a6c  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\Windows\System32\wiarpc.dll
13:41:52.0060 0x2a6c  WiaRpc - ok
13:41:52.0064 0x2a6c  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
13:41:52.0064 0x2a6c  WIMMount - ok
13:41:52.0066 0x2a6c  WinDefend - ok
13:41:52.0072 0x2a6c  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\Windows\system32\drivers\WindowsTrustedRT.sys
13:41:52.0074 0x2a6c  WindowsTrustedRT - ok
13:41:52.0076 0x2a6c  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
13:41:52.0077 0x2a6c  WindowsTrustedRTProxy - ok
13:41:52.0090 0x2a6c  [ C9E7D91A044B77CBCB4121C06610A86C, 9FF039D67A5CE4732920EA4F1F5CFD9DE0AAADC34829A007EA697030D42D3623 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
13:41:52.0103 0x2a6c  WinHttpAutoProxySvc - ok
13:41:52.0107 0x2a6c  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\Windows\System32\drivers\winmad.sys
13:41:52.0107 0x2a6c  WinMad - ok
13:41:52.0115 0x2a6c  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
13:41:52.0118 0x2a6c  Winmgmt - ok
13:41:52.0159 0x2a6c  [ 858D157886D47E085493325D347459B8, 1F6B87B667FED9CA8E184D967E60DE9D9644649EAA82D917B592551BABC3182C ] WinRM           C:\Windows\system32\WsmSvc.dll
13:41:52.0191 0x2a6c  WinRM - ok
13:41:52.0198 0x2a6c  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\Windows\System32\drivers\WinUSB.SYS
13:41:52.0200 0x2a6c  WINUSB - ok
13:41:52.0203 0x2a6c  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\Windows\System32\drivers\winverbs.sys
13:41:52.0204 0x2a6c  WinVerbs - ok
13:41:52.0215 0x2a6c  [ 4D694EDF85F1BFC463B15846D4E00A9B, 4ED44C0E22D2843121E4C8A58F97B526BB7D85C0D7A0BB4B1158A970258C791E ] wisvc           C:\Windows\system32\flightsettings.dll
13:41:52.0222 0x2a6c  wisvc - ok
13:41:52.0259 0x2a6c  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\Windows\System32\wlansvc.dll
13:41:52.0286 0x2a6c  WlanSvc - ok
13:41:52.0319 0x2a6c  [ 7A98AF088E0B1A5EB98863B14F493716, 8B2F8D02AC0637C72859AF29C05C01D7D1C81C6A15CBE2D579F27F3254E66076 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
13:41:52.0343 0x2a6c  wlidsvc - ok
13:41:52.0350 0x2a6c  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
13:41:52.0352 0x2a6c  WmiAcpi - ok
13:41:52.0365 0x2a6c  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
13:41:52.0371 0x2a6c  wmiApSrv - ok
13:41:52.0375 0x2a6c  WMPNetworkSvc - ok
13:41:52.0382 0x2a6c  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\Windows\system32\drivers\Wof.sys
13:41:52.0385 0x2a6c  Wof - ok
13:41:52.0421 0x2a6c  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\Windows\system32\workfolderssvc.dll
13:41:52.0444 0x2a6c  workfolderssvc - ok
13:41:52.0449 0x2a6c  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
13:41:52.0453 0x2a6c  WPDBusEnum - ok
13:41:52.0455 0x2a6c  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
13:41:52.0456 0x2a6c  WpdUpFltr - ok
13:41:52.0461 0x2a6c  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\Windows\system32\WpnService.dll
13:41:52.0466 0x2a6c  WpnService - ok
13:41:52.0469 0x2a6c  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\Windows\System32\WpnUserService.dll
13:41:52.0472 0x2a6c  WpnUserService - ok
13:41:52.0476 0x2a6c  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
13:41:52.0477 0x2a6c  ws2ifsl - ok
13:41:52.0482 0x2a6c  [ 519806FBCF00A0B17B8E03297DB0F551, 1911EA7168B06DBF3D36833120E4731437BF1ACC294C289B132C50280A40F548 ] wscsvc          C:\Windows\System32\wscsvc.dll
13:41:52.0486 0x2a6c  wscsvc - ok
13:41:52.0488 0x2a6c  WSearch - ok
13:41:52.0525 0x2a6c  [ 92E3A595ECA98F09B72A1E68ACB4651A, 161CAC79B0D908F0C0B219B07FEEF2280C31860A8661426EB2095ABCEB56CF13 ] wuauserv        C:\Windows\system32\wuaueng.dll
13:41:52.0551 0x2a6c  wuauserv - ok
13:41:52.0556 0x2a6c  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
13:41:52.0558 0x2a6c  WudfPf - ok
13:41:52.0564 0x2a6c  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\Windows\system32\drivers\WudfRd.sys
13:41:52.0566 0x2a6c  WUDFRd - ok
13:41:52.0571 0x2a6c  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
13:41:52.0574 0x2a6c  wudfsvc - ok
13:41:52.0579 0x2a6c  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:52.0581 0x2a6c  WUDFWpdFs - ok
13:41:52.0586 0x2a6c  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
13:41:52.0589 0x2a6c  WUDFWpdMtp - ok
13:41:52.0609 0x2a6c  [ D4F2FFCF5D199152DD01026D3AA38138, 4F90FE9BFC6CC2ABB2A163A36A000458A96AB64071861582F17B74C95CAEFB32 ] WwanSvc         C:\Windows\System32\wwansvc.dll
13:41:52.0624 0x2a6c  WwanSvc - ok
13:41:52.0642 0x2a6c  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\Windows\System32\XblAuthManager.dll
13:41:52.0654 0x2a6c  XblAuthManager - ok
13:41:52.0674 0x2a6c  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\Windows\System32\XblGameSave.dll
13:41:52.0688 0x2a6c  XblGameSave - ok
13:41:52.0695 0x2a6c  [ 59335CEA021FB89E07AD5DB5D17F09D0, 33FEFD5798BFA306FBEDCC8F2D0D984B6546A61B5026E921A8AC0466ADF2B698 ] xboxgip         C:\Windows\System32\drivers\xboxgip.sys
13:41:52.0698 0x2a6c  xboxgip - ok
13:41:52.0715 0x2a6c  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\Windows\system32\XboxNetApiSvc.dll
13:41:52.0728 0x2a6c  XboxNetApiSvc - ok
13:41:52.0732 0x2a6c  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\Windows\System32\drivers\xinputhid.sys
13:41:52.0732 0x2a6c  xinputhid - ok
13:41:52.0734 0x2a6c  ================ Scan global ===============================
13:41:52.0737 0x2a6c  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\Windows\system32\basesrv.dll
13:41:52.0742 0x2a6c  [ 90D408D3F440591978DB7E81C1129EA5, 095248FC0792525FC0F4B370490946A76A089DEF17BD9112FFAD6C3569F9FD7B ] C:\Windows\system32\winsrv.dll
13:41:52.0748 0x2a6c  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\Windows\system32\sxssrv.dll
13:41:52.0757 0x2a6c  [ 133390D061D94917125DC666DA67ECD0, 69D6FFF3E0A0C4D77A62B4D71E1E3A8D10D93C46782A1B05F0EC4B8919C384B9 ] C:\Windows\system32\services.exe
13:41:52.0765 0x2a6c  [ Global ] - ok
13:41:52.0765 0x2a6c  ================ Scan MBR ==================================
13:41:52.0766 0x2a6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
13:41:52.0813 0x2a6c  \Device\Harddisk2\DR2 - ok
13:41:52.0814 0x2a6c  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:41:52.0818 0x2a6c  \Device\Harddisk0\DR0 - ok
13:41:52.0820 0x2a6c  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:41:52.0836 0x2a6c  \Device\Harddisk1\DR1 - ok
13:41:52.0836 0x2a6c  ================ Scan VBR ==================================
13:41:52.0838 0x2a6c  [ 1FAE2A9CEADA259BF70F14BF196987E1 ] \Device\Harddisk2\DR2\Partition1
13:41:52.0838 0x2a6c  \Device\Harddisk2\DR2\Partition1 - ok
13:41:52.0839 0x2a6c  [ 7050567889A655F04161134B3C5A0F12 ] \Device\Harddisk2\DR2\Partition2
13:41:52.0840 0x2a6c  \Device\Harddisk2\DR2\Partition2 - ok
13:41:52.0842 0x2a6c  [ 382C5304E0CD9BEEA648EE7C1A205BAD ] \Device\Harddisk0\DR0\Partition1
13:41:52.0842 0x2a6c  \Device\Harddisk0\DR0\Partition1 - ok
13:41:52.0844 0x2a6c  [ C640931B0524561C3E67C48188505F10 ] \Device\Harddisk1\DR1\Partition1
13:41:52.0845 0x2a6c  \Device\Harddisk1\DR1\Partition1 - ok
13:41:52.0846 0x2a6c  ================ Scan generic autorun ======================
13:41:52.0971 0x2a6c  [ F3C19FDBD73584B40C676087418AA36D, D081DD4F09B62B8163413DE4FF03A6578382BEECF0861FFCF7378FC7FA6A3D87 ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
13:41:53.0082 0x2a6c  RTHDVCPL - ok
13:41:53.0096 0x2a6c  [ 93787FF75E6323CF1D5467CA119CF76D, 9CBD2B9BF44FCE78AA87FD7A26A65AEE9DD04C43991142528F57FF9A0E2FC4A4 ] C:\Program Files\Greenshot\Greenshot.exe
13:41:53.0103 0x2a6c  Greenshot - ok
13:41:53.0107 0x2a6c  [ 9C3F26DCA9142F16ED3D7EE8AB4E417D, 867AD96CB5738266E5BC93E424EA1673881C5F5FBF19C7B699F800C7206CA929 ] C:\Program Files\iTunes\iTunesHelper.exe
13:41:53.0109 0x2a6c  iTunesHelper - ok
13:41:53.0237 0x2a6c  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:41:53.0326 0x2a6c  OneDriveSetup - ok
13:41:53.0454 0x2a6c  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:41:53.0543 0x2a6c  OneDriveSetup - ok
13:41:53.0672 0x2a6c  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
13:41:53.0761 0x2a6c  OneDriveSetup - ok
13:41:53.0777 0x2a6c  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\OneDrive.exe
13:41:53.0786 0x2a6c  OneDrive - ok
13:41:53.0828 0x2a6c  [ D2CE6EA0E9F641D7153462D40C6B4193, 3AAE5239F951E29497D759326BDC23E19644B763DC5661CA4E4980418195C37D ] C:\Program Files (x86)\Steam\steam.exe
13:41:53.0864 0x2a6c  Steam - ok
13:41:53.0883 0x2a6c  [ 387BD2B4C3F3D954AE904CBE055AE78A, 5481CC195910F12BE66B9A0A0F20DD9576D61237EDF95B050411F68D3C8D7038 ] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
13:41:53.0895 0x2a6c  GoogleChromeAutoLaunch_F1648171926DB8193907B4CD14FDE951 - ok
13:41:53.0898 0x2a6c  Discord - ok
13:41:53.0900 0x2a6c  [ D890927B450596169A284277A345A56D, 7BC08F0DAAA04AEBD2B6719374C55B4A3A0306C34E380A093428EBE19651EB0C ] C:\Users\Gregor\Maintrance\hostex.exe
13:41:53.0901 0x2a6c  Start - ok
13:41:53.0901 0x2a6c  Waiting for KSN requests completion. In queue: 235
13:41:54.0918 0x2a6c  AV detected via SS2: Avira Antivirus, C:\Program Files (x86)\Avira\Antivirus\wsctool.exe ( 15.0.23.58 ), 0x41000 ( enabled : updated )
13:41:54.0918 0x2a6c  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
13:41:54.0924 0x2a6c  Win FW state via NFP2: enabled ( trusted )
13:41:55.0133 0x2a6c  ============================================================
13:41:55.0133 0x2a6c  Scan finished
13:41:55.0133 0x2a6c  ============================================================
13:41:55.0143 0x2b10  Detected object count: 0
13:41:55.0143 0x2b10  Actual detected object count: 0
         

Alt 27.10.2016, 14:00   #5
M-K-D-B
/// TB-Ausbilder
 
RAT Trojaner? - Standard

RAT Trojaner?



FRST.txt fehlt noch, du hast zweimal MBAM.txt gepostet.


Alt 27.10.2016, 14:03   #6
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



Unabsichtlich das falsche Log im Eingangspost kopiert -.-
Teil 1
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Gregor (administrator) on DESKTOP-5EGOQLI (27-10-2016 13:43:13)
Running from C:\Users\Gregor\Desktop
Loaded Profiles: Gregor &  (Available Profiles: defaultuser0 & Gregor)
Platform: Windows 10 Education Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe
(NetSupport Ltd) C:\Users\Gregor\Maintrance\hostex.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Hammer & Chisel, Inc.) C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeApp.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AgileBits) C:\Program Files (x86)\1Password 4\1Password.exe
(AO Kaspersky Lab) C:\Users\Gregor\Desktop\tdsskiller.exe
(AO Kaspersky Lab) C:\Users\Gregor\AppData\Local\Temp\{72731905-0B44-4C72-A01D-C0D1E3FD8094}\{36F36E95-6B27-44EC-8F61-5E6471F19CBC}.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-10-13] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4914832 2016-10-06] (AgileBits)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira System Speedup User Starter] => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [18544 2016-10-18] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [GoogleChromeAutoLaunch_F1648171926DB8193907B4CD14FDE951] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1083496 2016-10-20] (Google Inc.)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Discord] => C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Start] => C:\Users\Gregor\Maintrance\hostex.exe [30128 2008-10-14] (NetSupport Ltd)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_F1648171926DB8193907B4CD14FDE951] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1083496 2016-10-20] (Google Inc.)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Discord] => C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Start] => C:\Users\Gregor\Maintrance\hostex.exe [30128 2008-10-14] (NetSupport Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d5b15e93-f17a-4b7e-b71c-ee5d44cbcc93}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-10-06] (AgileBits)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-10-06] (AgileBits)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9nid1ej2.default
FF ProfilePath: C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\9nid1ej2.default [2016-10-26]
FF Extension: (No Name) - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\9nid1ej2.default\Extensions\abs@avira.com [2016-10-27]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-17] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Profile: C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default [2016-10-27]
CHR Extension: (Google Slides) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-17]
CHR Extension: (myPlex Queue Extension) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2016-08-17]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-08-17]
CHR Extension: (Chrome Currency Converter) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk [2016-08-17]
CHR Extension: (Google Docs) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-17]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-09-30]
CHR Extension: (Google Drive) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-08-17]
CHR Extension: (YouTube) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-17]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-08-17]
CHR Extension: (uBlock Origin) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Gmelius for Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2016-08-17]
CHR Extension: (Dropbox for Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-08-17]
CHR Extension: (ICE Quick Stream) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2016-08-17]
CHR Extension: (Gmail Offline) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-08-17]
CHR Extension: (Google Calendar) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-17]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2016-08-17]
CHR Extension: (Full Page Screen Capture) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-22]
CHR Extension: (Google Sheets) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-17]
CHR Extension: (Readium) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (Reddit Desktop Notification) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpemkpenakemaoanknnapfobdjnahamb [2016-08-17]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-08-17]
CHR Extension: (SuperSorter) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2016-08-17]
CHR Extension: (Marvel Comics) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2016-08-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-08-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (Audio EQ) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2016-10-10]
CHR Extension: (Ghostery) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-22]
CHR Extension: (Cenafy) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndchmakhfaakbkhnkdgambadneloplnn [2016-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-17]
CHR Extension: (uMatrix) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-09-22]
CHR Extension: (Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [337664 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [262632 2016-10-26] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-17] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-09-26] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R2 SpeedupService; C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe [26632 2016-10-18] (Avira Operations GmbH & Co. KG)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [151352 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [153392 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [35488 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [78208 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [23640 2016-10-17] (Avira Operations GmbH & Co. KG)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_49b226e6441043f1\nvlddmkm.sys [14145592 2016-10-23] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-09-01] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48152 2016-09-01] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 13:41 - 2016-10-27 13:41 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Gregor\Desktop\tdsskiller.exe
2016-10-27 13:41 - 2016-10-27 13:41 - 00264490 _____ C:\TDSSKiller.3.1.0.11_27.10.2016_13.41.38_log.txt
2016-10-27 13:41 - 2016-10-27 13:41 - 00250064 ____N (Kaspersky Lab, Yury Parshin) C:\Windows\system32\Drivers\60335284.sys
2016-10-27 13:36 - 2016-10-27 13:36 - 00001039 _____ C:\Users\Gregor\Desktop\AMB.txt
2016-10-27 13:28 - 2016-10-27 13:43 - 00027635 _____ C:\Users\Gregor\Desktop\FRST.txt
2016-10-27 13:28 - 2016-10-27 13:43 - 00000000 ____D C:\FRST
2016-10-27 13:27 - 2016-10-27 13:27 - 02407936 _____ (Farbar) C:\Users\Gregor\Desktop\FRST64.exe
2016-10-27 13:15 - 2016-10-27 13:15 - 00000000 ____D C:\Users\Gregor\AppData\Local\Avira
2016-10-27 12:20 - 2016-10-27 12:20 - 00000000 ____D C:\Users\Gregor\AppData\Roaming\Avira
2016-10-27 12:15 - 2016-10-27 13:15 - 01368548 _____ C:\Windows\SysWOW64\winapp2_disk.csv
2016-10-27 12:15 - 2016-10-27 12:15 - 00003450 _____ C:\Windows\System32\Tasks\Avira System Speedup Tray
2016-10-27 12:15 - 2016-10-27 12:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-10-27 12:15 - 2016-10-27 12:15 - 00000000 ____D C:\Users\Public\Speedup Sessions
2016-10-27 12:15 - 2016-10-17 12:18 - 00023640 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-10-27 12:14 - 2016-10-17 12:18 - 00153392 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-10-27 12:14 - 2016-10-17 12:18 - 00151352 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-10-27 12:14 - 2016-10-17 12:18 - 00078208 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-10-27 12:14 - 2016-10-17 12:18 - 00035488 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-10-27 12:13 - 2016-10-27 12:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-10-27 12:13 - 2016-10-27 12:15 - 00000000 ____D C:\ProgramData\Avira
2016-10-27 12:13 - 2016-10-27 12:15 - 00000000 ____D C:\Program Files (x86)\Avira
2016-10-27 12:13 - 2016-10-27 12:13 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Gregor\Downloads\avira_en_fass0_5811e13439c41__ws.exe
2016-10-27 12:11 - 2016-10-27 12:11 - 00000000 ___HD C:\OneDriveTemp
2016-10-26 11:42 - 2016-10-22 06:22 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-26 11:42 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-10-26 11:42 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-10-26 11:42 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-10-26 11:42 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-10-26 11:41 - 2016-10-26 11:42 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-10-26 11:41 - 2016-10-26 11:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-26 11:40 - 2016-10-22 09:41 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 35224120 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 34707392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 10910184 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 10782256 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 10332336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 09119792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 08912488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 08723456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 02941496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 02574272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437563.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437563.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 01038392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00974784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00894400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00802768 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00644112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00394704 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00384448 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00348728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00327408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-10-26 11:40 - 2016-10-22 08:25 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-10-26 11:36 - 2016-10-26 11:36 - 00000000 ____D C:\Users\Gregor\AppData\Roaming\NVIDIA
2016-10-18 20:32 - 2016-10-18 20:32 - 00000000 ____D C:\Users\Gregor\AppData\LocalLow\Temp
2016-10-18 17:04 - 2016-10-18 17:04 - 02198884 _____ C:\Users\Gregor\Downloads\1.pdf
2016-10-14 11:16 - 2016-09-17 01:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2016-10-14 11:15 - 2016-10-22 06:33 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-14 11:15 - 2016-10-14 11:15 - 00004004 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003976 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003914 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003752 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003710 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-09-30 05:25 - 01844280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01445944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-14 11:14 - 2016-10-15 17:57 - 00000000 ____D C:\Users\Gregor\Maintrance
2016-10-14 11:14 - 2016-10-14 11:14 - 00000516 _____ C:\Users\Gregor\another2.cmd
2016-10-14 11:14 - 2016-10-14 11:14 - 00000351 _____ C:\Users\Gregor\another.cmd
2016-10-14 11:14 - 2016-09-30 05:25 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-14 11:14 - 2016-09-30 05:25 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-13 20:53 - 2016-10-13 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-12 18:03 - 2016-10-12 18:03 - 00313808 _____ C:\Users\Gregor\Downloads\p45part1.pdf
2016-10-12 13:57 - 2016-10-05 11:17 - 01322848 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2016-10-12 13:57 - 2016-10-05 11:13 - 02750384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 13:57 - 2016-10-05 11:12 - 02446696 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-10-12 13:57 - 2016-10-05 11:09 - 22219328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-12 13:57 - 2016-10-05 11:09 - 00064352 _____ (Avago Technologies) C:\Windows\system32\Drivers\MegaSas2i.sys
2016-10-12 13:57 - 2016-10-05 10:50 - 02256592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 13:57 - 2016-10-05 10:44 - 22568960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-10-12 13:57 - 2016-10-05 10:41 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-10-12 13:57 - 2016-10-05 10:38 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Diagnostics.dll
2016-10-12 13:57 - 2016-10-05 10:36 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 13:57 - 2016-10-05 10:35 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
2016-10-12 13:57 - 2016-10-05 10:35 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 13:57 - 2016-10-05 10:33 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-10-12 13:57 - 2016-10-05 10:33 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\credprovs.dll
2016-10-12 13:57 - 2016-10-05 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-10-12 13:57 - 2016-10-05 10:31 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
2016-10-12 13:57 - 2016-10-05 10:31 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-10-12 13:57 - 2016-10-05 10:30 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2016-10-12 13:57 - 2016-10-05 10:29 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-10-12 13:57 - 2016-10-05 10:28 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 23680512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovs.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 01589248 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2016-10-12 13:57 - 2016-10-05 10:24 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 13:57 - 2016-10-05 10:24 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2016-10-12 13:57 - 2016-10-05 10:22 - 13081088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 13:57 - 2016-10-05 10:21 - 03689984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-12 13:57 - 2016-10-05 10:21 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-10-12 13:57 - 2016-10-05 10:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 13:57 - 2016-10-05 10:19 - 02390016 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2016-10-12 13:57 - 2016-10-05 10:19 - 02265088 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-10-12 13:57 - 2016-10-05 10:19 - 01690112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2016-10-12 13:57 - 2016-10-05 10:19 - 00982528 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 13:57 - 2016-10-05 10:18 - 00983040 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-10-12 13:57 - 2016-10-05 10:18 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 13:57 - 2016-10-05 10:17 - 08126464 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-10-12 13:57 - 2016-10-05 10:17 - 02914304 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-10-12 13:57 - 2016-10-05 10:16 - 19418624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-10-12 13:57 - 2016-10-05 10:16 - 04747776 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 13:57 - 2016-10-05 10:15 - 07625728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-12 13:57 - 2016-10-05 10:15 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2016-10-12 13:57 - 2016-10-05 10:15 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-10-12 13:57 - 2016-10-05 10:15 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 19416576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 02667520 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 02476544 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 01778176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 13:57 - 2016-10-05 10:13 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-12 13:57 - 2016-10-05 10:12 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-10-12 13:57 - 2016-10-05 10:11 - 12174848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 13:57 - 2016-10-05 10:11 - 06108672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-10-12 13:57 - 2016-10-05 10:11 - 06043136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-10-12 13:57 - 2016-10-05 10:10 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2016-10-12 13:57 - 2016-10-05 10:09 - 00884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 13:57 - 2016-10-05 10:09 - 00691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 13:57 - 2016-10-05 10:08 - 00873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2016-10-12 13:57 - 2016-10-05 10:07 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 13:57 - 2016-10-05 10:07 - 02682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2016-10-12 13:57 - 2016-10-05 10:07 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2016-10-12 13:57 - 2016-10-05 10:06 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 13:56 - 2016-10-05 11:35 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-10-12 13:56 - 2016-10-05 11:34 - 01051104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 13:56 - 2016-10-05 11:34 - 00894088 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-12 13:56 - 2016-10-05 11:33 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-12 13:56 - 2016-10-05 11:31 - 02213248 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 13:56 - 2016-10-05 11:31 - 01353768 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 13:56 - 2016-10-05 11:31 - 01172472 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-12 13:56 - 2016-10-05 11:30 - 07812448 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 13:56 - 2016-10-05 11:22 - 01181536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-10-12 13:56 - 2016-10-05 11:16 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-10-12 13:56 - 2016-10-05 11:13 - 01859264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-10-12 13:56 - 2016-10-05 11:13 - 00146784 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2016-10-12 13:56 - 2016-10-05 11:12 - 01112928 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-10-12 13:56 - 2016-10-05 11:12 - 00619368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-12 13:56 - 2016-10-05 11:09 - 04129928 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-10-12 13:56 - 2016-10-05 11:09 - 01071728 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-10-12 13:56 - 2016-10-05 11:09 - 00244816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 13:56 - 2016-10-05 11:08 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2016-10-12 13:56 - 2016-10-05 11:04 - 02537824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-12 13:56 - 2016-10-05 11:04 - 00628032 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-10-12 13:56 - 2016-10-05 11:03 - 01705976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 13:56 - 2016-10-05 10:51 - 01430720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 13:56 - 2016-10-05 10:50 - 00116576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 13:56 - 2016-10-05 10:49 - 01980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-10-12 13:56 - 2016-10-05 10:48 - 01022304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-10-12 13:56 - 2016-10-05 10:46 - 03892352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-10-12 13:56 - 2016-10-05 10:46 - 01360456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-10-12 13:56 - 2016-10-05 10:46 - 00980824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-10-12 13:56 - 2016-10-05 10:45 - 20965240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-12 13:56 - 2016-10-05 10:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2016-10-12 13:56 - 2016-10-05 10:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00327680 _____ C:\Windows\system32\wc_storage.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-10-12 13:56 - 2016-10-05 10:34 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2016-10-12 13:56 - 2016-10-05 10:34 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 13:56 - 2016-10-05 10:33 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
2016-10-12 13:56 - 2016-10-05 10:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mfsensorgroup.dll
2016-10-12 13:56 - 2016-10-05 10:32 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-10-12 13:56 - 2016-10-05 10:32 - 00379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2016-10-12 13:56 - 2016-10-05 10:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.HostName.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 09129984 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 03059200 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2016-10-12 13:56 - 2016-10-05 10:28 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 13:56 - 2016-10-05 10:27 - 00945664 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2016-10-12 13:56 - 2016-10-05 10:27 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 13:56 - 2016-10-05 10:27 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 13:56 - 2016-10-05 10:26 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsensorgroup.dll
2016-10-12 13:56 - 2016-10-05 10:25 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-10-12 13:56 - 2016-10-05 10:24 - 13434368 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 13:56 - 2016-10-05 10:23 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-10-12 13:56 - 2016-10-05 10:23 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\dialclient.dll
2016-10-12 13:56 - 2016-10-05 10:22 - 07654912 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-10-12 13:56 - 2016-10-05 10:22 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-10-12 13:56 - 2016-10-05 10:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 08075264 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 00310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
2016-10-12 13:56 - 2016-10-05 10:20 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-10-12 13:56 - 2016-10-05 10:20 - 00804864 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2016-10-12 13:56 - 2016-10-05 10:20 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2016-10-12 13:56 - 2016-10-05 10:19 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 00911872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 00858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-10-12 13:56 - 2016-10-05 10:17 - 04136960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-10-12 13:56 - 2016-10-05 10:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 13:56 - 2016-10-05 10:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 13:56 - 2016-10-05 10:16 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2016-10-12 13:56 - 2016-10-05 10:16 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-10-12 13:56 - 2016-10-05 10:16 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2016-10-12 13:56 - 2016-10-05 10:16 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 03617792 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-10-12 13:56 - 2016-10-05 10:15 - 01980416 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 02688512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 01456640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 01013760 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 12345856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-10-12 13:56 - 2016-10-05 10:12 - 00998912 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-10-12 13:56 - 2016-10-05 10:12 - 00924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 13:56 - 2016-10-05 10:11 - 03496960 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 13:56 - 2016-10-05 10:11 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 07467520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 03369984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 00674304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-10-12 13:56 - 2016-10-05 10:08 - 02356736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 13:56 - 2016-10-05 10:08 - 00598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-10-12 13:56 - 2016-10-05 10:07 - 02646016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-10-12 13:56 - 2016-10-05 10:07 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 13:56 - 2016-10-05 10:07 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 02999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2016-10-12 13:56 - 2016-10-05 10:06 - 02254336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 01880576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-10-12 13:56 - 2016-10-05 10:05 - 03105792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-10-12 13:56 - 2016-10-05 10:05 - 00751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 13:56 - 2016-10-05 01:01 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-12 13:56 - 2016-09-07 06:34 - 00360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-10-11 14:13 - 2016-10-11 14:13 - 00000000 ____D C:\Users\Gregor\Documents\Apple
2016-10-11 14:08 - 2016-10-12 14:06 - 08407511 _____ C:\Users\Gregor\Downloads\Gregor_Beck_contract_and_documents_single_file.pdf
2016-10-11 14:05 - 2016-10-26 11:42 - 00000000 ____D C:\TEMP
2016-10-11 14:01 - 2016-10-11 14:01 - 08202009 _____ C:\Users\Gregor\Downloads\jpg2pdf (1).pdf
2016-10-11 14:01 - 2016-10-11 14:01 - 08202007 _____ C:\Users\Gregor\Downloads\jpg2pdf.pdf
2016-10-11 13:59 - 2016-10-11 13:59 - 00000000 ____D C:\Users\Gregor\Downloads\Gregor Beck
2016-10-11 13:58 - 2016-10-11 13:58 - 09286591 _____ C:\Users\Gregor\Downloads\Gregor Beck.zip
2016-10-10 19:30 - 2016-10-10 19:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-10 09:07 - 2016-10-10 09:07 - 00000000 ____D C:\Users\Gregor\AppData\Local\AgileBits
2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-10-06 19:38 - 2016-10-06 19:38 - 00059149 _____ C:\Users\Gregor\Downloads\5_Employee_Privacy_Notice.pdf
2016-10-06 19:27 - 2016-10-06 19:27 - 00047552 _____ C:\Users\Gregor\Downloads\4_Candidate_Paperwork_Checklist_.pdf
2016-10-06 19:24 - 2016-10-06 19:24 - 00091053 _____ C:\Users\Gregor\Downloads\6_Intellectual_Property.pdf
2016-10-06 19:15 - 2016-10-06 19:16 - 00034751 _____ C:\Users\Gregor\Downloads\3_PIN.pdf
2016-10-06 19:12 - 2016-10-06 19:12 - 00127638 _____ C:\Users\Gregor\Downloads\2_ESPP_Letter_.pdf
2016-10-06 19:10 - 2016-10-06 19:10 - 00080039 _____ C:\Users\Gregor\Downloads\1_Contract_Gregor_Beck_.pdf
2016-10-06 13:52 - 2016-10-06 13:52 - 04603583 _____ C:\Users\Gregor\Downloads\Sample New Hire Documents Standard (1).pdf
2016-10-06 13:51 - 2016-10-06 13:51 - 04603583 _____ C:\Users\Gregor\Downloads\Sample New Hire Documents Standard.pdf
2016-10-03 14:46 - 2016-10-13 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-30 12:23 - 2016-09-15 19:14 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-09-30 12:23 - 2016-09-15 18:40 - 00965472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2016-09-30 12:23 - 2016-09-15 18:35 - 00455040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2016-09-30 12:23 - 2016-09-15 18:33 - 00083120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-09-30 12:23 - 2016-09-15 18:30 - 00354264 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2016-09-30 12:23 - 2016-09-15 18:29 - 01377016 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2016-09-30 12:23 - 2016-09-15 18:29 - 01117024 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2016-09-30 12:23 - 2016-09-15 18:29 - 00603488 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-09-30 12:23 - 2016-09-15 18:29 - 00512416 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2016-09-30 12:23 - 2016-09-15 18:27 - 05622088 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-09-30 12:23 - 2016-09-15 18:27 - 00553312 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-09-30 12:23 - 2016-09-15 18:27 - 00434528 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2016-09-30 12:23 - 2016-09-15 18:23 - 00170960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-09-30 12:23 - 2016-09-15 18:22 - 00860512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-09-30 12:23 - 2016-09-15 18:21 - 01218912 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-09-30 12:23 - 2016-09-15 18:21 - 01000288 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-09-30 12:23 - 2016-09-15 18:20 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-09-30 12:23 - 2016-09-15 18:20 - 00634944 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-09-30 12:23 - 2016-09-15 18:18 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-30 12:23 - 2016-09-15 18:16 - 01292640 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-09-30 12:23 - 2016-09-15 18:16 - 00527808 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-09-30 12:23 - 2016-09-15 18:15 - 00218976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-09-30 12:23 - 2016-09-15 18:14 - 01267512 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-09-30 12:23 - 2016-09-15 18:14 - 00119648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2016-09-30 12:23 - 2016-09-15 18:13 - 01264912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-09-30 12:23 - 2016-09-15 18:13 - 00113504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-09-30 12:23 - 2016-09-15 18:12 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-30 12:23 - 2016-09-15 18:11 - 00773168 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-09-30 12:23 - 2016-09-15 18:10 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-09-30 12:23 - 2016-09-15 18:10 - 00918848 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 01469120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 00587968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2016-09-30 12:23 - 2016-09-15 18:06 - 00387872 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 00050880 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-09-30 12:23 - 2016-09-15 18:03 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-09-30 12:23 - 2016-09-15 18:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-09-30 12:23 - 2016-09-15 18:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2016-09-30 12:23 - 2016-09-15 18:02 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfksproxy.dll
2016-09-30 12:23 - 2016-09-15 18:01 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2016-09-30 12:23 - 2016-09-15 18:00 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BcastDVRHelper.dll
2016-09-30 12:23 - 2016-09-15 17:59 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovslegacy.dll
2016-09-30 12:23 - 2016-09-15 17:58 - 00491008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-09-30 12:23 - 2016-09-15 17:58 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlancfg.dll
2016-09-30 12:23 - 2016-09-15 17:57 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2016-09-30 12:23 - 2016-09-15 17:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-09-30 12:23 - 2016-09-15 17:56 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00265728 _____ C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManagerApi.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 01243136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2016-09-30 12:23 - 2016-09-15 17:55 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-09-30 12:23 - 2016-09-15 17:54 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2016-09-30 12:23 - 2016-09-15 17:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-09-30 12:23 - 2016-09-15 17:54 - 00431104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-30 12:23 - 2016-09-15 17:53 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2016-09-30 12:23 - 2016-09-15 17:53 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2016-09-30 12:23 - 2016-09-15 17:52 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-09-30 12:23 - 2016-09-15 17:51 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-30 12:23 - 2016-09-15 17:51 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2016-09-30 12:23 - 2016-09-15 17:50 - 07219200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-30 12:23 - 2016-09-15 17:50 - 01534464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-30 12:23 - 2016-09-15 17:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-30 12:23 - 2016-09-15 17:49 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-09-30 12:23 - 2016-09-15 17:47 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-09-30 12:23 - 2016-09-15 17:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
2016-09-30 12:23 - 2016-09-15 17:46 - 00713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2016-09-30 12:23 - 2016-09-15 17:46 - 00558080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2016-09-30 12:23 - 2016-09-15 17:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\ffbroker.dll
2016-09-30 12:23 - 2016-09-15 17:43 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2016-09-30 12:23 - 2016-09-15 17:43 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2016-09-30 12:23 - 2016-09-15 17:43 - 00130560 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-09-30 12:23 - 2016-09-15 17:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2016-09-30 12:23 - 2016-09-15 17:43 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2016-09-30 12:23 - 2016-09-15 17:42 - 00545792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2016-09-30 12:23 - 2016-09-15 17:42 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-09-30 12:23 - 2016-09-15 17:41 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-09-30 12:23 - 2016-09-15 17:41 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Printers.dll
2016-09-30 12:23 - 2016-09-15 17:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\NfcRadioMedia.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFi.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 02740224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00418304 _____ C:\Windows\system32\Windows.Perception.Stub.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-09-30 12:23 - 2016-09-15 17:39 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Radios.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-09-30 12:23 - 2016-09-15 17:38 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2016-09-30 12:23 - 2016-09-15 17:38 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\PrintWSDAHost.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-09-30 12:23 - 2016-09-15 17:36 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\credprovslegacy.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 01060352 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 01013248 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\icsvc.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 12:23 - 2016-09-15 17:34 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2016-09-30 12:23 - 2016-09-15 17:34 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-09-30 12:23 - 2016-09-15 17:34 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2016-09-30 12:23 - 2016-09-15 17:33 - 00896512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-09-30 12:23 - 2016-09-15 17:32 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2016-09-30 12:23 - 2016-09-15 17:32 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-09-30 12:23 - 2016-09-15 17:31 - 01912320 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2016-09-30 12:23 - 2016-09-15 17:31 - 01553408 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\CastLaunch.dll
2016-09-30 12:23 - 2016-09-15 17:29 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll
2016-09-30 12:23 - 2016-09-15 17:29 - 01082368 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-09-30 12:23 - 2016-09-15 17:29 - 00715264 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2016-09-30 12:23 - 2016-09-15 17:28 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\pwcreator.exe
2016-09-30 12:23 - 2016-09-15 17:28 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 05111296 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2016-09-30 12:23 - 2016-09-15 17:27 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\fvenotify.exe
2016-09-30 12:23 - 2016-09-15 17:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\Sens.dll
2016-09-30 12:23 - 2016-09-15 17:26 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2016-09-30 12:23 - 2016-09-15 17:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\PlayToReceiver.dll
2016-09-30 12:23 - 2016-09-15 17:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-09-30 12:23 - 2016-09-15 17:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\bdeui.dll
2016-09-30 12:23 - 2016-09-15 17:25 - 00947200 _____ (Microsoft Corporation) C:\Windows\system32\wsp_sr.dll
2016-09-30 12:23 - 2016-09-15 17:25 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2016-09-30 12:23 - 2016-09-15 17:25 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\SpaceAgent.exe
2016-09-30 12:23 - 2016-09-15 17:24 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Ocr.dll
2016-09-30 12:23 - 2016-09-15 17:23 - 03405824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-09-30 12:23 - 2016-09-15 17:23 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-09-30 12:23 - 2016-09-15 17:23 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2016-09-30 12:23 - 2016-09-15 17:22 - 01586176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-09-30 12:23 - 2016-09-15 17:22 - 00960000 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 02208768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-09-30 12:23 - 2016-09-15 17:20 - 01535488 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 01266176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 00691712 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2016-09-30 12:23 - 2016-09-15 17:19 - 01130496 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-30 12:23 - 2016-09-15 17:19 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-09-30 12:23 - 2016-09-15 17:19 - 00788992 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-09-30 12:23 - 2016-09-15 17:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 01817088 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll
2016-09-30 12:23 - 2016-08-05 09:29 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-30 12:22 - 2016-09-15 18:37 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-09-30 12:22 - 2016-09-15 18:37 - 00496872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-30 12:22 - 2016-09-15 18:37 - 00402352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-09-30 12:22 - 2016-09-15 18:35 - 01570680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-30 12:22 - 2016-09-15 18:32 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-09-30 12:22 - 2016-09-15 18:30 - 00646136 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00823136 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2016-09-30 12:22 - 2016-09-15 18:29 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00424640 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00218008 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-09-30 12:22 - 2016-09-15 18:29 - 00169056 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00127328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppVStrm.sys
2016-09-30 12:22 - 2016-09-15 18:29 - 00081760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-09-30 12:22 - 2016-09-15 18:29 - 00074080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-09-30 12:22 - 2016-09-15 18:29 - 00023392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2016-09-30 12:22 - 2016-09-15 18:28 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2016-09-30 12:22 - 2016-09-15 18:27 - 01883784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-30 12:22 - 2016-09-15 18:27 - 00128352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-09-30 12:22 - 2016-09-15 18:26 - 00090400 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-09-30 12:22 - 2016-09-15 18:25 - 00340320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-30 12:22 - 2016-09-15 18:25 - 00280472 _____ (Microsoft Corporation) C:\Windows\system32\bdeunlock.exe
2016-09-30 12:22 - 2016-09-15 18:25 - 00262960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2016-09-30 12:22 - 2016-09-15 18:24 - 00764936 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-09-30 12:22 - 2016-09-15 18:23 - 01503032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-30 12:22 - 2016-09-15 18:22 - 05722320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-09-30 12:22 - 2016-09-15 18:22 - 00975744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2016-09-30 12:22 - 2016-09-15 18:22 - 00433832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-09-30 12:22 - 2016-09-15 18:21 - 00272720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-30 12:22 - 2016-09-15 18:19 - 00361104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 06654616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 01123368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 00955528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 00856872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2016-09-30 12:22 - 2016-09-15 18:17 - 04311736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-30 12:22 - 2016-09-15 18:16 - 07219672 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-09-30 12:22 - 2016-09-15 18:16 - 02190176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-30 12:22 - 2016-09-15 18:16 - 01738040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-30 12:22 - 2016-09-15 18:16 - 01157000 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2016-09-30 12:22 - 2016-09-15 18:16 - 00657760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-09-30 12:22 - 2016-09-15 18:16 - 00401760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-09-30 12:22 - 2016-09-15 18:16 - 00206096 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-09-30 12:22 - 2016-09-15 18:15 - 00649568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00557408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00341936 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-30 12:22 - 2016-09-15 18:15 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00223584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00130912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2016-09-30 12:22 - 2016-09-15 18:14 - 01415752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2016-09-30 12:22 - 2016-09-15 18:14 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2016-09-30 12:22 - 2016-09-15 18:14 - 00988512 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2016-09-30 12:22 - 2016-09-15 18:14 - 00947552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2016-09-30 12:22 - 2016-09-15 18:14 - 00811872 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2016-09-30 12:22 - 2016-09-15 18:14 - 00435040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-09-30 12:22 - 2016-09-15 18:12 - 08158672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-09-30 12:22 - 2016-09-15 18:12 - 01472536 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 04673296 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-30 12:22 - 2016-09-15 18:11 - 01990640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 01066104 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 00862064 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 00725664 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 00160096 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
2016-09-30 12:22 - 2016-09-15 18:08 - 05683712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-30 12:22 - 2016-09-15 18:07 - 01572768 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2016-09-30 12:22 - 2016-09-15 18:07 - 01418304 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-09-30 12:22 - 2016-09-15 18:07 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-09-30 12:22 - 2016-09-15 18:06 - 01046880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-09-30 12:22 - 2016-09-15 18:06 - 00372440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-09-30 12:22 - 2016-09-15 18:01 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll
2016-09-30 12:22 - 2016-09-15 18:00 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-09-30 12:22 - 2016-09-15 18:00 - 00518656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2016-09-30 12:22 - 2016-09-15 18:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-09-30 12:22 - 2016-09-15 17:59 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2016-09-30 12:22 - 2016-09-15 17:59 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinRtTracing.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFi.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ClipboardServer.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00257536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DataExchange.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetworkCollectionAgent.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2016-09-30 12:22 - 2016-09-15 17:54 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll
2016-09-30 12:22 - 2016-09-15 17:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-09-30 12:22 - 2016-09-15 17:54 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2016-09-30 12:22 - 2016-09-15 17:53 - 00819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-09-30 12:22 - 2016-09-15 17:53 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-30 12:22 - 2016-09-15 17:53 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 01358336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-09-30 12:22 - 2016-09-15 17:52 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-09-30 12:22 - 2016-09-15 17:51 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-30 12:22 - 2016-09-15 17:50 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2016-09-30 12:22 - 2016-09-15 17:49 - 00901120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:49 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-09-30 12:22 - 2016-09-15 17:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-30 12:22 - 2016-09-15 17:48 - 01321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2016-09-30 12:22 - 2016-09-15 17:48 - 01320448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-09-30 12:22 - 2016-09-15 17:48 - 01112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2016-09-30 12:22 - 2016-09-15 17:47 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll
2016-09-30 12:22 - 2016-09-15 17:47 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Energy.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 03305984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 00343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 02749440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 02642944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 00470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2016-09-30 12:22 - 2016-09-15 17:44 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-09-30 12:22 - 2016-09-15 17:44 - 00459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:44 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2016-09-30 12:22 - 2016-09-15 17:44 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 03520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2016-09-30 12:22 - 2016-09-15 17:43 - 03196416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\mfksproxy.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToReceiver.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2016-09-30 12:22 - 2016-09-15 17:42 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-09-30 12:22 - 2016-09-15 17:42 - 00719872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_sr.dll
2016-09-30 12:22 - 2016-09-15 17:42 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2016-09-30 12:22 - 2016-09-15 17:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2016-09-30 12:22 - 2016-09-15 17:42 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BackgroundMediaPolicy.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2016-09-30 12:22 - 2016-09-15 17:41 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Family.SyncEngine.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Family.Client.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Family.Authentication.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-30 12:22 - 2016-09-15 17:40 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 01656320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.UserDeviceAssociation.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 01004544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Flights.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-09-30 12:22 - 2016-09-15 17:38 - 00691200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\NetworkCollectionAgent.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00620544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrGidsHandler.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\icsvcext.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 01507840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.FaceAnalysis.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00568320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\wlancfg.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-09-30 12:22 - 2016-09-15 17:36 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\dsregcmd.exe
2016-09-30 12:22 - 2016-09-15 17:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00640000 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00448512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe
2016-09-30 12:22 - 2016-09-15 17:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\DataExchange.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.InkControls.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 03753984 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 01004032 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00966144 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00963584 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2016-09-30 12:22 - 2016-09-15 17:32 - 02716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-30 12:22 - 2016-09-15 17:32 - 00634368 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-09-30 12:22 - 2016-09-15 17:31 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-09-30 12:22 - 2016-09-15 17:31 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2016-09-30 12:22 - 2016-09-15 17:31 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-09-30 12:22 - 2016-09-15 17:30 - 03776512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 01639424 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 01403392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Editing.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-30 12:22 - 2016-09-15 17:30 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Energy.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2016-09-30 12:22 - 2016-09-15 17:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 12:22 - 2016-09-15 17:29 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-09-30 12:22 - 2016-09-15 17:29 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\RelPost.exe
2016-09-30 12:22 - 2016-09-15 17:28 - 03288064 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2016-09-30 12:22 - 2016-09-15 17:27 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00702976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2016-09-30 12:22 - 2016-09-15 17:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2016-09-30 12:22 - 2016-09-15 17:26 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2016-09-30 12:22 - 2016-09-15 17:25 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-09-30 12:22 - 2016-09-15 17:25 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2016-09-30 12:22 - 2016-09-15 17:25 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-09-30 12:22 - 2016-09-15 17:25 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\BackgroundMediaPolicy.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 04596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2016-09-30 12:22 - 2016-09-15 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 01361408 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 00611328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 01709056 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 01643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 00770560 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2016-09-30 12:22 - 2016-09-15 17:21 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 02424320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Perception.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 02095616 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-30 12:22 - 2016-09-15 17:20 - 01710080 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 01275392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 00875520 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-09-30 12:22 - 2016-09-15 17:19 - 03202048 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-09-30 12:22 - 2016-09-15 17:19 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Maps.dll
2016-09-30 12:22 - 2016-09-15 17:19 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-09-30 12:22 - 2016-09-15 17:18 - 01369088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll
2016-09-30 12:22 - 2016-09-15 17:18 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-09-30 12:22 - 2016-09-15 17:17 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-09-30 12:22 - 2016-09-15 17:17 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-09-30 12:22 - 2016-09-15 17:16 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-09-30 12:22 - 2016-09-15 17:16 - 00531456 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2016-09-30 12:22 - 2016-09-15 17:16 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\spaceman.exe
2016-09-30 12:22 - 2016-08-06 04:34 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\smphost.dll
2016-09-30 12:22 - 2016-08-06 04:33 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smphost.dll
2016-09-30 12:22 - 2016-08-05 09:29 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.UXRes.dll
2016-09-27 14:31 - 2016-09-27 14:31 - 00000000 ____D C:\Users\Gregor\AppData\Local\AM2R
2016-09-27 10:07 - 2016-09-27 10:07 - 02295818 _____ C:\Users\Gregor\Downloads\page 1.pdf
2016-09-27 09:54 - 2016-09-27 14:06 - 00000000 ____D C:\Users\Gregor\Documents\Outlook Files
         

Alt 27.10.2016, 14:04   #7
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



Teil 2
Code:
ATTFilter
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 13:40 - 2016-08-17 18:54 - 00000000 ____D C:\Users\Gregor
2016-10-27 13:31 - 2016-08-20 15:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-27 12:17 - 2016-08-17 18:58 - 01027402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-27 12:13 - 2016-08-17 19:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-27 12:11 - 2016-08-17 19:25 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-27 12:11 - 2016-08-17 18:57 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-27 12:11 - 2016-08-17 18:55 - 00000000 ___RD C:\Users\Gregor\OneDrive
2016-10-27 12:10 - 2016-08-17 18:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-27 12:10 - 2016-08-17 18:51 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-10-27 12:08 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2016-10-26 17:53 - 2016-08-17 18:57 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-26 13:32 - 2016-08-17 19:12 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-26 11:42 - 2016-08-17 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-26 11:42 - 2016-08-17 18:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-26 11:42 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2016-10-26 11:41 - 2016-08-17 19:21 - 00000000 ____D C:\Users\Gregor\AppData\Local\NVIDIA Corporation
2016-10-26 11:41 - 2016-08-17 18:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-26 11:41 - 2016-08-17 18:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-26 11:33 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-22 09:41 - 2015-04-16 19:03 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-10-22 09:41 - 2015-04-16 07:19 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-10-22 08:25 - 2016-08-17 20:00 - 28199992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-22 08:25 - 2015-07-13 20:45 - 03922448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-22 08:25 - 2015-07-13 20:45 - 03465312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-22 08:25 - 2015-07-13 20:45 - 00042296 _____ C:\Windows\system32\nvinfo.pb
2016-10-22 07:04 - 2016-08-17 20:02 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-22 07:04 - 2016-08-17 20:02 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-21 15:33 - 2016-07-16 07:04 - 00524288 _____ C:\Windows\system32\config\BBI
2016-10-21 08:17 - 2016-08-17 18:57 - 07500035 _____ C:\Windows\system32\nvcoproc.bin
2016-10-20 13:32 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-20 13:31 - 2016-08-17 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-18 10:26 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2016-10-17 19:00 - 2016-09-03 16:34 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-10-17 19:00 - 2016-09-03 16:34 - 00000000 ____D C:\Program Files\paint.net
2016-10-14 14:13 - 2016-08-17 18:59 - 00000000 ____D C:\Users\Gregor\AppData\Local\Comms
2016-10-14 11:15 - 2016-08-17 18:59 - 00000000 ____D C:\Users\Gregor\AppData\Local\NVIDIA
2016-10-13 20:53 - 2016-08-17 20:05 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 19:19 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\rescache
2016-10-13 16:39 - 2016-08-17 22:39 - 00000000 ____D C:\Users\Gregor\AppData\Roaming\AgileBits
2016-10-13 11:24 - 2016-08-17 18:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-13 11:23 - 2016-08-17 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-13 11:23 - 2016-08-17 18:51 - 00332264 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\migwiz
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\ShellExperiences
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-12 14:38 - 2016-08-17 19:11 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 14:36 - 2016-08-17 19:11 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-12 13:48 - 2016-07-16 12:43 - 00783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2016-10-12 13:48 - 2016-07-16 12:42 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll
2016-10-10 09:07 - 2016-08-17 22:36 - 00000000 ____D C:\Program Files (x86)\1Password 4
2016-10-03 21:09 - 2016-07-16 12:49 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-03 21:09 - 2016-07-16 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-30 13:40 - 2016-07-16 15:24 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ___SD C:\Windows\system32\F12
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\setup
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\oobe
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Provisioning
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\bcastdvr
2016-09-30 13:40 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-30 13:40 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\system32\Sysprep
2016-09-30 13:40 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\system32\Dism
2016-09-30 05:25 - 2016-08-17 19:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

Files to move or delete:
====================
C:\Users\Gregor\another.cmd
C:\Users\Gregor\another2.cmd


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-17 20:20

==================== End of FRST.txt ============================
         

Alt 27.10.2016, 14:56   #8
M-K-D-B
/// TB-Ausbilder
 
RAT Trojaner? - Standard

RAT Trojaner?



Servus,



du bist mit Schadsoftware infiziert.... auf ins Gefecht :


Avira bitte unbedingt vor Schritt 1 und vor Schritt 2 deaktivieren, es stört nur die Bereinigung!





Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument


Code:
ATTFilter
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Start] => C:\Users\Gregor\Maintrance\hostex.exe [30128 2008-10-14] (NetSupport Ltd)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Start] => C:\Users\Gregor\Maintrance\hostex.exe [30128 2008-10-14] (NetSupport Ltd)
C:\Users\Gregor\Maintrance\hostex.exe
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\Users\Gregor\Maintrance
C:\Users\Gregor\another.cmd
C:\Users\Gregor\another2.cmd
Unlock: C:\FRST
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.







Schritt 2
  • Deaktiviere dein Anti-Viren-Programm.
  • Gehe zum Ordner C:\FRST\Quarantine.
  • Rechtsklicke auf den Ordner Quarantine und wähle > Senden an > Zip-komprimierter Ordner.
  • Es wird eine zip-Datei mit dem Namen Quarantine.zip im Ordner FRST erstellt.
  • Lade die Quarantine.zip im Upload-Channel hoch.
  • Klicke dazu auf Durchsuchen, navigiere zu der zip-Datei ( C:\FRST\Quarantine.zip ) und klicke auf Öffnen.
  • Klicke abschließend auf Hochladen.
  • Vielen Dank für deine Hilfe.
  • Aktiviere dein Anti-Viren-Programm wieder.





Schritt 3
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 4
  • Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
  • FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
  • Poste mir beide Logdateien mit deiner nächsten Antwort.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei des FRST-Fix,
  • die Logdatei von AdwCleaner,
  • die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

Alt 27.10.2016, 15:14   #9
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



Fixlog
Code:
ATTFilter
Fix result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Gregor (27-10-2016 15:03:17) Run:1
Running from C:\Users\Gregor\Desktop
Loaded Profiles: Gregor (Available Profiles: defaultuser0 & Gregor)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Start] => C:\Users\Gregor\Maintrance\hostex.exe [30128 2008-10-14] (NetSupport Ltd)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Start] => C:\Users\Gregor\Maintrance\hostex.exe [30128 2008-10-14] (NetSupport Ltd)
C:\Users\Gregor\Maintrance\hostex.exe
S3 dbx; system32\DRIVERS\dbx.sys [X]
C:\Users\Gregor\Maintrance
C:\Users\Gregor\another.cmd
C:\Users\Gregor\another2.cmd
Unlock: C:\FRST
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Start => value removed successfully
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Start => value not found.
C:\Users\Gregor\Maintrance\hostex.exe => moved successfully
dbx => service removed successfully
C:\Users\Gregor\Maintrance => moved successfully
C:\Users\Gregor\another.cmd => moved successfully
C:\Users\Gregor\another2.cmd => moved successfully
"C:\FRST" => was unlocked

========= dir "%ProgramFiles%" =========

 Volume in drive C has no label.
 Volume Serial Number is A285-275D

 Directory of C:\Program Files

09/22/2016  08:35 AM    <DIR>          .
09/22/2016  08:35 AM    <DIR>          ..
08/23/2016  07:37 PM    <DIR>          Bonjour
08/17/2016  07:17 PM    <DIR>          CMAK
08/23/2016  07:37 PM    <DIR>          Common Files
08/18/2016  01:12 PM    <DIR>          Greenshot
09/30/2016  01:40 PM    <DIR>          Internet Explorer
09/22/2016  08:35 AM    <DIR>          iPod
08/17/2016  10:55 PM    <DIR>          IrfanView
09/22/2016  08:35 AM    <DIR>          iTunes
08/17/2016  07:07 PM    <DIR>          Microsoft Office 15
08/17/2016  07:22 PM    <DIR>          MiniTool Partition Wizard Free 9.1
08/17/2016  07:20 PM    <DIR>          MiniTool Partition Wizard Server Edition 9.1 DEMO
08/17/2016  10:59 PM    <DIR>          MSBuild
10/26/2016  11:41 AM    <DIR>          NVIDIA Corporation
10/17/2016  07:00 PM    <DIR>          paint.net
08/17/2016  07:01 PM    <DIR>          Razer Chroma SDK
08/17/2016  07:00 PM    <DIR>          Realtek
08/17/2016  10:59 PM    <DIR>          Reference Assemblies
09/22/2016  09:43 AM    <DIR>          Windows Defender
09/30/2016  01:40 PM    <DIR>          Windows Defender Advanced Threat Protection
10/13/2016  12:00 AM    <DIR>          Windows Mail
09/22/2016  09:43 AM    <DIR>          Windows Media Player
07/16/2016  12:47 PM    <DIR>          Windows Multimedia Platform
07/16/2016  12:47 PM    <DIR>          Windows NT
10/13/2016  12:00 AM    <DIR>          Windows Photo Viewer
07/16/2016  12:47 PM    <DIR>          Windows Portable Devices
07/16/2016  12:47 PM    <DIR>          WindowsPowerShell
               0 File(s)              0 bytes
              28 Dir(s)  116,179,935,232 bytes free

========= End of CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in drive C has no label.
 Volume Serial Number is A285-275D

 Directory of C:\Program Files (x86)

10/27/2016  12:13 PM    <DIR>          .
10/27/2016  12:13 PM    <DIR>          ..
10/10/2016  09:07 AM    <DIR>          1Password 4
08/23/2016  07:37 PM    <DIR>          Apple Software Update
10/27/2016  03:01 PM    <DIR>          Avira
09/26/2016  10:33 AM    <DIR>          Battle.net
08/23/2016  07:37 PM    <DIR>          Bonjour
08/17/2016  07:17 PM    <DIR>          CMAK
10/20/2016  01:32 PM    <DIR>          Common Files
10/13/2016  08:53 PM    <DIR>          Dropbox
08/17/2016  06:57 PM    <DIR>          Google
09/30/2016  01:40 PM    <DIR>          Internet Explorer
08/20/2016  03:34 PM    <DIR>           Malwarebytes Anti-Malware 
10/20/2016  01:31 PM    <DIR>          Microsoft Office
08/17/2016  07:15 PM    <DIR>          Microsoft.NET
10/13/2016  11:23 AM    <DIR>          Mozilla Firefox
10/13/2016  11:23 AM    <DIR>          Mozilla Maintenance Service
08/17/2016  10:59 PM    <DIR>          MSBuild
10/26/2016  11:41 AM    <DIR>          NVIDIA Corporation
09/22/2016  08:25 AM    <DIR>          Razer
08/17/2016  07:01 PM    <DIR>          Razer Chroma SDK
08/17/2016  10:59 PM    <DIR>          Reference Assemblies
10/27/2016  03:01 PM    <DIR>          Steam
10/26/2016  11:41 AM    <DIR>          VulkanRT
09/22/2016  09:43 AM    <DIR>          Windows Defender
09/22/2016  09:43 AM    <DIR>          Windows Mail
08/29/2016  12:28 AM    <DIR>          Windows Media Player
07/16/2016  12:47 PM    <DIR>          Windows Multimedia Platform
07/16/2016  12:47 PM    <DIR>          Windows NT
10/13/2016  12:00 AM    <DIR>          Windows Photo Viewer
07/16/2016  12:47 PM    <DIR>          Windows Portable Devices
07/16/2016  12:47 PM    <DIR>          WindowsPowerShell
               0 File(s)              0 bytes
              32 Dir(s)  116,179,935,232 bytes free

========= End of CMD: =========


========= dir "%ProgramData%" =========

 Volume in drive C has no label.
 Volume Serial Number is A285-275D

 Directory of C:\ProgramData

08/18/2016  10:39 PM    <DIR>          .mono
08/23/2016  07:37 PM    <DIR>          Apple
08/23/2016  07:37 PM    <DIR>          Apple Computer
08/17/2016  07:26 PM    <DIR>          Battle.net
08/17/2016  11:46 PM    <DIR>          Blizzard Entertainment
07/16/2016  12:47 PM    <DIR>          Comms
08/17/2016  08:05 PM    <DIR>          Dropbox
08/20/2016  03:34 PM    <DIR>          Malwarebytes
08/17/2016  06:55 PM    <DIR>          Microsoft OneDrive
10/27/2016  03:01 PM    <DIR>          NVIDIA
10/26/2016  11:42 AM    <DIR>          NVIDIA Corporation
10/27/2016  03:00 PM    <DIR>          Package Cache
08/17/2016  07:05 PM    <DIR>          Razer
10/20/2016  01:32 PM    <DIR>          regid.1991-06.com.microsoft
07/16/2016  12:47 PM    <DIR>          SoftwareDistribution
08/17/2016  06:53 PM    <DIR>          USOPrivate
08/17/2016  06:53 PM    <DIR>          USOShared
               0 File(s)              0 bytes
              17 Dir(s)  116,179,931,136 bytes free

========= End of CMD: =========


========= dir "%Appdata%" =========

 Volume in drive C has no label.
 Volume Serial Number is A285-275D

 Directory of C:\Users\Gregor\AppData\Roaming

10/27/2016  02:59 PM    <DIR>          .
10/27/2016  02:59 PM    <DIR>          ..
08/18/2016  10:39 PM    <DIR>          .mono
08/17/2016  06:54 PM    <DIR>          Adobe
10/13/2016  04:39 PM    <DIR>          AgileBits
08/23/2016  07:38 PM    <DIR>          Apple Computer
08/17/2016  07:27 PM    <DIR>          Battle.net
08/29/2016  04:23 PM    <DIR>          discord
08/17/2016  08:06 PM    <DIR>          Dropbox
08/17/2016  07:56 PM    <DIR>          Factorio
08/18/2016  01:12 PM    <DIR>          Greenshot
08/17/2016  10:55 PM    <DIR>          IrfanView
08/17/2016  10:17 PM    <DIR>          Mozilla
10/26/2016  11:36 AM    <DIR>          NVIDIA
08/18/2016  06:55 PM    <DIR>          Skype
08/17/2016  07:56 PM    <DIR>          StardewValley
08/17/2016  11:01 PM    <DIR>          The Witness
               0 File(s)              0 bytes
              17 Dir(s)  116,179,931,136 bytes free

========= End of CMD: =========


========= dir "%LocalAppdata%" =========

 Volume in drive C has no label.
 Volume Serial Number is A285-275D

 Directory of C:\Users\Gregor\AppData\Local

10/27/2016  03:01 PM    <DIR>          .
10/27/2016  03:01 PM    <DIR>          ..
10/10/2016  09:07 AM    <DIR>          AgileBits
09/27/2016  02:31 PM    <DIR>          AM2R
08/23/2016  07:37 PM    <DIR>          Apple
08/23/2016  07:37 PM    <DIR>          Apple Computer
10/27/2016  01:15 PM    <DIR>          Avira
09/26/2016  11:44 PM    <DIR>          Battle.net
08/18/2016  10:39 PM    <DIR>          Blizzard
08/17/2016  11:46 PM    <DIR>          Blizzard Entertainment
08/17/2016  07:26 PM    <DIR>          CEF
10/14/2016  02:13 PM    <DIR>          Comms
08/17/2016  06:59 PM    <DIR>          ConnectedDevicesPlatform
09/24/2016  12:02 PM    <DIR>          CrashDumps
08/28/2016  10:20 PM    <DIR>          Discord
08/17/2016  10:20 PM    <DIR>          Dropbox
08/17/2016  11:37 PM    <DIR>          Google
08/18/2016  01:12 PM    <DIR>          Greenshot
09/27/2016  09:54 AM    <DIR>          Microsoft
08/17/2016  06:56 PM    <DIR>          MicrosoftEdge
08/17/2016  10:23 PM    <DIR>          Mozilla
10/14/2016  11:15 AM    <DIR>          NVIDIA
10/26/2016  11:41 AM    <DIR>          NVIDIA Corporation
08/31/2016  02:37 PM    <DIR>          Packages
09/03/2016  04:34 PM    <DIR>          paint.net
08/17/2016  08:06 PM    <DIR>          PeerDistRepub
08/17/2016  10:36 PM    <DIR>          Programs
08/17/2016  06:54 PM    <DIR>          Publishers
08/17/2016  07:04 PM    <DIR>          Razer
08/17/2016  07:03 PM    <DIR>          Razer_Inc
08/17/2016  11:10 PM    <DIR>          SquirrelTemp
08/17/2016  07:26 PM    <DIR>          Steam
10/27/2016  03:03 PM    <DIR>          Temp
08/17/2016  06:54 PM    <DIR>          TileDataLayer
08/17/2016  08:07 PM    <DIR>          VirtualStore
               0 File(s)              0 bytes
              35 Dir(s)  116,179,931,136 bytes free

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


========= netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 583648 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 53153162 B
Java, Flash, Steam htmlcache => 351955660 B
Windows/system/drivers => 47904412 B
Edge => 3296912 B
Chrome => 525405981 B
Firefox => 369579051 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 2490 B
NetworkService => -524 B
defaultuser0 => 128 B
Gregor => 404494714 B

RecycleBin => 0 B
EmptyTemp: => 1.6 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:03:37 ====
         
ADWCleaner
AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v6.030 - Logfile created 27/10/2016 at 15:09:23
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-27.1 [Server]
# Operating System : Windows 10 Education  (X64)
# Username : Gregor - DESKTOP-5EGOQLI
# Running from : C:\Users\Gregor\Desktop\AdwCleaner_6.030.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****



*************************

:: "Tracing" keys deleted
:: Winsock settings cleared
:: "Prefetch" files deleted
:: Proxy settings cleared
:: IE policies deleted
:: Chrome policies deleted

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [872 Bytes] - [27/10/2016 15:09:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [1156 Bytes] - [27/10/2016 15:08:58]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1017 Bytes] ##########
         
--- --- ---

Alt 27.10.2016, 15:15   #10
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



FRST Teil 1
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-10-2016
Ran by Gregor (administrator) on DESKTOP-5EGOQLI (27-10-2016 15:11:26)
Running from C:\Users\Gregor\Desktop
Loaded Profiles: Gregor (Available Profiles: defaultuser0 & Gregor)
Platform: Windows 10 Education Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(Razer Inc.) C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Users\Gregor\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Greenshot) C:\Program Files\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.winxp\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Hammer & Chisel, Inc.) C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Hammer & Chisel, Inc.) C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe
(AgileBits) C:\Program Files (x86)\1Password 4\Agile1pAgent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8822016 2016-06-02] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => C:\Program Files\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-09-09] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [596640 2016-10-13] (Razer Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25366584 2016-10-10] (Dropbox, Inc.)
HKLM-x32\...\Run: [Agile1pAgent] => C:\Program Files (x86)\1Password 4\Agile1pAgent.exe [4914832 2016-10-06] (AgileBits)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2860832 2016-10-13] (Valve Corporation)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [GoogleChromeAutoLaunch_F1648171926DB8193907B4CD14FDE951] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1083496 2016-10-20] (Google Inc.)
HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Run: [Discord] => C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.65536.dll [2016-10-10] (Dropbox, Inc.)
Startup: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-09-22]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{d5b15e93-f17a-4b7e-b71c-ee5d44cbcc93}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
BHO: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x64\Agile1pIE4.dll [2016-10-06] (AgileBits)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-10-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-10-08] (Microsoft Corporation)
BHO-x32: 1Password -> {037C06D5-3893-49E8-9AC0-41F7524AFBF5} -> C:\Program Files (x86)\1Password 4\x86\Agile1pIE4.dll [2016-10-06] (AgileBits)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-10-20] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 9nid1ej2.default
FF ProfilePath: C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\9nid1ej2.default [2016-10-27]
FF Extension: (No Name) - C:\Users\Gregor\AppData\Roaming\Mozilla\Firefox\Profiles\9nid1ej2.default\Extensions\abs@avira.com [2016-10-27]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-10-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-10-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-17] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxp://www.google.com"
CHR Profile: C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default [2016-10-27]
CHR Extension: (Google Slides) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-17]
CHR Extension: (myPlex Queue Extension) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2016-08-17]
CHR Extension: (Xmarks Bookmark Sync) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2016-08-17]
CHR Extension: (Chrome Currency Converter) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\anbfhidldjknonaihbalghlebaijealk [2016-08-17]
CHR Extension: (Google Docs) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-17]
CHR Extension: (1Password: Password Manager and Secure Wallet) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomjjhallfgjeglblehebfpbcfeobpgk [2016-09-30]
CHR Extension: (Google Drive) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2016-08-17]
CHR Extension: (YouTube) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-17]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2016-08-17]
CHR Extension: (uBlock Origin) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2016-10-20]
CHR Extension: (Gmelius for Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dheionainndbbpoacpnopgmnihkcmnkl [2016-08-17]
CHR Extension: (Dropbox for Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2016-08-17]
CHR Extension: (ICE Quick Stream) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpioikmjnfipgphjldakcaocbbpnfabl [2016-08-17]
CHR Extension: (Gmail Offline) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2016-08-17]
CHR Extension: (Google Calendar) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2016-08-17]
CHR Extension: (Disable Youtube™ HTML5 Player) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmofgaijnbjpblfljopnpdogpldapoc [2016-08-17]
CHR Extension: (Full Page Screen Capture) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2016-09-22]
CHR Extension: (Google Sheets) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-17]
CHR Extension: (Readium) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2016-08-17]
CHR Extension: (Avira Browser Safety) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-17]
CHR Extension: (Reddit Desktop Notification) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpemkpenakemaoanknnapfobdjnahamb [2016-08-17]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2016-08-17]
CHR Extension: (SuperSorter) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjebfgojnlefhdgmomncgjglmdckngij [2016-08-17]
CHR Extension: (Marvel Comics) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjhfaknohpjconjoefidanhihokmkice [2016-08-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2016-08-17]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-10-15]
CHR Extension: (Audio EQ) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfafdlnjaliaghpjdajmlcnnblkgcefh [2016-10-10]
CHR Extension: (Ghostery) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-09-22]
CHR Extension: (Cenafy) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndchmakhfaakbkhnkdgambadneloplnn [2016-08-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-17]
CHR Extension: (uMatrix) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogfcmafjalglgifnmanfmnieipoejdcf [2016-09-22]
CHR Extension: (Gmail) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-17]
CHR Extension: (Chrome Media Router) - C:\Users\Gregor\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-27]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3291848 2016-10-08] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-17] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [38000 2016-10-10] (Dropbox, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [457272 2016-09-30] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [458176 2016-10-22] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-09-30] (NVIDIA Corporation)
R2 Razer Chroma SDK Service; C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe [69760 2016-09-26] (Razer Inc.)
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [189264 2016-09-24] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 megasas2i; C:\Windows\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_49b226e6441043f1\nvlddmkm.sys [14145592 2016-10-23] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-09-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47672 2016-09-30] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R3 rzendpt; C:\Windows\System32\drivers\rzendpt.sys [51736 2016-09-01] (Razer Inc)
R3 rzmpos; C:\Windows\System32\drivers\rzmpos.sys [48152 2016-09-01] (Razer Inc)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [44144 2016-09-17] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [137840 2016-09-07] (Razer, Inc.)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 15:11 - 2016-10-27 15:11 - 00023340 _____ C:\Users\Gregor\Desktop\FRST.txt
2016-10-27 15:07 - 2016-10-27 15:09 - 00000000 ____D C:\AdwCleaner
2016-10-27 15:07 - 2016-10-27 15:07 - 03910208 _____ C:\Users\Gregor\Desktop\AdwCleaner_6.030.exe
2016-10-27 15:05 - 2016-10-27 15:05 - 03992707 _____ C:\Users\Gregor\Desktop\Quarantine.zip
2016-10-27 15:03 - 2016-10-27 15:03 - 00012185 _____ C:\Users\Gregor\Desktop\Fixlog.txt
2016-10-27 15:01 - 2016-10-27 15:01 - 00000000 ___HD C:\OneDriveTemp
2016-10-27 13:41 - 2016-10-27 13:41 - 04747704 _____ (AO Kaspersky Lab) C:\Users\Gregor\Desktop\tdsskiller.exe
2016-10-27 13:41 - 2016-10-27 13:41 - 00264490 _____ C:\TDSSKiller.3.1.0.11_27.10.2016_13.41.38_log.txt
2016-10-27 13:28 - 2016-10-27 15:11 - 00000000 ____D C:\FRST
2016-10-27 13:27 - 2016-10-27 13:27 - 02407936 _____ (Farbar) C:\Users\Gregor\Desktop\FRST64.exe
2016-10-27 13:15 - 2016-10-27 13:15 - 00000000 ____D C:\Users\Gregor\AppData\Local\Avira
2016-10-27 12:15 - 2016-10-27 14:15 - 01368548 _____ C:\Windows\SysWOW64\winapp2_disk.csv
2016-10-27 12:15 - 2016-10-27 12:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-10-27 12:13 - 2016-10-27 15:01 - 00000000 ____D C:\Program Files (x86)\Avira
2016-10-27 12:13 - 2016-10-27 12:13 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Gregor\Downloads\avira_en_fass0_5811e13439c41__ws.exe
2016-10-26 11:42 - 2016-10-22 06:22 - 00133056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2016-10-26 11:42 - 2016-09-09 19:25 - 00269600 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-10-26 11:42 - 2016-09-09 19:25 - 00261920 _____ C:\Windows\system32\vulkan-1.dll
2016-10-26 11:42 - 2016-09-09 19:25 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-10-26 11:42 - 2016-09-09 19:24 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-10-26 11:41 - 2016-10-26 11:42 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-10-26 11:41 - 2016-10-26 11:41 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-10-26 11:40 - 2016-10-22 09:41 - 00046024 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 40125496 _____ C:\Windows\system32\nvcompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 35224120 _____ C:\Windows\SysWOW64\nvcompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 34707392 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 10910184 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 10782256 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 10332336 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 09119792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 08912488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 08723456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 02941496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 02574272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 01953336 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437563.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 01585088 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437563.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 01038392 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00974784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00944184 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00894400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00802768 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncMFTH264.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00683824 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00644112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncMFTH264.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00573072 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00438208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00394704 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00388544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00384448 _____ (NVIDIA Corporation) C:\Windows\system32\nvDecMFTMjpeg.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00348728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvDecMFTMjpeg.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00327408 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2016-10-26 11:40 - 2016-10-22 08:25 - 00000669 _____ C:\Windows\SysWOW64\nv-vk32.json
2016-10-26 11:40 - 2016-10-22 08:25 - 00000669 _____ C:\Windows\system32\nv-vk64.json
2016-10-26 11:36 - 2016-10-26 11:36 - 00000000 ____D C:\Users\Gregor\AppData\Roaming\NVIDIA
2016-10-18 20:32 - 2016-10-27 15:03 - 00000000 ____D C:\Users\Gregor\AppData\LocalLow\Temp
2016-10-18 17:04 - 2016-10-18 17:04 - 02198884 _____ C:\Users\Gregor\Downloads\1.pdf
2016-10-14 11:16 - 2016-09-17 01:12 - 00044144 _____ (Razer, Inc.) C:\Windows\system32\Drivers\rzpmgrk.sys
2016-10-14 11:15 - 2016-10-22 06:33 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2016-10-14 11:15 - 2016-10-14 11:15 - 00004004 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003976 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003940 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003914 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003752 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-10-14 11:15 - 00003710 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-10-14 11:15 - 2016-09-30 05:25 - 01844280 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01756728 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01445944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01318968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 00121912 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2016-10-14 11:14 - 2016-09-30 05:25 - 00095800 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2016-10-14 11:14 - 2016-09-30 05:25 - 00047672 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2016-10-13 20:53 - 2016-10-13 20:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-10-12 18:03 - 2016-10-12 18:03 - 00313808 _____ C:\Users\Gregor\Downloads\p45part1.pdf
2016-10-12 13:57 - 2016-10-05 11:17 - 01322848 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2016-10-12 13:57 - 2016-10-05 11:13 - 02750384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-10-12 13:57 - 2016-10-05 11:12 - 02446696 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-10-12 13:57 - 2016-10-05 11:09 - 22219328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-10-12 13:57 - 2016-10-05 11:09 - 00064352 _____ (Avago Technologies) C:\Windows\system32\Drivers\MegaSas2i.sys
2016-10-12 13:57 - 2016-10-05 10:50 - 02256592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-10-12 13:57 - 2016-10-05 10:44 - 22568960 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-10-12 13:57 - 2016-10-05 10:41 - 00545944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-10-12 13:57 - 2016-10-05 10:38 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Diagnostics.dll
2016-10-12 13:57 - 2016-10-05 10:36 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 13:57 - 2016-10-05 10:35 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.dll
2016-10-12 13:57 - 2016-10-05 10:35 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 13:57 - 2016-10-05 10:33 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-10-12 13:57 - 2016-10-05 10:33 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\credprovs.dll
2016-10-12 13:57 - 2016-10-05 10:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2016-10-12 13:57 - 2016-10-05 10:31 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\dsreg.dll
2016-10-12 13:57 - 2016-10-05 10:31 - 00425472 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2016-10-12 13:57 - 2016-10-05 10:30 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2016-10-12 13:57 - 2016-10-05 10:29 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-10-12 13:57 - 2016-10-05 10:28 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 23680512 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00590848 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00327680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\daxexec.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00184320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovs.dll
2016-10-12 13:57 - 2016-10-05 10:26 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 01589248 _____ (Microsoft Corporation) C:\Windows\system32\msdtctm.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 00822784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsreg.dll
2016-10-12 13:57 - 2016-10-05 10:25 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2016-10-12 13:57 - 2016-10-05 10:24 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 13:57 - 2016-10-05 10:24 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00431616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00426496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepsync.dll
2016-10-12 13:57 - 2016-10-05 10:23 - 00125952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apprepapi.dll
2016-10-12 13:57 - 2016-10-05 10:22 - 13081088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-10-12 13:57 - 2016-10-05 10:21 - 03689984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-10-12 13:57 - 2016-10-05 10:21 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-10-12 13:57 - 2016-10-05 10:20 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-10-12 13:57 - 2016-10-05 10:19 - 02390016 _____ (Microsoft Corporation) C:\Windows\system32\smartscreen.exe
2016-10-12 13:57 - 2016-10-05 10:19 - 02265088 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-10-12 13:57 - 2016-10-05 10:19 - 01690112 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.onecore.dll
2016-10-12 13:57 - 2016-10-05 10:19 - 00982528 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-10-12 13:57 - 2016-10-05 10:18 - 00983040 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-10-12 13:57 - 2016-10-05 10:18 - 00759296 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-10-12 13:57 - 2016-10-05 10:17 - 08126464 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-10-12 13:57 - 2016-10-05 10:17 - 02914304 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-10-12 13:57 - 2016-10-05 10:16 - 19418624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-10-12 13:57 - 2016-10-05 10:16 - 04747776 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-10-12 13:57 - 2016-10-05 10:15 - 07625728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-10-12 13:57 - 2016-10-05 10:15 - 02800128 _____ (Microsoft Corporation) C:\Windows\system32\netshell.dll
2016-10-12 13:57 - 2016-10-05 10:15 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-10-12 13:57 - 2016-10-05 10:15 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dialclient.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 19416576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 02667520 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 02476544 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2016-10-12 13:57 - 2016-10-05 10:14 - 01778176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-10-12 13:57 - 2016-10-05 10:13 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-10-12 13:57 - 2016-10-05 10:12 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aadtb.dll
2016-10-12 13:57 - 2016-10-05 10:11 - 12174848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-10-12 13:57 - 2016-10-05 10:11 - 06108672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-10-12 13:57 - 2016-10-05 10:11 - 06043136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-10-12 13:57 - 2016-10-05 10:10 - 06474752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mspaint.exe
2016-10-12 13:57 - 2016-10-05 10:09 - 00884224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-10-12 13:57 - 2016-10-05 10:09 - 00691712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-10-12 13:57 - 2016-10-05 10:08 - 00873472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aadtb.dll
2016-10-12 13:57 - 2016-10-05 10:07 - 03667456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-10-12 13:57 - 2016-10-05 10:07 - 02682880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netshell.dll
2016-10-12 13:57 - 2016-10-05 10:07 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ShareHost.dll
2016-10-12 13:57 - 2016-10-05 10:06 - 02005504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2016-10-12 13:56 - 2016-10-05 11:35 - 00279904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-10-12 13:56 - 2016-10-05 11:34 - 01051104 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-10-12 13:56 - 2016-10-05 11:34 - 00894088 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-10-12 13:56 - 2016-10-05 11:33 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2016-10-12 13:56 - 2016-10-05 11:31 - 02213248 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-10-12 13:56 - 2016-10-05 11:31 - 01353768 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-10-12 13:56 - 2016-10-05 11:31 - 01172472 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-10-12 13:56 - 2016-10-05 11:30 - 07812448 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-10-12 13:56 - 2016-10-05 11:22 - 01181536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-10-12 13:56 - 2016-10-05 11:16 - 00187232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-10-12 13:56 - 2016-10-05 11:13 - 01859264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-10-12 13:56 - 2016-10-05 11:13 - 00146784 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostCommon.dll
2016-10-12 13:56 - 2016-10-05 11:12 - 01112928 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-10-12 13:56 - 2016-10-05 11:12 - 00619368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-10-12 13:56 - 2016-10-05 11:09 - 04129928 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-10-12 13:56 - 2016-10-05 11:09 - 01071728 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-10-12 13:56 - 2016-10-05 11:09 - 00244816 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-10-12 13:56 - 2016-10-05 11:08 - 00241504 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHost.dll
2016-10-12 13:56 - 2016-10-05 11:04 - 02537824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-10-12 13:56 - 2016-10-05 11:04 - 00628032 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-10-12 13:56 - 2016-10-05 11:03 - 01705976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-10-12 13:56 - 2016-10-05 10:51 - 01430720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 13:56 - 2016-10-05 10:50 - 00116576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 13:56 - 2016-10-05 10:49 - 01980768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-10-12 13:56 - 2016-10-05 10:48 - 01022304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-10-12 13:56 - 2016-10-05 10:46 - 03892352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-10-12 13:56 - 2016-10-05 10:46 - 01360456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-10-12 13:56 - 2016-10-05 10:46 - 00980824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-10-12 13:56 - 2016-10-05 10:45 - 20965240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-10-12 13:56 - 2016-10-05 10:38 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2016-10-12 13:56 - 2016-10-05 10:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryBroker.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00352768 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00327680 _____ C:\Windows\system32\wc_storage.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepositoryClient.dll
2016-10-12 13:56 - 2016-10-05 10:34 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\daxexec.dll
2016-10-12 13:56 - 2016-10-05 10:34 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2016-10-12 13:56 - 2016-10-05 10:33 - 00651264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.AllJoyn.dll
2016-10-12 13:56 - 2016-10-05 10:33 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\mfsensorgroup.dll
2016-10-12 13:56 - 2016-10-05 10:32 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2016-10-12 13:56 - 2016-10-05 10:32 - 00379904 _____ (Microsoft Corporation) C:\Windows\system32\apprepsync.dll
2016-10-12 13:56 - 2016-10-05 10:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.HostName.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00837632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00748544 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00561664 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00176128 _____ (Microsoft Corporation) C:\Windows\system32\apprepapi.dll
2016-10-12 13:56 - 2016-10-05 10:31 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 09129984 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 06285312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-10-12 13:56 - 2016-10-05 10:29 - 00956416 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.desktop.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 03059200 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2016-10-12 13:56 - 2016-10-05 10:28 - 00584192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-10-12 13:56 - 2016-10-05 10:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 13:56 - 2016-10-05 10:27 - 00945664 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2016-10-12 13:56 - 2016-10-05 10:27 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 13:56 - 2016-10-05 10:27 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 13:56 - 2016-10-05 10:26 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsensorgroup.dll
2016-10-12 13:56 - 2016-10-05 10:25 - 00299520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-10-12 13:56 - 2016-10-05 10:24 - 13434368 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-10-12 13:56 - 2016-10-05 10:23 - 01908224 _____ (Microsoft Corporation) C:\Windows\system32\AzureSettingSyncProvider.dll
2016-10-12 13:56 - 2016-10-05 10:23 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\dialclient.dll
2016-10-12 13:56 - 2016-10-05 10:22 - 07654912 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-10-12 13:56 - 2016-10-05 10:22 - 04749312 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-10-12 13:56 - 2016-10-05 10:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 08075264 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 00567808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 00310272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 00167936 _____ (Microsoft Corporation) C:\Windows\system32\ErrorDetails.dll
2016-10-12 13:56 - 2016-10-05 10:20 - 00936960 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-10-12 13:56 - 2016-10-05 10:20 - 00804864 _____ (Microsoft Corporation) C:\Windows\system32\FrameServer.dll
2016-10-12 13:56 - 2016-10-05 10:20 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2016-10-12 13:56 - 2016-10-05 10:19 - 00779776 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 04612608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 00911872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2016-10-12 13:56 - 2016-10-05 10:18 - 00858112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-10-12 13:56 - 2016-10-05 10:17 - 04136960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-10-12 13:56 - 2016-10-05 10:17 - 01493504 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-10-12 13:56 - 2016-10-05 10:17 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2016-10-12 13:56 - 2016-10-05 10:16 - 06664192 _____ (Microsoft Corporation) C:\Windows\system32\mspaint.exe
2016-10-12 13:56 - 2016-10-05 10:16 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-10-12 13:56 - 2016-10-05 10:16 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2016-10-12 13:56 - 2016-10-05 10:16 - 00508416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 03617792 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-10-12 13:56 - 2016-10-05 10:15 - 01980416 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 01840640 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 00774656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.dll
2016-10-12 13:56 - 2016-10-05 10:15 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ShareHost.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 02688512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 01456640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 01255936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 01013760 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 00701952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 12345856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2016-10-12 13:56 - 2016-10-05 10:12 - 00998912 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2016-10-12 13:56 - 2016-10-05 10:12 - 00924672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 13:56 - 2016-10-05 10:11 - 03496960 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2016-10-12 13:56 - 2016-10-05 10:11 - 00640000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 07467520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 03369984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-10-12 13:56 - 2016-10-05 10:09 - 00674304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2016-10-12 13:56 - 2016-10-05 10:08 - 02356736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2016-10-12 13:56 - 2016-10-05 10:08 - 00598528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.dll
2016-10-12 13:56 - 2016-10-05 10:07 - 02646016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-10-12 13:56 - 2016-10-05 10:07 - 00589312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 13:56 - 2016-10-05 10:07 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 02999296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32kfull.sys
2016-10-12 13:56 - 2016-10-05 10:06 - 02254336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 01880576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 01013248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-10-12 13:56 - 2016-10-05 10:06 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2016-10-12 13:56 - 2016-10-05 10:05 - 03105792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2016-10-12 13:56 - 2016-10-05 10:05 - 00751104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 13:56 - 2016-10-05 01:01 - 00446124 _____ C:\Windows\system32\ApnDatabase.xml
2016-10-12 13:56 - 2016-09-07 06:34 - 00360040 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2016-10-11 14:13 - 2016-10-11 14:13 - 00000000 ____D C:\Users\Gregor\Documents\Apple
2016-10-11 14:08 - 2016-10-12 14:06 - 08407511 _____ C:\Users\Gregor\Downloads\Gregor_Beck_contract_and_documents_single_file.pdf
2016-10-11 14:05 - 2016-10-26 11:42 - 00000000 ____D C:\TEMP
2016-10-11 14:01 - 2016-10-11 14:01 - 08202009 _____ C:\Users\Gregor\Downloads\jpg2pdf (1).pdf
2016-10-11 14:01 - 2016-10-11 14:01 - 08202007 _____ C:\Users\Gregor\Downloads\jpg2pdf.pdf
2016-10-11 13:59 - 2016-10-11 13:59 - 00000000 ____D C:\Users\Gregor\Downloads\Gregor Beck
2016-10-11 13:58 - 2016-10-11 13:58 - 09286591 _____ C:\Users\Gregor\Downloads\Gregor Beck.zip
2016-10-10 19:30 - 2016-10-10 19:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00074352 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2016-10-10 19:30 - 2016-10-10 19:30 - 00038000 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2016-10-10 09:07 - 2016-10-10 09:07 - 00000000 ____D C:\Users\Gregor\AppData\Local\AgileBits
2016-10-07 22:52 - 2016-10-07 22:52 - 00443632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00394496 _____ (Microsoft Corporation) C:\Windows\system32\vccorlib140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00334608 _____ (Microsoft Corporation) C:\Windows\system32\concrt140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00089328 _____ (Microsoft Corporation) C:\Windows\system32\vcruntime140.dll
2016-10-07 22:52 - 2016-10-07 22:52 - 00085744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vcruntime140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00639728 _____ (Microsoft Corporation) C:\Windows\system32\msvcp140.dll
2016-10-07 22:49 - 2016-10-07 22:49 - 00244504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\concrt140.dll
2016-10-07 22:45 - 2016-10-07 22:45 - 00271112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vccorlib140.dll
2016-10-06 19:38 - 2016-10-06 19:38 - 00059149 _____ C:\Users\Gregor\Downloads\5_Employee_Privacy_Notice.pdf
2016-10-06 19:27 - 2016-10-06 19:27 - 00047552 _____ C:\Users\Gregor\Downloads\4_Candidate_Paperwork_Checklist_.pdf
2016-10-06 19:24 - 2016-10-06 19:24 - 00091053 _____ C:\Users\Gregor\Downloads\6_Intellectual_Property.pdf
2016-10-06 19:15 - 2016-10-06 19:16 - 00034751 _____ C:\Users\Gregor\Downloads\3_PIN.pdf
2016-10-06 19:12 - 2016-10-06 19:12 - 00127638 _____ C:\Users\Gregor\Downloads\2_ESPP_Letter_.pdf
2016-10-06 19:10 - 2016-10-06 19:10 - 00080039 _____ C:\Users\Gregor\Downloads\1_Contract_Gregor_Beck_.pdf
2016-10-06 13:52 - 2016-10-06 13:52 - 04603583 _____ C:\Users\Gregor\Downloads\Sample New Hire Documents Standard (1).pdf
2016-10-06 13:51 - 2016-10-06 13:51 - 04603583 _____ C:\Users\Gregor\Downloads\Sample New Hire Documents Standard.pdf
2016-10-03 14:46 - 2016-10-13 11:23 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-30 12:23 - 2016-09-15 19:14 - 00484584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-09-30 12:23 - 2016-09-15 18:40 - 00965472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2016-09-30 12:23 - 2016-09-15 18:35 - 00455040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DolbyDecMFT.dll
2016-09-30 12:23 - 2016-09-15 18:33 - 00083120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-09-30 12:23 - 2016-09-15 18:30 - 00354264 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2016-09-30 12:23 - 2016-09-15 18:29 - 01377016 _____ (Microsoft Corporation) C:\Windows\system32\ClipUp.exe
2016-09-30 12:23 - 2016-09-15 18:29 - 01117024 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2016-09-30 12:23 - 2016-09-15 18:29 - 00603488 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-09-30 12:23 - 2016-09-15 18:29 - 00512416 _____ (Microsoft Corporation) C:\Windows\system32\MSAudDecMFT.dll
2016-09-30 12:23 - 2016-09-15 18:27 - 05622088 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2016-09-30 12:23 - 2016-09-15 18:27 - 00553312 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-09-30 12:23 - 2016-09-15 18:27 - 00434528 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ C:\Windows\system32\CoreUIComponents.dll
2016-09-30 12:23 - 2016-09-15 18:23 - 00170960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-09-30 12:23 - 2016-09-15 18:22 - 00860512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-09-30 12:23 - 2016-09-15 18:21 - 01218912 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-09-30 12:23 - 2016-09-15 18:21 - 01000288 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-09-30 12:23 - 2016-09-15 18:20 - 00846560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-09-30 12:23 - 2016-09-15 18:20 - 00634944 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-09-30 12:23 - 2016-09-15 18:18 - 00404832 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-30 12:23 - 2016-09-15 18:16 - 01292640 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-09-30 12:23 - 2016-09-15 18:16 - 00527808 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-09-30 12:23 - 2016-09-15 18:15 - 00218976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-09-30 12:23 - 2016-09-15 18:14 - 01267512 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-09-30 12:23 - 2016-09-15 18:14 - 00119648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wcifs.sys
2016-09-30 12:23 - 2016-09-15 18:13 - 01264912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-09-30 12:23 - 2016-09-15 18:13 - 00113504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2016-09-30 12:23 - 2016-09-15 18:12 - 00092512 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-09-30 12:23 - 2016-09-15 18:11 - 00773168 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2016-09-30 12:23 - 2016-09-15 18:10 - 01600632 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2016-09-30 12:23 - 2016-09-15 18:10 - 00918848 _____ (Microsoft Corporation) C:\Windows\system32\EditionUpgradeManagerObj.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 01469120 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 00587968 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 00455520 _____ (Microsoft Corporation) C:\Windows\system32\securekernel.exe
2016-09-30 12:23 - 2016-09-15 18:06 - 00387872 _____ (Microsoft Corporation) C:\Windows\system32\wmpps.dll
2016-09-30 12:23 - 2016-09-15 18:06 - 00050880 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-09-30 12:23 - 2016-09-15 18:03 - 00094720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-09-30 12:23 - 2016-09-15 18:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-09-30 12:23 - 2016-09-15 18:03 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcconf.dll
2016-09-30 12:23 - 2016-09-15 18:02 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfksproxy.dll
2016-09-30 12:23 - 2016-09-15 18:01 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2016-09-30 12:23 - 2016-09-15 18:00 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BcastDVRHelper.dll
2016-09-30 12:23 - 2016-09-15 17:59 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovslegacy.dll
2016-09-30 12:23 - 2016-09-15 17:58 - 00491008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-09-30 12:23 - 2016-09-15 17:58 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlancfg.dll
2016-09-30 12:23 - 2016-09-15 17:57 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.LowLevel.dll
2016-09-30 12:23 - 2016-09-15 17:57 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-09-30 12:23 - 2016-09-15 17:56 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00413184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00265728 _____ C:\Windows\SysWOW64\Windows.Perception.Stub.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00262656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2016-09-30 12:23 - 2016-09-15 17:56 - 00057856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManagerApi.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 01243136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgentUserBroker.exe
2016-09-30 12:23 - 2016-09-15 17:55 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.CredDialogController.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 00202752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 12:23 - 2016-09-15 17:55 - 00175616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-09-30 12:23 - 2016-09-15 17:54 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mbsmsapi.dll
2016-09-30 12:23 - 2016-09-15 17:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-09-30 12:23 - 2016-09-15 17:54 - 00431104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprdim.dll
2016-09-30 12:23 - 2016-09-15 17:53 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppcext.dll
2016-09-30 12:23 - 2016-09-15 17:53 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2016-09-30 12:23 - 2016-09-15 17:52 - 00238080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AboveLockAppHost.dll
2016-09-30 12:23 - 2016-09-15 17:51 - 02333184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-09-30 12:23 - 2016-09-15 17:51 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2016-09-30 12:23 - 2016-09-15 17:50 - 07219200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-09-30 12:23 - 2016-09-15 17:50 - 01534464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-30 12:23 - 2016-09-15 17:50 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-09-30 12:23 - 2016-09-15 17:49 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-09-30 12:23 - 2016-09-15 17:47 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-09-30 12:23 - 2016-09-15 17:47 - 00355328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RTMediaFrame.dll
2016-09-30 12:23 - 2016-09-15 17:46 - 00713216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2016-09-30 12:23 - 2016-09-15 17:46 - 00558080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2016-09-30 12:23 - 2016-09-15 17:46 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\ffbroker.dll
2016-09-30 12:23 - 2016-09-15 17:43 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imapi2.dll
2016-09-30 12:23 - 2016-09-15 17:43 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinesam.dll
2016-09-30 12:23 - 2016-09-15 17:43 - 00130560 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2016-09-30 12:23 - 2016-09-15 17:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2016-09-30 12:23 - 2016-09-15 17:43 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cmintegrator.dll
2016-09-30 12:23 - 2016-09-15 17:42 - 00545792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uReFS.dll
2016-09-30 12:23 - 2016-09-15 17:42 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-09-30 12:23 - 2016-09-15 17:41 - 03733504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2016-09-30 12:23 - 2016-09-15 17:41 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Printers.dll
2016-09-30 12:23 - 2016-09-15 17:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\NfcRadioMedia.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 05061120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Midi.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFi.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\ACPBackgroundManagerPolicy.dll
2016-09-30 12:23 - 2016-09-15 17:40 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\VPNv2CSP.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 02740224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00547840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.Input.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00418304 _____ C:\Windows\system32\Windows.Perception.Stub.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2016-09-30 12:23 - 2016-09-15 17:39 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-09-30 12:23 - 2016-09-15 17:39 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Radios.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\MSVPXENC.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00654336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\credprovhost.dll
2016-09-30 12:23 - 2016-09-15 17:38 - 00211456 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-09-30 12:23 - 2016-09-15 17:38 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2016-09-30 12:23 - 2016-09-15 17:38 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\PrintWSDAHost.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\Search.ProtocolHandler.MAPI2.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00321024 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\ConsoleLogon.dll
2016-09-30 12:23 - 2016-09-15 17:37 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Import.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\WpAXHolder.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\cdpsvc.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00349184 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-09-30 12:23 - 2016-09-15 17:36 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\cdpusersvc.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-09-30 12:23 - 2016-09-15 17:36 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\credprovslegacy.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 01060352 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 01013248 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00949248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.PointOfService.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\sppcext.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\mprdim.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00431616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Cortana.Desktop.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00358400 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Picker.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\icsvc.dll
2016-09-30 12:23 - 2016-09-15 17:35 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 12:23 - 2016-09-15 17:34 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mbsmsapi.dll
2016-09-30 12:23 - 2016-09-15 17:34 - 00560640 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-09-30 12:23 - 2016-09-15 17:34 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\aadcloudap.dll
2016-09-30 12:23 - 2016-09-15 17:33 - 00896512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-09-30 12:23 - 2016-09-15 17:32 - 01037312 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2016-09-30 12:23 - 2016-09-15 17:32 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-09-30 12:23 - 2016-09-15 17:31 - 01912320 _____ (Microsoft Corporation) C:\Windows\system32\wsp_fs.dll
2016-09-30 12:23 - 2016-09-15 17:31 - 01553408 _____ (Microsoft Corporation) C:\Windows\system32\wsp_health.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\RTMediaFrame.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-09-30 12:23 - 2016-09-15 17:30 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\CastLaunch.dll
2016-09-30 12:23 - 2016-09-15 17:29 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\MiracastReceiver.dll
2016-09-30 12:23 - 2016-09-15 17:29 - 01082368 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-09-30 12:23 - 2016-09-15 17:29 - 00715264 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2016-09-30 12:23 - 2016-09-15 17:28 - 00798720 _____ (Microsoft Corporation) C:\Windows\system32\pwcreator.exe
2016-09-30 12:23 - 2016-09-15 17:28 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 05111296 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 01078784 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00883712 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\SpaceControl.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00582656 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\fveui.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\discan.dll
2016-09-30 12:23 - 2016-09-15 17:27 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\manage-bde.exe
2016-09-30 12:23 - 2016-09-15 17:27 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\fvenotify.exe
2016-09-30 12:23 - 2016-09-15 17:27 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\Sens.dll
2016-09-30 12:23 - 2016-09-15 17:26 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2016-09-30 12:23 - 2016-09-15 17:26 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\PlayToReceiver.dll
2016-09-30 12:23 - 2016-09-15 17:26 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-09-30 12:23 - 2016-09-15 17:26 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\bdeui.dll
2016-09-30 12:23 - 2016-09-15 17:25 - 00947200 _____ (Microsoft Corporation) C:\Windows\system32\wsp_sr.dll
2016-09-30 12:23 - 2016-09-15 17:25 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\offlinesam.dll
2016-09-30 12:23 - 2016-09-15 17:25 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\SpaceAgent.exe
2016-09-30 12:23 - 2016-09-15 17:24 - 01080320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Ocr.dll
2016-09-30 12:23 - 2016-09-15 17:23 - 03405824 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-09-30 12:23 - 2016-09-15 17:23 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-09-30 12:23 - 2016-09-15 17:23 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2016-09-30 12:23 - 2016-09-15 17:22 - 01586176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-09-30 12:23 - 2016-09-15 17:22 - 00960000 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 02538496 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 02208768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.3D.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-09-30 12:23 - 2016-09-15 17:21 - 00674304 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-09-30 12:23 - 2016-09-15 17:20 - 01535488 _____ (Microsoft Corporation) C:\Windows\system32\SpeechPal.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 01266176 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 00691712 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2016-09-30 12:23 - 2016-09-15 17:20 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\wkssvc.dll
2016-09-30 12:23 - 2016-09-15 17:19 - 01130496 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-09-30 12:23 - 2016-09-15 17:19 - 00903680 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2016-09-30 12:23 - 2016-09-15 17:19 - 00788992 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-09-30 12:23 - 2016-09-15 17:19 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 01817088 _____ (Microsoft Corporation) C:\Windows\system32\ResetEngine.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 00483840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2016-09-30 12:23 - 2016-09-15 17:16 - 00221696 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll
2016-09-30 12:23 - 2016-08-05 09:29 - 00568832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-30 12:22 - 2016-09-15 18:37 - 00590960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-09-30 12:22 - 2016-09-15 18:37 - 00496872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2016-09-30 12:22 - 2016-09-15 18:37 - 00402352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-09-30 12:22 - 2016-09-15 18:35 - 01570680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-30 12:22 - 2016-09-15 18:32 - 02048496 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-09-30 12:22 - 2016-09-15 18:30 - 00646136 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00823136 _____ (Microsoft Corporation) C:\Windows\system32\AppVClient.exe
2016-09-30 12:22 - 2016-09-15 18:29 - 00704352 _____ (Microsoft Corporation) C:\Windows\system32\AppVEntVirtualization.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00424640 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00218008 _____ (Microsoft Corporation) C:\Windows\system32\LsaIso.exe
2016-09-30 12:22 - 2016-09-15 18:29 - 00169056 _____ (Microsoft Corporation) C:\Windows\system32\skci.dll
2016-09-30 12:22 - 2016-09-15 18:29 - 00127328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\AppVStrm.sys
2016-09-30 12:22 - 2016-09-15 18:29 - 00081760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-09-30 12:22 - 2016-09-15 18:29 - 00074080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-09-30 12:22 - 2016-09-15 18:29 - 00023392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2016-09-30 12:22 - 2016-09-15 18:28 - 00498960 _____ (Microsoft Corporation) C:\Windows\system32\DolbyDecMFT.dll
2016-09-30 12:22 - 2016-09-15 18:27 - 01883784 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-30 12:22 - 2016-09-15 18:27 - 00128352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-09-30 12:22 - 2016-09-15 18:26 - 00090400 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-09-30 12:22 - 2016-09-15 18:25 - 00340320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-30 12:22 - 2016-09-15 18:25 - 00280472 _____ (Microsoft Corporation) C:\Windows\system32\bdeunlock.exe
2016-09-30 12:22 - 2016-09-15 18:25 - 00262960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Storage.ApplicationData.dll
2016-09-30 12:22 - 2016-09-15 18:24 - 00764936 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-09-30 12:22 - 2016-09-15 18:23 - 01503032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-09-30 12:22 - 2016-09-15 18:22 - 05722320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-09-30 12:22 - 2016-09-15 18:22 - 00975744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2016-09-30 12:22 - 2016-09-15 18:22 - 00433832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-09-30 12:22 - 2016-09-15 18:21 - 00272720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-30 12:22 - 2016-09-15 18:19 - 00361104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 06654616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 01201872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 01123368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 00955528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 00856872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2016-09-30 12:22 - 2016-09-15 18:18 - 00328008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Storage.ApplicationData.dll
2016-09-30 12:22 - 2016-09-15 18:17 - 04311736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-09-30 12:22 - 2016-09-15 18:16 - 07219672 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-09-30 12:22 - 2016-09-15 18:16 - 02190176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-09-30 12:22 - 2016-09-15 18:16 - 01738040 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-09-30 12:22 - 2016-09-15 18:16 - 01157000 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2016-09-30 12:22 - 2016-09-15 18:16 - 00657760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-09-30 12:22 - 2016-09-15 18:16 - 00401760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-09-30 12:22 - 2016-09-15 18:16 - 00206096 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-09-30 12:22 - 2016-09-15 18:15 - 00649568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00557408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00341936 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-30 12:22 - 2016-09-15 18:15 - 00335712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00223584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-30 12:22 - 2016-09-15 18:15 - 00130912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storahci.sys
2016-09-30 12:22 - 2016-09-15 18:14 - 01415752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32full.dll
2016-09-30 12:22 - 2016-09-15 18:14 - 01100128 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2016-09-30 12:22 - 2016-09-15 18:14 - 00988512 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2016-09-30 12:22 - 2016-09-15 18:14 - 00947552 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2016-09-30 12:22 - 2016-09-15 18:14 - 00811872 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2016-09-30 12:22 - 2016-09-15 18:14 - 00435040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2016-09-30 12:22 - 2016-09-15 18:12 - 08158672 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-09-30 12:22 - 2016-09-15 18:12 - 01472536 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 04673296 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-09-30 12:22 - 2016-09-15 18:11 - 01990640 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 01300600 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 01066104 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 00862064 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 00725664 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2016-09-30 12:22 - 2016-09-15 18:11 - 00160096 _____ (Microsoft Corporation) C:\Windows\system32\CloudExperienceHostBroker.dll
2016-09-30 12:22 - 2016-09-15 18:08 - 05683712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-09-30 12:22 - 2016-09-15 18:07 - 01572768 _____ (Microsoft Corporation) C:\Windows\system32\gdi32full.dll
2016-09-30 12:22 - 2016-09-15 18:07 - 01418304 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-09-30 12:22 - 2016-09-15 18:07 - 00128864 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2016-09-30 12:22 - 2016-09-15 18:06 - 01046880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2016-09-30 12:22 - 2016-09-15 18:06 - 00372440 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-09-30 12:22 - 2016-09-15 18:01 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Radios.dll
2016-09-30 12:22 - 2016-09-15 18:00 - 00554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2016-09-30 12:22 - 2016-09-15 18:00 - 00518656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ngccredprov.dll
2016-09-30 12:22 - 2016-09-15 18:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-09-30 12:22 - 2016-09-15 17:59 - 00255488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdm.tsp
2016-09-30 12:22 - 2016-09-15 17:59 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinRtTracing.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credprovhost.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFi.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 12:22 - 2016-09-15 17:58 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00392192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.Input.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncSettings.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-30 12:22 - 2016-09-15 17:57 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ClipboardServer.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 01300480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVPXENC.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00670208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.PointOfService.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Import.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00298496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00257536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DataExchange.dll
2016-09-30 12:22 - 2016-09-15 17:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Core.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00562176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.SmartCards.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetworkCollectionAgent.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00386048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00332288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00306176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieproxy.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00218624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WwaApi.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\biwinrt.dll
2016-09-30 12:22 - 2016-09-15 17:55 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2016-09-30 12:22 - 2016-09-15 17:54 - 00747520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Ocr.dll
2016-09-30 12:22 - 2016-09-15 17:54 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-09-30 12:22 - 2016-09-15 17:54 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Picker.dll
2016-09-30 12:22 - 2016-09-15 17:53 - 00819200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-09-30 12:22 - 2016-09-15 17:53 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-30 12:22 - 2016-09-15 17:53 - 00284672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 01358336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00816640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NaturalLanguage6.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00500224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00445952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprapi.dll
2016-09-30 12:22 - 2016-09-15 17:52 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-09-30 12:22 - 2016-09-15 17:52 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-09-30 12:22 - 2016-09-15 17:51 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mprddm.dll
2016-09-30 12:22 - 2016-09-15 17:50 - 00071168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pwrshplugin.dll
2016-09-30 12:22 - 2016-09-15 17:49 - 00901120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:49 - 00653312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-09-30 12:22 - 2016-09-15 17:49 - 00468992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-30 12:22 - 2016-09-15 17:48 - 01321472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_fs.dll
2016-09-30 12:22 - 2016-09-15 17:48 - 01320448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-09-30 12:22 - 2016-09-15 17:48 - 01112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_health.dll
2016-09-30 12:22 - 2016-09-15 17:47 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Editing.dll
2016-09-30 12:22 - 2016-09-15 17:47 - 00134656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Energy.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 03305984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MiracastReceiver.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 00471552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 12:22 - 2016-09-15 17:46 - 00343040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 02749440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 02642944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 00470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2016-09-30 12:22 - 2016-09-15 17:44 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-09-30 12:22 - 2016-09-15 17:44 - 00459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:44 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSAC3ENC.DLL
2016-09-30 12:22 - 2016-09-15 17:44 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\UserDataTimeUtil.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 03520512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xpsrchvw.exe
2016-09-30 12:22 - 2016-09-15 17:43 - 03196416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\mfksproxy.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00220672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToReceiver.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-30 12:22 - 2016-09-15 17:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\odbcconf.dll
2016-09-30 12:22 - 2016-09-15 17:42 - 01220608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-09-30 12:22 - 2016-09-15 17:42 - 00719872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsp_sr.dll
2016-09-30 12:22 - 2016-09-15 17:42 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\nltest.exe
2016-09-30 12:22 - 2016-09-15 17:42 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\winhvr.sys
2016-09-30 12:22 - 2016-09-15 17:42 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BackgroundMediaPolicy.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00400384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Geolocation.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\unimdm.tsp
2016-09-30 12:22 - 2016-09-15 17:41 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\Family.SyncEngine.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\Family.Client.dll
2016-09-30 12:22 - 2016-09-15 17:41 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\Family.Authentication.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 02138112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 02026496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-30 12:22 - 2016-09-15 17:40 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 01656320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Perception.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 01247232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00395264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmenrollengine.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2016-09-30 12:22 - 2016-09-15 17:40 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\Windows.System.UserDeviceAssociation.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 01232384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 01170944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 01004544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00827904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnr.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\OneBackupHandler.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-09-30 12:22 - 2016-09-15 17:39 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Flights.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00773120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2016-09-30 12:22 - 2016-09-15 17:38 - 00691200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\NetworkCollectionAgent.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00620544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00573952 _____ (Microsoft Corporation) C:\Windows\system32\NgcCtnrGidsHandler.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00505856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.WiFiDirect.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\icsvcext.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.Phone.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SerialCommunication.dll
2016-09-30 12:22 - 2016-09-15 17:38 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 01507840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.FaceAnalysis.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.SmartCards.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\ieproxy.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00568320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.LowLevel.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\wlancfg.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00279552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\biwinrt.dll
2016-09-30 12:22 - 2016-09-15 17:37 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdiWiFi.sys
2016-09-30 12:22 - 2016-09-15 17:36 - 00686592 _____ (Microsoft Corporation) C:\Windows\system32\dsregcmd.exe
2016-09-30 12:22 - 2016-09-15 17:36 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00640000 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00448512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TpmCoreProvisioning.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00324608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00310784 _____ (Microsoft Corporation) C:\Windows\system32\SyncSettings.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.CredDialogController.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-09-30 12:22 - 2016-09-15 17:36 - 00125952 _____ (Microsoft Corporation) C:\Windows\system32\setupugc.exe
2016-09-30 12:22 - 2016-09-15 17:35 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00472064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00331776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00280064 _____ (Microsoft Corporation) C:\Windows\system32\DataExchange.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2016-09-30 12:22 - 2016-09-15 17:35 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\rshx32.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.InkControls.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\AccountsRt.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2016-09-30 12:22 - 2016-09-15 17:34 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\AboveLockAppHost.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 03753984 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 01004032 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00966144 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00963584 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00560128 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2016-09-30 12:22 - 2016-09-15 17:33 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\mprapi.dll
2016-09-30 12:22 - 2016-09-15 17:32 - 02716672 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-09-30 12:22 - 2016-09-15 17:32 - 00634368 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-09-30 12:22 - 2016-09-15 17:31 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\qmgr.dll
2016-09-30 12:22 - 2016-09-15 17:31 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\pwrshplugin.dll
2016-09-30 12:22 - 2016-09-15 17:31 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-09-30 12:22 - 2016-09-15 17:30 - 03776512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 01639424 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 01403392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Editing.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-30 12:22 - 2016-09-15 17:30 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Energy.dll
2016-09-30 12:22 - 2016-09-15 17:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\baaupdate.exe
2016-09-30 12:22 - 2016-09-15 17:29 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 12:22 - 2016-09-15 17:29 - 00329728 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2016-09-30 12:22 - 2016-09-15 17:29 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\RelPost.exe
2016-09-30 12:22 - 2016-09-15 17:28 - 03288064 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-09-30 12:22 - 2016-09-15 17:28 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\fveprompt.exe
2016-09-30 12:22 - 2016-09-15 17:27 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00942080 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00702976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 12:22 - 2016-09-15 17:27 - 00228352 _____ (Microsoft Corporation) C:\Windows\system32\MSAC3ENC.DLL
2016-09-30 12:22 - 2016-09-15 17:26 - 00501248 _____ (Microsoft Corporation) C:\Windows\system32\imapi2.dll
2016-09-30 12:22 - 2016-09-15 17:26 - 00361472 _____ (Microsoft Corporation) C:\Windows\system32\bdechangepin.exe
2016-09-30 12:22 - 2016-09-15 17:25 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-09-30 12:22 - 2016-09-15 17:25 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\uReFS.dll
2016-09-30 12:22 - 2016-09-15 17:25 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-09-30 12:22 - 2016-09-15 17:25 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\BackgroundMediaPolicy.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 04596224 _____ (Microsoft Corporation) C:\Windows\system32\xpsrchvw.exe
2016-09-30 12:22 - 2016-09-15 17:24 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Geolocation.dll
2016-09-30 12:22 - 2016-09-15 17:24 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Devices.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 04474368 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 01361408 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 01040896 _____ (Microsoft Corporation) C:\Windows\system32\NaturalLanguage6.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 00611328 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Midi.dll
2016-09-30 12:22 - 2016-09-15 17:23 - 00347648 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 05611008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 01709056 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 01643008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\mprddm.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 00770560 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-09-30 12:22 - 2016-09-15 17:22 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2016-09-30 12:22 - 2016-09-15 17:21 - 00971264 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 02424320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Perception.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 02095616 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-30 12:22 - 2016-09-15 17:20 - 01710080 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 01275392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-09-30 12:22 - 2016-09-15 17:20 - 00875520 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-09-30 12:22 - 2016-09-15 17:19 - 03202048 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-09-30 12:22 - 2016-09-15 17:19 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Maps.dll
2016-09-30 12:22 - 2016-09-15 17:19 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-09-30 12:22 - 2016-09-15 17:18 - 01369088 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Phone.dll
2016-09-30 12:22 - 2016-09-15 17:18 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-09-30 12:22 - 2016-09-15 17:17 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-09-30 12:22 - 2016-09-15 17:17 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\FontProvider.dll
2016-09-30 12:22 - 2016-09-15 17:16 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-09-30 12:22 - 2016-09-15 17:16 - 00531456 _____ (Microsoft Corporation) C:\Windows\system32\TpmCoreProvisioning.dll
2016-09-30 12:22 - 2016-09-15 17:16 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\spaceman.exe
2016-09-30 12:22 - 2016-08-06 04:34 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\smphost.dll
2016-09-30 12:22 - 2016-08-06 04:33 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smphost.dll
2016-09-30 12:22 - 2016-08-05 09:29 - 00568832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.UXRes.dll
2016-09-27 14:31 - 2016-09-27 14:31 - 00000000 ____D C:\Users\Gregor\AppData\Local\AM2R
2016-09-27 10:07 - 2016-09-27 10:07 - 02295818 _____ C:\Users\Gregor\Downloads\page 1.pdf
2016-09-27 09:54 - 2016-09-27 14:06 - 00000000 ____D C:\Users\Gregor\Documents\Outlook Files
         

Alt 27.10.2016, 15:17   #11
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



FRST Teil 2
Code:
ATTFilter
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 15:10 - 2016-08-17 19:25 - 00000000 ____D C:\Program Files (x86)\Steam
2016-10-27 15:10 - 2016-08-17 18:57 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-27 15:10 - 2016-08-17 18:55 - 00000000 ___RD C:\Users\Gregor\OneDrive
2016-10-27 15:10 - 2016-08-17 18:51 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-27 15:09 - 2016-07-16 07:04 - 00524288 _____ C:\Windows\system32\config\BBI
2016-10-27 15:03 - 2016-08-17 18:54 - 00000000 ____D C:\Users\Gregor
2016-10-27 15:01 - 2016-08-17 18:51 - 00333096 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-27 15:00 - 2016-08-17 19:01 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-27 14:22 - 2016-08-17 18:51 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-10-27 13:31 - 2016-08-20 15:34 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-27 12:17 - 2016-08-17 18:58 - 01027402 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-27 12:08 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\AppReadiness
2016-10-26 17:53 - 2016-08-17 18:57 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-26 13:32 - 2016-08-17 19:12 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-10-26 11:42 - 2016-08-17 18:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-10-26 11:42 - 2016-08-17 18:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-10-26 11:42 - 2016-07-16 12:45 - 00000000 ____D C:\Windows\INF
2016-10-26 11:41 - 2016-08-17 19:21 - 00000000 ____D C:\Users\Gregor\AppData\Local\NVIDIA Corporation
2016-10-26 11:41 - 2016-08-17 18:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-10-26 11:41 - 2016-08-17 18:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-10-26 11:33 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-22 09:41 - 2015-04-16 19:03 - 00212936 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2016-10-22 09:41 - 2015-04-16 07:19 - 01595456 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2016-10-22 08:25 - 2016-08-17 20:00 - 28199992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2016-10-22 08:25 - 2015-07-13 20:45 - 03922448 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2016-10-22 08:25 - 2015-07-13 20:45 - 03465312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2016-10-22 08:25 - 2015-07-13 20:45 - 00042296 _____ C:\Windows\system32\nvinfo.pb
2016-10-22 07:04 - 2016-08-17 20:02 - 00548408 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2016-10-22 07:04 - 2016-08-17 20:02 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 06386232 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 02475968 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2016-10-22 07:04 - 2016-08-17 18:57 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2016-10-21 08:17 - 2016-08-17 18:57 - 07500035 _____ C:\Windows\system32\nvcoproc.bin
2016-10-20 13:32 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-10-20 13:31 - 2016-08-17 19:07 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-10-18 10:26 - 2016-07-16 12:36 - 00000000 ____D C:\Windows\CbsTemp
2016-10-17 19:00 - 2016-09-03 16:34 - 00001104 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\paint.net.lnk
2016-10-17 19:00 - 2016-09-03 16:34 - 00000000 ____D C:\Program Files\paint.net
2016-10-14 14:13 - 2016-08-17 18:59 - 00000000 ____D C:\Users\Gregor\AppData\Local\Comms
2016-10-14 11:15 - 2016-08-17 18:59 - 00000000 ____D C:\Users\Gregor\AppData\Local\NVIDIA
2016-10-13 20:53 - 2016-08-17 20:05 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-10-13 19:19 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\rescache
2016-10-13 16:39 - 2016-08-17 22:39 - 00000000 ____D C:\Users\Gregor\AppData\Roaming\AgileBits
2016-10-13 11:24 - 2016-08-17 18:54 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-13 11:23 - 2016-08-17 22:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\migwiz
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\ShellExperiences
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-13 00:00 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-12 14:38 - 2016-08-17 19:11 - 00000000 ____D C:\Windows\system32\MRT
2016-10-12 14:36 - 2016-08-17 19:11 - 143495576 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-10-12 13:48 - 2016-07-16 12:43 - 00783360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2016-10-12 13:48 - 2016-07-16 12:42 - 00177664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Diagnostics.dll
2016-10-10 09:07 - 2016-08-17 22:36 - 00000000 ____D C:\Program Files (x86)\1Password 4
2016-10-03 21:09 - 2016-07-16 12:49 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-10-03 21:09 - 2016-07-16 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-30 13:40 - 2016-07-16 15:24 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ___SD C:\Windows\system32\F12
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\SysWOW64\setup
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\setup
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\oobe
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\Provisioning
2016-09-30 13:40 - 2016-07-16 12:47 - 00000000 ____D C:\Windows\bcastdvr
2016-09-30 13:40 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-09-30 13:40 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\system32\Sysprep
2016-09-30 13:40 - 2016-07-16 07:04 - 00000000 ____D C:\Windows\system32\Dism
2016-09-30 05:25 - 2016-08-17 19:21 - 00106040 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll

Some files in TEMP:
====================
C:\Users\Gregor\AppData\Local\Temp\libeay32.dll
C:\Users\Gregor\AppData\Local\Temp\msvcr120.dll
C:\Users\Gregor\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-17 20:20

==================== End of FRST.txt ============================
         
Addition
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-10-2016
Ran by Gregor (27-10-2016 15:11:48)
Running from C:\Users\Gregor\Desktop
Windows 10 Education Version 1607 (X64) (2016-08-17 17:53:38)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2517125553-2289925176-1808856583-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2517125553-2289925176-1808856583-503 - Limited - Disabled)
defaultuser0 (S-1-5-21-2517125553-2289925176-1808856583-1000 - Limited - Disabled) => C:\Users\defaultuser0
Gregor (S-1-5-21-2517125553-2289925176-1808856583-1001 - Administrator - Enabled) => C:\Users\Gregor
Guest (S-1-5-21-2517125553-2289925176-1808856583-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

1Password 4.6.1.616 (HKLM-x32\...\1Password4_is1) (Version: 4.0 - AgileBits)
Ansel (Version: 375.63 - NVIDIA Corporation) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{29DB9165-5FC1-48F0-9188-26123F526848}) (Version: 5.0.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{5905C8CF-1C88-4478-A48E-4E458AD1BC7E}) (Version: 5.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D4D86CB2-2370-4691-8272-3869EDED6C64}) (Version: 10.0.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Discord (HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\...\Discord) (Version: 0.0.296 - Hammer & Chisel, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 12.4.22 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.45.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Greenshot 1.2.8.12 (HKLM\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{9946A4F7-E0FD-4A33-82D1-06CBFFBBB9F9}) (Version: 12.5.1.21 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
MiniTool Partition Wizard Free 9.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Mozilla Firefox 49.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 49.0.1 (x86 en-US)) (Version: 49.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 49.0.1.6109 - Mozilla)
NVIDIA 3D Vision Controller Driver 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 375.63 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.0.7.34 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.0.7.34 - NVIDIA Corporation)
NVIDIA Graphics Driver 375.63 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 375.63 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.17 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.0.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{A1D05314-DC32-4668-A97E-51060EC8BCCE}) (Version: 4.0.12 - dotPDN LLC)
Razer Chroma SDK Core Components (HKLM-x32\...\Razer Chroma SDK) (Version: 1.9.6 - Razer Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 2.20.15.1013 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0320 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.0.7.34 - NVIDIA Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Vulkan Run Time Libraries 1.0.26.0 (HKLM\...\VulkanRT1.0.26.0) (Version: 1.0.26.0 - LunarG, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2517125553-2289925176-1808856583-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F98804-A75C-4093-9750-EF2A7FBD788D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {06DE5636-578C-4B5D-84EF-43A7405ED7AF} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-18] (Microsoft Corporation)
Task: {090E1755-0113-4D39-AA52-00EEB9470606} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-09-30] (NVIDIA Corporation)
Task: {2C0BCEDB-0A12-4597-BECC-32DC3AED8CF6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {45B2E87D-AC76-4118-8441-A7649CCE26B2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {4FD5D09D-44AA-4FDA-8C10-84A406A5B4A6} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-10-09] (Microsoft Corporation)
Task: {559A9E96-30B7-4764-9E3E-E27D85644192} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-17] (Dropbox, Inc.)
Task: {673C1216-417F-49DC-961F-7C504A5A4295} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-17] (Google Inc.)
Task: {7FE723A8-BF74-421F-BE62-F982DFED213F} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {9DD81C87-F465-4FC9-8D61-28C1D9217089} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-17] (Dropbox, Inc.)
Task: {9F8096A3-0AF0-4632-9213-851944A474B6} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-09-30] (NVIDIA Corporation)
Task: {A94DA948-87EC-4CCE-98C2-A30348AEAFD5} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {CC96FB80-21E9-4A88-AB14-2F23A10D7155} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-09-30] (NVIDIA Corporation)
Task: {EAA58ED6-1873-4D31-B9AA-9BF1ADEA884D} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-09-30] (NVIDIA Corporation)
Task: {EBAFBB26-F8E1-4171-9C3E-3CF46C9C878C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Gregor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Readium.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fepbnnnkkadjhjahcafoaglimekefifl

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00039424 _____ () C:\Windows\SYSTEM32\efsext.dll
2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 00419896 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-09-24 23:20 - 2016-09-24 23:21 - 00189264 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-08-17 18:57 - 2016-10-22 07:04 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-09-30 12:23 - 2016-09-15 18:25 - 02681200 _____ () C:\Windows\SYSTEM32\CoreUIComponents.dll
2016-08-18 18:55 - 2016-08-18 18:55 - 01864384 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-08-17 19:12 - 2016-10-08 08:52 - 08923840 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-09-22 08:31 - 2016-09-07 05:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-10-12 13:56 - 2016-10-05 10:35 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-10-12 13:56 - 2016-10-05 10:21 - 09760256 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-10-12 13:56 - 2016-10-05 10:13 - 02424832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-10-12 13:56 - 2016-10-05 10:14 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-10-20 13:19 - 2016-10-20 13:19 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-10-20 13:19 - 2016-10-20 13:19 - 35253760 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-10-26 17:53 - 2016-10-20 09:56 - 02367080 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libglesv2.dll
2016-10-26 17:53 - 2016-10-20 09:56 - 00107112 _____ () C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\libegl.dll
2016-10-14 11:15 - 2016-09-30 05:25 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-10-14 11:15 - 2016-09-29 18:20 - 00500792 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00255936 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-14 11:15 - 2016-09-29 18:20 - 02801208 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00244672 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00430648 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00336832 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-14 11:15 - 2016-09-29 18:20 - 00373696 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-08-18 18:55 - 2016-08-18 18:55 - 01383616 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-18 18:55 - 2016-08-18 18:55 - 00118976 _____ () C:\Users\Gregor\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-17 19:26 - 2016-09-08 04:14 - 00784672 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-08-17 19:26 - 2016-10-13 02:58 - 02321696 _____ () C:\Program Files (x86)\Steam\video.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-08-17 19:26 - 2016-01-27 08:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-08-17 19:26 - 2016-09-01 02:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-08-17 19:26 - 2016-10-13 02:58 - 00836896 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-08-17 19:26 - 2016-07-04 23:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-10-15 10:19 - 2016-08-04 21:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.winxp\libcef.dll
2016-08-28 22:20 - 2016-08-24 17:49 - 01950392 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\ffmpeg.dll
2016-08-28 22:20 - 2016-08-28 22:20 - 01050296 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_voice\discord_voice.node
2016-08-28 22:20 - 2016-08-28 22:20 - 03793080 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_voice\libdiscord.dll
2016-08-28 22:20 - 2016-08-28 22:20 - 00894136 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_utils\discord_utils.node
2016-08-28 22:20 - 2016-08-28 22:20 - 01119416 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_toaster\discord_toaster.node
2016-08-28 22:20 - 2016-08-24 17:49 - 02230456 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\libglesv2.dll
2016-08-28 22:20 - 2016-08-24 17:49 - 00088760 _____ () C:\Users\Gregor\AppData\Local\Discord\app-0.0.296\libegl.dll
2016-10-20 07:33 - 2016-10-20 07:33 - 00143824 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2016-08-17 20:06 - 2016-09-22 02:44 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-10-13 20:53 - 2016-09-22 02:45 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2016-08-17 20:06 - 2016-09-22 02:44 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2016-08-17 20:06 - 2016-09-22 02:44 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2016-08-17 20:06 - 2016-09-22 02:44 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-10-13 20:53 - 2016-09-22 02:44 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-10-13 20:53 - 2016-09-22 02:46 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-08-17 20:06 - 2016-09-22 02:46 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-10-13 20:53 - 2016-09-22 02:42 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-10-13 20:53 - 2016-10-10 19:35 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-10-13 20:53 - 2016-10-10 19:30 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-10-13 20:53 - 2016-10-10 19:35 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-10-13 20:53 - 2016-10-10 19:35 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2016-08-17 20:06 - 2016-09-22 02:45 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 01972528 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00133424 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2016-10-13 20:53 - 2016-09-22 02:49 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-10-13 20:53 - 2016-09-22 02:49 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-08-17 20:06 - 2016-09-22 02:46 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-17 20:06 - 2016-10-10 19:35 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-10-13 20:53 - 2016-10-10 19:35 - 00168760 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-10-27 15:10 - 2016-10-27 15:10 - 00170496 _____ () \\?\C:\Users\Gregor\AppData\Local\Temp\8D9A.tmp.node
2016-08-28 22:20 - 2016-10-14 11:13 - 02658304 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_rpc\discord_rpc.node
2016-09-22 08:28 - 2016-10-14 11:13 - 02147328 _____ () \\?\C:\Users\Gregor\AppData\Roaming\discord\0.0.296\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-07-16 12:47 - 2016-07-16 12:45 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2517125553-2289925176-1808856583-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2B06E59C-6DD2-4277-AB18-72864D5B1255}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{8BA341C7-8C12-435C-8CF5-32C64DFE0994}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{DA935703-281B-447B-B275-375C3C479800}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A82B8021-D5F9-4ADC-A069-379BAE3CA65D}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4711E74F-5508-4F4F-BABF-1A6DA2A6CD19}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{31186C5F-B602-43F2-902A-4FBE7039F5C8}] => (Allow) D:\SteamLibrary\steamapps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{B9C6195C-36CA-4814-AF65-158195D9C6F8}] => (Allow) D:\SteamLibrary\steamapps\common\FlameInTheFlood\RiverGame.exe
FirewallRules: [{70C5E0D4-ADB4-42AC-BFBE-83918188E883}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{512CA846-0E9C-4B6B-ADC5-D345A51421F4}] => (Allow) D:\SteamLibrary\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{4BABCD7C-A615-4930-AD59-B21109B0F334}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C92D1568-8768-4739-8003-C704AC317B18}] => (Allow) D:\SteamLibrary\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{64112DFA-008A-48EF-ACE6-586559D1A500}] => (Allow) D:\SteamLibrary\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{832AC24B-7745-4507-AF5C-7165E774888C}] => (Allow) D:\SteamLibrary\steamapps\common\Firefall\system\bin\FirefallClient.exe
FirewallRules: [{CFFBF928-930A-4DBE-BBEC-483512B6884D}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{23CA234B-5FCF-4848-92A8-655A088F6646}] => (Allow) D:\SteamLibrary\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{DC1CAD8D-FBB1-4D26-A7AF-9E4F2EAB008C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D475E5CB-DBD9-42FD-82EB-063067B69AF8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{713E1470-9694-4C06-A984-38F7CE9340BC}D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [UDP Query User{2FD3CC73-9FB7-471D-903B-B00AC0F289A8}D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe] => (Allow) D:\battle.net\starcraft ii\versions\base44983\sc2_x64.exe
FirewallRules: [TCP Query User{15F22BF2-8637-40E9-9422-7E67E59C6F1B}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [UDP Query User{A7EAAB5A-2035-445C-9C48-F6B41F36C0AD}D:\battle.net\hearthstone\hearthstone.exe] => (Allow) D:\battle.net\hearthstone\hearthstone.exe
FirewallRules: [{34A44EF0-4B3E-4EAC-91DE-4CCE663C4A5A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{24AA3F0A-E712-4108-8769-780598541055}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3CB3C5C8-6060-4FFF-9507-C76EA6FC5452}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{57D551EA-01F4-49AE-9870-F7421F7DFAD1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7C336E04-E62A-4A1A-A704-8F465B4C009C}] => (Allow) D:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{F35AA936-CCD8-4ABD-BFB8-99593A6E4D15}] => (Allow) D:\SteamLibrary\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{81CCC2C1-CB4E-4FE0-9313-A8E8B44EA213}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{AEA4F2CD-10CB-4617-8700-6349EA4134F3}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [TCP Query User{3562EA4E-06DC-4B9F-8AE1-4C96C100A87F}C:\users\gregor\maintrance\hostex.exe] => (Block) C:\users\gregor\maintrance\hostex.exe
FirewallRules: [UDP Query User{F1F7A6E6-4AFB-4748-9C87-78B4BC7A8A33}C:\users\gregor\maintrance\hostex.exe] => (Block) C:\users\gregor\maintrance\hostex.exe
FirewallRules: [{6EA5E38B-5080-4306-8E3B-CFB5DFF82B02}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{2B04DDCE-6752-4ABB-8B81-FD8D2409B9C6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{E975F0E1-DD62-485F-873C-F948D2F91DBF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{983B25F4-A3C7-45B4-94BA-2BDE61E9821D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{2A791368-B6A0-41ED-B416-BB6A8B5B13DE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{387FC42E-5236-4C6B-B98D-52C612192239}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

12-10-2016 14:35:05 Windows Update
14-10-2016 11:16:32 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918
17-10-2016 19:00:43 paint.net 4.0.12
26-10-2016 19:25:32 Scheduled Checkpoint
27-10-2016 12:15:39 Avira System Speedup 2.7.0

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/27/2016 03:10:51 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/27/2016 03:04:59 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/27/2016 03:02:19 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/27/2016 12:15:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/27/2016 12:11:38 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/27/2016 10:33:44 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/26/2016 07:25:33 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/26/2016 11:30:25 AM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/25/2016 12:21:55 PM) (Source: Microsoft-Windows-EFS) (EventID: 4401) (User: DESKTOP-5EGOQLI)
Description: 7.488: EFS service failed to provision a user for EDP. Error code: 0x80070005.

Error: (10/24/2016 02:56:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5453


System errors:
=============
Error: (10/27/2016 03:10:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (10/27/2016 03:09:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error: 
The service did not start due to a logon failure.

Error: (10/27/2016 03:09:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
The request is not supported.


To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/27/2016 03:09:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2016 03:09:12 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2016 03:09:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (10/27/2016 03:09:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Razer Game Scanner service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/27/2016 03:09:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA LocalSystem Container service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (10/27/2016 03:09:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Razer Chroma SDK Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (10/27/2016 03:09:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The NVIDIA Display Container LS service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-10-14 11:14:40.929
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-10-14 11:14:40.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 31%
Total physical RAM: 8133.64 MB
Available physical RAM: 5596.64 MB
Total Virtual: 9413.64 MB
Available Virtual: 6283.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:147.51 GB) (Free:109.84 GB) NTFS
Drive d: (Games) (Fixed) (Total:931.51 GB) (Free:726.38 GB) NTFS
Drive f: (Data Dump) (Fixed) (Total:931.51 GB) (Free:544.81 GB) NTFS
Drive k: (Windows 7) (Fixed) (Total:85.37 GB) (Free:12.01 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: E03AB4B2)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 260D3280)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 5E9AE640)
Partition 1: (Active) - (Size=85.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=147.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================
         

Alt 27.10.2016, 15:36   #12
M-K-D-B
/// TB-Ausbilder
 
RAT Trojaner? - Standard

RAT Trojaner?



Servus,




Schritt 1

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset







Schritt 2
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.
  • Starte die HitmanPro.exe
  • Klicke auf
  • Entferne den Haken bei
  • Klicke auf
    und
  • Akzeptiere die Lizenzbedingungen und klicke auf
  • Klicke auf

    und auf
  • Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
    und speichere die Logdatei auf Deinem Desktop.
  • Schließe HitmanPro und poste mir das Log.

 










Bitte poste mit deiner nächsten Antwort
  • die Logdatei von ESET,
  • die Logdatei von HitmanPro.

Alt 27.10.2016, 17:41   #13
Morgren
 
RAT Trojaner? - Standard

RAT Trojaner?



ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c95a4120d732f444ac63221a8f8dec8a
# end=init
# utc_time=2016-10-27 02:44:58
# local_time=2016-10-27 03:44:58 (+0000, GMT Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 31217
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c95a4120d732f444ac63221a8f8dec8a
# end=updated
# utc_time=2016-10-27 02:47:38
# local_time=2016-10-27 03:47:38 (+0000, GMT Daylight Time)
# country="United States"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c95a4120d732f444ac63221a8f8dec8a
# engine=31217
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-10-27 04:29:34
# local_time=2016-10-27 05:29:34 (+0000, GMT Daylight Time)
# country="United States"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 18922 8916390 0 0
# scanned=623749
# found=0
# cleaned=0
# scan_time=6115
         
Hitman
Code:
ATTFilter
HitmanPro 3.7.14.280
www.hitmanpro.com

   Computer name . . . . : DESKTOP-5EGOQLI
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : DESKTOP-5EGOQLI\Gregor
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2016-10-27 17:38:28
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 1m 17s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 1

   Objects scanned . . . : 1,549,490
   Files scanned . . . . : 31,439
   Remnants scanned  . . : 280,617 files / 1,237,434 keys

Suspicious files ____________________________________________________________

   C:\Users\Gregor\Desktop\FRST64.exe
      Size . . . . . . . : 2,407,936 bytes
      Age  . . . . . . . : 0.2 days (2016-10-27 13:27:40)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 3E1BA12736F5E860F8AF2E391C338236670CA5F4E836EFE1B6A9B13D8D94AFB5
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         

Alt 28.10.2016, 20:06   #14
M-K-D-B
/// TB-Ausbilder
 
RAT Trojaner? - Standard

RAT Trojaner?



Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.
Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.





Cleanup:
Alle Logs gepostet? Dann lade Dir bitte DelFix herunter.
  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
Hinweis:
DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
Starte Deinen Rechner anschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen.





Absicherung:
Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen:
Browser
Java
Flash-Player
PDF-Reader

Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren.
Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen.

Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig.




Sofern du noch unentschieden bist, verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:

   
 

Microsoft Security Essentials (MSE) / Windows Defender (WD) ist ab Windows 8 fest eingebaut, wenn du also Windows 8, 8.1 oder 10 und dich für MSE/WD entschieden hast, brauchst du nicht extra MSE/WD zu installieren. Bei Windows 7 muss es aber manuell installiert oder über die Windows Updates als optionales Update bezogen werden. Selbstverständlich ist ein legales/aktiviertes Windows Voraussetzung dafür.




Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen.




Optional:
Adblock Plus Kann Banner, Pop-ups, Videowerbung, Tracking und Malware-Seiten blockieren.
NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen.

Lade Software von einem sauberen Portal wie .
Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen.
Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner .




Abschließend noch ein paar grundsätzliche Bemerkungen:
  • Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems.
  • Lade keine Software von Chip, Softonic oder SourceForge. Die dort angebotene Software wird häufig mit einem sog. "Installer" verteilt, mit dem man sich nur unerwünschte Software oder Adware installiert.
  • Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Selbst Microsoft unterstützt sog. Registry-Cleaner nicht. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden.




Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

Alt 30.10.2016, 10:46   #15
M-K-D-B
/// TB-Ausbilder
 
RAT Trojaner? - Standard

RAT Trojaner?



Ich bin froh, dass wir helfen konnten

In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest:
Lob, Kritik und Wünsche
Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

Antwort

Themen zu RAT Trojaner?
avira, code, data, detected, dllhost.exe, explorer.exe, file, helper.exe, ics, infected, lsass.exe, malwarebytes, mas, maus, msascuil.exe, nvidia, schnell, sekunden, services, sihost.exe, spoolsv.exe, svchost.exe, system, trojaner, trojaner?, warning, web, windows, windowsapps, winlogon.exe



Zum Thema RAT Trojaner? - Hallo! Heute hat sich mir während der PC Nutzung die Maus bewegt, ein neues Chrome Fenster geöffnet und jemand wollte mir pazpal öffnen. Gut, dass ich ein deutsches Keyboard Layout - RAT Trojaner?...
Archiv
Du betrachtest: RAT Trojaner? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.