Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: ByteFence, Artemis: Malware, Trojan

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.11.2016, 00:48   #1
voxppl
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



Guten Tag,

mein neuer Computer hat eine Malware Namens "ByteFenceService" und einen Trojaner Namens "Artemis". Ich besitze meinen Computer erst seit zwei Tagen und mein Anti-Virus Programm ist McAfee LiveSafe, da diese Malware im Task-Manager sich selbst als "ByteFence Anti-Malware" bekannt gibt, kam es mir sehr merkwürdig vor und ich informierte mich dementsprechend darüber und habe die Schritte aus diesem Forum befolgt. McAfee fand zudem auch den vorhin genannten Trojaner "Artemis!94A2A1C74C1E (Trojaner)" und "Artemis!014A0349141B", hier fällt auf, dass das erstgenannte in klammern "Trojaner" stehen hat. Hier sind die Log Dateien:

Einmal von Malwarebytes Anti-Malware (eine folgende Aktion wurde durchgeführt: Löschvorgang der Gesamten Viren): log1311_2.txt
Adw-Cleaner: AdwCleaner[S0].txt
Junkware Removel Tool: JRT.txt
Shortcut Cleaner: sc-cleaner.txt
ESET: log.txt
FRST 64-Bit: Addition.txt (FRST.txt ist mit 197kb zu groß)

ich würde mich auf Hilfe sehr freuen
Danke schon mal im vorraus

mfg voxppl

Alt 14.11.2016, 09:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 14.11.2016, 09:59   #3
Fragerin
/// TB-Senior
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



Cosinus war schneller
__________________
__________________

Alt 14.11.2016, 18:02   #4
voxppl
 
ByteFence, Artemis: Malware, Trojan - Standard

Re: [Code]



Danke ! Hier sind die Logfiles:

MBAM (eine Aktion wurde von mir durchgeführt in MBAM: Entfernen der Funde):
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 13.11.2016
Suchlaufzeit: 21:18
Protokolldatei: log1311_2.txt
Administrator: Ja

Version: 2.2.1.1043
Malware-Datenbank: v2016.11.13.06
Rootkit-Datenbank: v2016.10.31.01
Lizenz: Testversion
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 10
CPU: x64
Dateisystem: NTFS
Benutzer: yorul

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 296021
Abgelaufene Zeit: 2 Min., 36 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 2
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, 6236, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8]
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe, 2756, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 18
Trojan.Dropper, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\rtop, In Quarantäne, [6169b20d5545c670f74bb3d8f40f926e], 
PUP.Optional.PCSpeedMaximizer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Speed Maximizer_is1, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.WinZipRegistryOptimizer, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WinZipSmartMonitorService, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, HKLM\SOFTWARE\CLASSES\APPID\WinZipSmartMonitorService.exe, In Quarantäne, [3c8e8d32fe9cdf57d127476ed2310af6], 
PUP.Optional.WinZipRegistryOptimizer, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\WinZipSmartMonitorService.exe, In Quarantäne, [5575ccf3bfdbe3534eaa1d987e858a76], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{020DE70F-877D-4F31-9C21-5AD89433CF7C}, In Quarantäne, [22a8813e6d2dc47288614f8759a8d927], 
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{25F2F208-FACC-416B-8FBA-F9EDF927C04B}, Löschen bei Neustart, [3e8ccdf22377c472ed8af95704ff14ec], 
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CF14C5B2-A439-47B7-8EA0-F5AE3B05E58A}, Löschen bei Neustart, [17b3833cdbbf4ceac4b34a06b54e3ec2], 
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E7C3BFA7-CFEA-4839-A9EB-79D90F61A31E}, Löschen bei Neustart, [4f7b98271783ab8be3940b45a75c1ae6], 
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start WinZip Driver Updater for LAPTOP-LTTG5V9H@yorul(logon), Löschen bei Neustart, [8f3b2e91673347ef037073ddb44fc838], 
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start WinZip Driver Updater Schedule, Löschen bei Neustart, [20aa447ba4f6df573241ef61ab58af51], 
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Start WinZip Driver Updater Update, Löschen bei Neustart, [7a50d2edebaf9a9c343f78d88b78c040], 
PUP.Optional.WinZipRegistryOptimizer, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\WinZipSmartMonitorService.exe, In Quarantäne, [5f6bbe01d8c23402ce2a7b3a7c8729d7], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{020DE70F-877D-4F31-9C21-5AD89433CF7C}, In Quarantäne, [19b1fac5673322141dccab2b25dc28d8], 
PUP.Optional.InstallCore, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\csastats, In Quarantäne, [ca0058679109ed49c2ce1abf679b54ac], 
PUP.Optional.WinYahoo, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211D4A5-48D0-47F5-A7CD-81E861470F7F}, In Quarantäne, [9b2f1ea13664ae886d743e9ed829cf31], 
PUP.Optional.PCSpeedMaximizer, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\PC SPEED MAXIMIZER, In Quarantäne, [b119f9c6425847ef9cfe0b8af30fb947], 
PUP.Optional.ProductSetup, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\PRODUCTSETUP, In Quarantäne, [0bbf5e61fe9ca195d3545a3d5fa3ad53], 

Registrierungswerte: 11
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f[e2e86f50801a1f17d13886d7a75c619f]D1%26b[e2e86f50801a1f17d13886d7a75c619f]DIE%26cc[e2e86f50801a1f17d13886d7a75c619f]Dde%26pa[e2e86f50801a1f17d13886d7a75c619f]Dwincy%26cd[e2e86f50801a1f17d13886d7a75c619f]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr[e2e86f50801a1f17d13886d7a75c619f]D288781905%26a[e2e86f50801a1f17d13886d7a75c619f]Dwbf_popjar_16_45_ssg08%26os_ver[e2e86f50801a1f17d13886d7a75c619f]D10.0%26os[e2e86f50801a1f17d13886d7a75c619f]DWindowsIn QuarantäneB10In QuarantäneBHome, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{020DE70F-877D-4F31-9C21-5AD89433CF7C}|URL, https://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f[22a8813e6d2dc47288614f8759a8d927]D4%26b[22a8813e6d2dc47288614f8759a8d927]DIE%26cc[22a8813e6d2dc47288614f8759a8d927]Dde%26pa[22a8813e6d2dc47288614f8759a8d927]Dwincy%26cd[22a8813e6d2dc47288614f8759a8d927]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr[22a8813e6d2dc47288614f8759a8d927]D288781905%26a[22a8813e6d2dc47288614f8759a8d927]Dwbf_popjar_16_45_ssg08%26os_ver[22a8813e6d2dc47288614f8759a8d927]D10.0%26os[22a8813e6d2dc47288614f8759a8d927]DWindowsIn QuarantäneB10In QuarantäneBHome&p={searchTerms}, %4, %5
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{25F2F208-FACC-416B-8FBA-F9EDF927C04B}|Path, \Start WinZip Driver Updater Schedule, Löschen bei Neustart, [3e8ccdf22377c472ed8af95704ff14ec]
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{CF14C5B2-A439-47B7-8EA0-F5AE3B05E58A}|Path, \Start WinZip Driver Updater Update, Löschen bei Neustart, [17b3833cdbbf4ceac4b34a06b54e3ec2]
PUP.Optional.WinZipDriverUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E7C3BFA7-CFEA-4839-A9EB-79D90F61A31E}|Path, \Start WinZip Driver Updater for LAPTOP-LTTG5V9H@yorul(logon), Löschen bei Neustart, [4f7b98271783ab8be3940b45a75c1ae6]
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f[e5e57748584252e4a96063fafd062ad6]D1%26b[e5e57748584252e4a96063fafd062ad6]DIE%26cc[e5e57748584252e4a96063fafd062ad6]Dde%26pa[e5e57748584252e4a96063fafd062ad6]Dwincy%26cd[e5e57748584252e4a96063fafd062ad6]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr[e5e57748584252e4a96063fafd062ad6]D288781905%26a[e5e57748584252e4a96063fafd062ad6]Dwbf_popjar_16_45_ssg08%26os_ver[e5e57748584252e4a96063fafd062ad6]D10.0%26os[e5e57748584252e4a96063fafd062ad6]DWindowsIn QuarantäneB10In QuarantäneBHome, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{020DE70F-877D-4F31-9C21-5AD89433CF7C}|URL, https://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f[19b1fac5673322141dccab2b25dc28d8]D4%26b[19b1fac5673322141dccab2b25dc28d8]DIE%26cc[19b1fac5673322141dccab2b25dc28d8]Dde%26pa[19b1fac5673322141dccab2b25dc28d8]Dwincy%26cd[19b1fac5673322141dccab2b25dc28d8]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr[19b1fac5673322141dccab2b25dc28d8]D288781905%26a[19b1fac5673322141dccab2b25dc28d8]Dwbf_popjar_16_45_ssg08%26os_ver[19b1fac5673322141dccab2b25dc28d8]D10.0%26os[19b1fac5673322141dccab2b25dc28d8]DWindowsIn QuarantäneB10In QuarantäneBHome&p={searchTerms}, %4, %5
PUP.Optional.WinYahoo, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2211d4a5-48d0-47f5-a7cd-81e861470f7f}|URL, https://de.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f[9b2f1ea13664ae886d743e9ed829cf31]D4%26b[9b2f1ea13664ae886d743e9ed829cf31]DIE%26cc[9b2f1ea13664ae886d743e9ed829cf31]Dde%26pa[9b2f1ea13664ae886d743e9ed829cf31]Dwincy%26cd[9b2f1ea13664ae886d743e9ed829cf31]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr[9b2f1ea13664ae886d743e9ed829cf31]D288781905%26a[9b2f1ea13664ae886d743e9ed829cf31]Dwbf_popjar_16_45_ssg08%26os_ver[9b2f1ea13664ae886d743e9ed829cf31]D10.0%26os[9b2f1ea13664ae886d743e9ed829cf31]DWindowsIn QuarantäneB10In QuarantäneBHome&p={searchTerms}, %4, %5
PUP.Optional.PCSpeedMaximizer, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\PC SPEED MAXIMIZER|AdsBuyNowURL, hxxp://www.avanquest.com/redirections/SmartPCTools/SDU_AQ_DE.htm, In Quarantäne, [b119f9c6425847ef9cfe0b8af30fb947]
PUP.Optional.PCSpeedMaximizer, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\PC SPEED MAXIMIZER|BuyNowURL, hxxp://webtools.avanquest.com/redirect.cfm?redirectId=avanquest/PCSpeedMaximizer_DE_IS_Buy.htm&key2=705&clickid=AC=Avanquest-clickid=yDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyB2RtBtDtCyCtCtCtCtAtCzytDyCtDyCtDtBzy&key1=80ef6c0e539e83b66cc2554e2eed65b439331278, In Quarantäne, [3892ab140b8ff83ee9f6993e3fc303fd]
PUP.Optional.ProductSetup, HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\SOFTWARE\PRODUCTSETUP|tb, 0G2O2W1R0C1R1H, In Quarantäne, [0bbf5e61fe9ca195d3545a3d5fa3ad53]

Registrierungsdaten: 2
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=fSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]D1%26bSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]DIE%26ccSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]Dde%26paSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]Dwincy%26cdSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26crSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]D288781905%26aSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]Dwbf_popjar_16_45_ssg08%26os_verSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]D10.0%26osSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[d6f46d5205958fa79be5161026dd7f81]DWindowsGut: (www.google.com)B10Gut: (www.google.com)BHome, %4, %5
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=fSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]D1%26bSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]DIE%26ccSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]Dde%26paSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]Dwincy%26cdSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26crSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]D288781905%26aSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]Dwbf_popjar_16_45_ssg08%26os_verSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]D10.0%26osSchlecht: (https://de.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_popjar_16_45_ssg08&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dde%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1QzuyDyE0A0BtA0A0DtCyC0F0DtCtDzzyEyBtN0D0Tzu0StCyByBzztN1L2XzutAtFtByEtFtByBtFyDyDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAtA0EtA0DyEyBzztGtB0CtAzytG0FtBzz0EtGyD0DtAtCtGzz0FtBzytBzytCzyyBtA0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzzzyzzyDzyyCzy0BtGyCyByCtCtGyEyBtC0CtG0AyCtC0AtG0FtAyBzztD0A0EtD0Ezy0F0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDyByDyB%26cr%3D288781905%26a%3Dwbf_popjar_16_45_ssg08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome),Ersetzt,[a9215a65a6f4b3839de316101ae9956b]DWindowsGut: (www.google.com)B10Gut: (www.google.com)BHome, %4, %5

Ordner: 10
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater, In Quarantäne, [9931704fbfdbda5cc7acea6f8380e719], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\backups, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-3756311868-1560069095-1558395152-1001, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 

Dateien: 70
Trojan.Dropper, C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe, In Quarantäne, [6169b20d5545c670f74bb3d8f40f926e], 
PUP.Optional.PCSpeedMaximizer, C:\Users\yorul\AppData\Local\Temp\in0DF01217\736B8353_stp\PCSpeedMaximizer_DE_IS.exe, In Quarantäne, [e3e7c3fce2b8d4623e9a30cea25eed13], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\unins000.dat, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Animation.gif, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Brazilian.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\CookieExclusions.txt, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Czech.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Danish.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Dutch.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\English.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\file_id.diz, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Finnish.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\French.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\German.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\HomePage.url, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Italian.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Norwegian.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.chm, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Polish.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Portuguese.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Russian.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Scanning.gif, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Spanish.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\sqlite3.dll, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\StartupList.txt, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\Swedish.ini, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.PCSpeedMaximizer, C:\Program Files (x86)\PC Speed Maximizer\unins000.exe, In Quarantäne, [705ab609e4b6ee485244dabb5fa3837d], 
PUP.Optional.WinZipDriverUpdater, C:\Windows\Tasks\Start WinZip Driver Updater for LAPTOP-LTTG5V9H@yorul(logon).job, In Quarantäne, [ad1daf103d5dc96dff71ef619d66f50b], 
PUP.Optional.WinZipDriverUpdater, C:\Windows\System32\Tasks\Start WinZip Driver Updater for LAPTOP-LTTG5V9H@yorul(logon), In Quarantäne, [b2184e712a704aec0f629ab69a692fd1], 
PUP.Optional.WinZipDriverUpdater, C:\Windows\System32\Tasks\Start WinZip Driver Updater Schedule, In Quarantäne, [7a509f20316978bedc95460a37cc0ff1], 
PUP.Optional.WinZipDriverUpdater, C:\Windows\System32\Tasks\Start WinZip Driver Updater Update, In Quarantäne, [903ae2dd435748eea1d0a1af4bb8fe02], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater\WinZip Driver Updater.lnk, In Quarantäne, [9931704fbfdbda5cc7acea6f8380e719], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip\WinZip Driver Updater\Uninstall.lnk, In Quarantäne, [9931704fbfdbda5cc7acea6f8380e719], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\apps.json, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\msvcp100.dll, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\msvcr100.dll, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.dll, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\SystemInfo-vc100-mt.mab, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Uninstall.exe, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.mab, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.exe, Löschen bei Neustart, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitorService.mab, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4.dll, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4\5ae6acfc-937d-43b9-b91e-954fa7ad3f06.1.0.0.4.mab, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4.dll, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipRegistryOptimizer, C:\Program Files\WinZip Smart Monitor\Plugins\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4\78EB6AEF-BCAB-4E11-9315-3B06CCAA1BDD.1.0.0.4.mab, In Quarantäne, [04c6b70862388da9b441b9fc21e248b8], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\CommonSettings.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\freeDriver, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\backups\BackupInfo.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Brazilian.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Danish.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Dutch.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\English.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Finnish.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\French.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\German.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Italian.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Japanese.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Norwegian.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Russian.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Spanish.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Swedish.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\TradChinese.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\Language\Turkish.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-3756311868-1560069095-1558395152-1001\AppSettings.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-3756311868-1560069095-1558395152-1001\app_log.log, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-3756311868-1560069095-1558395152-1001\DRmanager_log.log, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-3756311868-1560069095-1558395152-1001\Request.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 
PUP.Optional.WinZipDriverUpdater, C:\ProgramData\WinZip\WinZip Driver Updater\S-1-5-21-3756311868-1560069095-1558395152-1001\Response.xml, In Quarantäne, [ffcb07b8a5f58caa7cf37ad655ae718f], 

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         
AdwCleaner:
Code:
ATTFilter
# AdwCleaner v6.030 - Bericht erstellt am 13/11/2016 um 21:49:32
# Aktualisiert am 19/10/2016 von Malwarebytes
# Datenbank : 2016-11-13.2 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : yorul - LAPTOP-LTTG5V9H
# Gestartet von : C:\Users\yorul\Downloads\AdwCleaner_6.030.exe
# Modus: Suchlauf
# Unterstützung : https://www.malwarebytes.com/support



***** [ Dienste ] *****

Dienst Gefunden: ByteFenceService


***** [ Ordner ] *****

Ordner Gefunden: C:\Users\yorul\AppData\Local\Host App Service
Ordner Gefunden: C:\Users\yorul\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
Ordner Gefunden: C:\Program Files\ByteFence
Ordner Gefunden: C:\Program Files\WinZip Driver Updater
Ordner Gefunden: C:\Program Files\DriverSetupUtility
Ordner Gefunden: C:\ProgramData\DriverSetupUtility
Ordner Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gefunden: C:\Users\yorul\AppData\Local\Host App Service
Ordner Gefunden: C:\Users\Default\AppData\Local\Host App Service


***** [ Dateien ] *****

Datei Gefunden: C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\App Explorer.lnk
Datei Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gefunden: C:\ProgramData\Microsoft\Windows\Start Menu\Booking.com.lnk


***** [ DLL ] *****

Keine infizierten DLLs gefunden.


***** [ WMI ] *****

Keine schädlichen Schlüssel gefunden.


***** [ Verknüpfungen ] *****

Keine infizierten Verknüpfungen gefunden.


***** [ Aufgabenplanung ] *****

Aufgabe Gefunden: ByteFence
Aufgabe Gefunden: ByteFence Scan
Aufgabe Gefunden: App Explorer
Aufgabe Gefunden: ACC
Aufgabe Gefunden: Software Update Application


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
Schlüssel Gefunden: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\ByteFenceService
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Interface\{7BCA6879-A9F8-47DE-AE05-F5CE7EA3A474}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\TypeLib\{ADF1FA2A-6EAA-4A97-A55F-3C8B92843EF5}
Schlüssel Gefunden: HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\Software\ByteFence
Schlüssel Gefunden: HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\Software\Host App Service
Schlüssel Gefunden: HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Schlüssel Gefunden: HKCU\Software\ByteFence
Schlüssel Gefunden: HKCU\Software\Host App Service
Schlüssel Gefunden: HKLM\SOFTWARE\ByteFence
Schlüssel Gefunden: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Schlüssel Gefunden: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ByteFence
Schlüssel Gefunden: [x64] HKCU\Software\ByteFence
Schlüssel Gefunden: [x64] HKCU\Software\Host App Service
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\ByteFence
Schlüssel Gefunden: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Features\A38C15B2D5649AE4C9CDE19DE50DA96C
Schlüssel Gefunden: [x64] HKLM\SOFTWARE\Classes\Installer\Products\A38C15B2D5649AE4C9CDE19DE50DA96C
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\AppID\OverlayIcon.DLL
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\*\shell\ByteFence File Scan
Schlüssel Gefunden: HKLM\SOFTWARE\Classes\Directory\shell\ByteFence Folder Scan


***** [ Internetbrowser ] *****

Keine schädlichen Elemente in Firefox basierten Browsern gefunden.
Keine schädlichen Elemente in Chrome basierten Browsern gefunden.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [4344 Bytes] - [13/11/2016 21:49:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4417 Bytes] ##########
         
JRT:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Home x64 
Ran by yorul (Administrator) on 13.11.2016 at 22:04:24,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5 

Successfully deleted: C:\ProgramData\Microsoft\windows\Start Menu\ebay.lnk (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATER.EXE-2DD16067.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATERSETUP.EXE-E4DA7544.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATERUPDATER.EXE-7B5857F8.pf (File) 



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.11.2016 at 22:05:03,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
ESET:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=477d55c281948349b104d5978721be8e
# end=init
# utc_time=2016-11-13 09:12:40
# local_time=2016-11-13 10:12:40 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 31397
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=477d55c281948349b104d5978721be8e
# end=updated
# utc_time=2016-11-13 09:16:53
# local_time=2016-11-13 10:16:53 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=477d55c281948349b104d5978721be8e
# engine=31397
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-11-13 10:13:31
# local_time=2016-11-13 11:13:31 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode=freeze
# scanned=389888
# found=1
# cleaned=0
# scan_time=3397
sh=01914310EE1DC591DF3D502F4682E496AF14BD18 ft=1 fh=df0d2995debf61cc vn="Variante von Win32/DealPly.DY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\yorul\AppData\Local\Temp\in0DF01217\38419136_stp\setup.exe"
         
FRST Addition:
Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 12-11-2016
durchgeführt von yorul (14-11-2016 00:26:47)
Gestartet von C:\Users\yorul\Downloads
Windows 10 Home Version 1607 (X64) (2016-11-13 15:46:16)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-3756311868-1560069095-1558395152-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3756311868-1560069095-1558395152-503 - Limited - Disabled)
Gast (S-1-5-21-3756311868-1560069095-1558395152-501 - Limited - Disabled)
yorul (S-1-5-21-3756311868-1560069095-1558395152-1001 - Administrator - Enabled) => C:\Users\yorul

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.07.2004 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.08.2003.3 - Acer Incorporated)
Acer Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3024 - Acer Incorporated)
Acer Configuration Manager (HKLM-x32\...\{414D554E-4453-454E-0201-000000016258}) (Version: 2.1.16258 - Acer)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.12.2004 - Acer Incorporated)
Acer Quick Access (HKLM\...\{8BBF04F1-C68A-441C-B5EF-446EE9960EAF}) (Version: 2.01.3007 - Acer Incorporated)
Acer UEIP Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 3.02.3001 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.22.2001.0 - Acer Incorporated)
App Explorer (HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\...\Host App Service) (Version: 0.272.1.357 - SweetLabs)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Booking.com Weblink (HKLM-x32\...\{617FC0E5-23D3-437D-9D19-6754E8287A79}) (Version: 1.16.0726 - Acer)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 2.7.0.7 - Byte Technologies LLC) <==== ACHTUNG
Dashlane Upgrade Service (HKLM-x32\...\Dashlane Upgrade Service) (Version: 2.1.10.0 - Dashlane, Inc.)
DriverSetupUtility (HKLM\...\{2B51C83A-465D-4EA9-9CDC-1ED95ED09AC6}) (Version: 1.00.3015 - Acer Incorporated)
eBay Weblink (HKLM-x32\...\{7F3596EF-B661-43EE-A321-AD3C3EB9B525}) (Version: 1.16.0726 - Acer)
ELAN HIDI2C Filter Driver X64 13.6.5.2_WHQL (HKLM\...\Elantech) (Version: 13.6.5.2 - ELAN Microelectronic Corp.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1015 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4494 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.0.0.1039 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.63.1620.3 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.27 - Intel(R) Corporation) Hidden
Intel® Security Assist (HKLM-x32\...\{8B08DDA1-FDE7-4897-8EB6-E0B048A6D88B}) (Version: 1.0.1.618 - Intel Corporation)
League of Legends (HKLM-x32\...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (x32 Version: 4.1.2 - Riot Games) Hidden
Malwarebytes Anti-Malware Version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee LiveSafe (HKLM-x32\...\MSC) (Version: 15.0.179 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.279 - McAfee, Inc.)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7369.2038 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 45.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0 (x86 en-US)) (Version: 45.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0 - Mozilla)
NVIDIA GeForce Experience 3.1.0.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.1.0.52 - NVIDIA Corporation)
NVIDIA Grafiktreiber 362.03 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 362.03 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NvNodejs (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 1.2.0.0 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7369.2038 - Microsoft Corporation) Hidden
Qualcomm Atheros 11ac Wireless LAN Installer (HKLM-x32\...\{20CA507E-24AA-4741-87CF-CC1B250790B7}) (Version: 11.0.10299 - Qualcomm Atheros)
Qualcomm Atheros Bluetooth Installer (64) (HKLM\...\{628988B4-3FA5-4EA6-BAA3-DA640F6718BD}) (Version: 10.0.0.191 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.21287 - Realtek Semiconduct Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.6.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7836 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0330 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.1.0.52 - NVIDIA Corporation) Hidden
WinZip Driver Updater (HKLM\...\WinZip Driver Updater) (Version: 5.12.0.10 - WinZip International LLC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-3756311868-1560069095-1558395152-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3756311868-1560069095-1558395152-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\yorul\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {08225226-A8C6-40FA-A116-8F05D8AA5A60} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2016-07-29] (Acer Incorporated)
Task: {0B30E23F-4C94-4773-B990-79E85592DA00} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2016-07-29] (Acer Incorporated)
Task: {17D51178-6951-4983-9F76-28D436EDAFAF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-09-20] (McAfee, Inc.)
Task: {256CB243-2357-4EF7-9AA5-B2880177ACC5} - System32\Tasks\FubToolByPLD => C:\OEM\Preload\FubTool\FubTool.exe [2015-05-14] ()
Task: {2972336F-BFCD-4AC1-8266-40A9CAF4D0AC} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {46B351D2-2AA5-4CAD-BEE4-BA085F8DBBF4} - System32\Tasks\App Explorer => C:\Users\yorul\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2016-09-17] (SweetLabs, Inc)
Task: {59EA3A3F-6D95-47CD-906E-D213C9D8C5DC} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2016-10-25] (NVIDIA Corporation)
Task: {62AF8A56-9C4C-4643-87A4-862FB607CFA9} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-02-19] (Intel(R) Corporation)
Task: {6E33EBFE-93FF-42EB-9747-11F24E79ABDA} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-11-13] (McAfee, Inc.)
Task: {6F03BCC8-B1A4-48FC-95E9-723231CD7456} - System32\Tasks\Power Button => C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe [2016-07-29] (Acer Incorporated)
Task: {7386C091-8C33-45C1-926D-0409E12AA01D} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-11-13] (McAfee, Inc.)
Task: {7A432E34-94D9-4BC5-B88A-5E614A61C8B7} - System32\Tasks\AcerCMUpdateTask2.1.16258 => C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe [2016-09-20] ()
Task: {8C8AE8C7-721B-4B82-8E81-F3870138ED12} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2016-10-25] (NVIDIA Corporation)
Task: {97C44083-C982-41D6-8020-C2835F1A158C} - System32\Tasks\ACCAgent => C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe [2016-06-24] ()
Task: {9960D906-EB18-482D-AC4E-B9C73E4518AC} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)
Task: {9A169A4F-FCBD-42D5-9AC5-B8B4AB1ECDD9} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-09-09] (Acer)
Task: {9B4B256F-D4B2-41FA-BA05-87565CAEB6F1} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2016-06-24] ()
Task: {9F50A36D-FF16-4C97-A179-4E69812AF73A} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {ACB5E483-45BB-4E4C-A3FD-B03C680742C8} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe [2016-11-01] (Byte Technologies LLC) <==== ACHTUNG
Task: {BD892EE0-D535-4D2B-AD5B-33375972C5B8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {BDF62FF1-8546-4B81-A0C2-71265E5A8ACE} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe [2016-11-01] (Byte Technologies LLC) <==== ACHTUNG
Task: {BF1BDA27-78DF-42D1-84AC-EB01B95949FD} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {C2C61F91-C73C-4E2A-88AD-E5ADAF186463} - System32\Tasks\ACC => C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe [2016-06-24] ()
Task: {D2781D52-5007-41E2-A2C6-AB889724ABF4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-10-08] (Microsoft Corporation)
Task: {DD661457-A1BB-4FB5-BA47-881D84E69FAC} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2016-10-25] (NVIDIA Corporation)
Task: {DEAB5EC5-5107-4EC4-9796-2A8A2F6ECE38} - System32\Tasks\DashlaneUpgradeCheck => net [Argument = start "Dashlane Upgrade Service"]
Task: {E7CE31AC-E513-4239-B705-C2D14616AB5C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-13] (TODO: <Company name>)
Task: {E9F6BFB7-E49B-4465-AAB8-1BD517F7F870} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-08-30] (Acer Incorporated)
Task: {ECF02F09-2AF6-49B4-8EAB-0A7FFA05AC21} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2016-10-25] (NVIDIA Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 12:42 - 2016-07-16 12:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-04 20:26 - 2016-03-04 20:26 - 05570728 _____ () C:\WINDOWS\system32\IntelSSTAPO\ParameterService\libxml2-2.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-13 17:03 - 2016-11-13 17:03 - 01864384 _____ () C:\Users\yorul\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\amd64\ClientTelemetry.dll
2016-09-07 20:49 - 2016-05-16 10:02 - 00111320 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2016-11-13 17:35 - 2016-11-13 17:35 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-13 17:35 - 2016-11-13 17:35 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-13 17:35 - 2016-11-13 17:36 - 41608704 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-11-13 19:10 - 2016-10-25 00:31 - 00508368 _____ () C:\Program Files\Common Files\McAfee\Sustainability\GenericPlugin.dll
2016-11-13 17:13 - 2016-10-25 21:18 - 01148984 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-13 17:13 - 2016-10-25 21:18 - 04490808 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-11-13 17:14 - 2016-10-25 21:18 - 00420408 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem\_nvspserviceplugin64.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 01484776 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe
2016-11-13 18:53 - 2016-11-13 18:53 - 16879592 _____ () D:\Programme\Hearthstone\Hearthstone.exe
2016-05-16 20:50 - 2016-05-16 20:50 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-09-07 20:17 - 2016-10-25 21:18 - 00020536 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 37247976 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libcef.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 00540336 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\ortp.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 06402560 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\battle.net.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libEGL.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libGLESv2.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 03384832 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libglesv2.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 00133632 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\libegl.dll
2016-11-13 18:49 - 2016-11-13 18:49 - 00990696 _____ () C:\Program Files (x86)\Battle.net\Battle.net.8142\ffmpegsumo.dll
2016-11-13 18:53 - 2016-11-13 18:53 - 00030208 _____ () D:\Programme\Hearthstone\Hearthstone_Data\Plugins\PlayErrors32.DLL
2016-11-13 18:53 - 2016-11-13 18:53 - 00014336 _____ () D:\Programme\Hearthstone\Hearthstone_Data\Plugins\W8TouchDLL.DLL

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-10-30 08:24 - 2016-11-13 19:14 - 00002024 ____A C:\WINDOWS\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

Da befinden sich 4 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\yorul\Pictures\bioshock_rapture-wide.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{9DA5B079-6AE3-4D6D-B6E8-A78B9530C5C3}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{99B8D9D9-10AF-4E2C-814A-FD5CB1B3B4EC}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\WindowsUpnp.exe
FirewallRules: [{EF684628-C88F-4A07-8DEA-3EC3C82612F5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{2112C767-85BD-46E9-9148-4C8A89D280C5}] => (Allow) C:\Program Files (x86)\Acer\abPhoto\DMCDaemon.exe
FirewallRules: [{EA6226B1-4D95-41CF-87C7-B92D8D1EBE50}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{5FB42416-4AB7-4EAC-9374-E4E5193B3812}] => (Allow) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
FirewallRules: [{6598D89C-0263-4AF3-8B0F-F8F5EBE2E8CD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A30F0185-7068-46C2-9422-372E89134017}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A4241F0F-DF97-4246-A9F1-4F3084F2DCE4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4600FEDF-F1FA-4EBB-BB6D-0047464772F7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5E5213F8-DECA-43A5-BA31-3FF8DE501037}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{40F9E322-5B67-46BC-B964-AA14878E6BA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{583E473B-0D06-4D86-9BDF-C5600EF1AED7}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7BDDF825-3EA8-4E2F-8A17-90DF76EBB014}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{3EAFAD72-60F0-4776-AFD7-1C52ACBC64A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe

==================== Wiederherstellungspunkte =========================

ACHTUNG: Systemwiederherstellung ist deaktiviert

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/13/2016 11:19:00 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm MicrosoftEdgeCP.exe, Version 11.0.14393.82 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 7e4

Startzeit: 01d23df1bafe997e

Beendigungszeit: 7

Anwendungspfad: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Berichts-ID: 2b571b5b-a9ef-11e6-9da6-40490fa660be

Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Auf das fehlerhafte Paket bezogene Anwendungs-ID: MicrosoftEdge

Error: (11/13/2016 11:17:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (11/13/2016 11:17:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OnlineScannerApp.exe, Version: 1.0.0.1, Zeitstempel: 0x55546904
Name des fehlerhaften Moduls: ONLINE~1.OCX, Version: 1.0.0.7777, Zeitstempel: 0x55546935
Ausnahmecode: 0xc000041d
Fehleroffset: 0x0002d516
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0x01d23df2aa7916ab
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Pfad des fehlerhaften Moduls: C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX
Berichtskennung: 0362d409-e264-4049-9009-365e05466c8f
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/13/2016 11:17:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: OnlineScannerApp.exe, Version: 1.0.0.1, Zeitstempel: 0x55546904
Name des fehlerhaften Moduls: ONLINE~1.OCX, Version: 1.0.0.7777, Zeitstempel: 0x55546935
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002d516
ID des fehlerhaften Prozesses: 0x1020
Startzeit der fehlerhaften Anwendung: 0x01d23df2aa7916ab
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
Pfad des fehlerhaften Moduls: C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX
Berichtskennung: 56655663-90fc-4b06-84f1-6e0779a12674
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (11/13/2016 11:12:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm MicrosoftEdgeCP.exe, Version 11.0.14393.82 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1880

Startzeit: 01d23df51fe2918e

Beendigungszeit: 7

Anwendungspfad: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Berichts-ID: 404e8226-a9ee-11e6-9da6-40490fa660be

Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Auf das fehlerhafte Paket bezogene Anwendungs-ID: MicrosoftEdge

Error: (11/13/2016 10:10:57 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\yorul\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (11/13/2016 10:10:54 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\users\yorul\downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (11/13/2016 10:10:53 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\yorul\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (11/13/2016 09:43:52 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm MicrosoftEdgeCP.exe, Version 11.0.14393.82 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 326c

Startzeit: 01d23dee8ae580af

Beendigungszeit: 7

Anwendungspfad: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

Berichts-ID: e09647fd-a9e1-11e6-9da6-40490fa660be

Vollständiger Name des fehlerhaften Pakets: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe

Auf das fehlerhafte Paket bezogene Anwendungs-ID: MicrosoftEdge

Error: (11/13/2016 09:23:01 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Users\yorul\AppData\Local\chromium\Application\chrome.exe".
Die abhängige Assemblierung "51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


Systemfehler:
=============
Error: (11/13/2016 10:16:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (11/13/2016 10:16:45 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\yorul\AppData\Local\Temp\ehdrv.sys

Error: (11/13/2016 10:16:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\yorul\AppData\Local\Temp\ehdrv.sys

Error: (11/13/2016 10:16:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (11/13/2016 10:16:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (11/13/2016 10:16:44 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\yorul\AppData\Local\Temp\ehdrv.sys

Error: (11/13/2016 10:13:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (11/13/2016 10:13:28 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\yorul\AppData\Local\Temp\ehdrv.sys

Error: (11/13/2016 10:13:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (11/13/2016 10:13:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\yorul\AppData\Local\Temp\ehdrv.sys


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 49%
Installierter physikalischer RAM: 12156.13 MB
Verfügbarer physikalischer RAM: 6108.33 MB
Summe virtueller Speicher: 14588.13 MB
Verfügbarer virtueller Speicher: 7937.16 MB

==================== Laufwerke ================================

Drive c: (Acer) (Fixed) (Total:118.13 GB) (Free:52.59 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:929.47 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B191EA72)

Partition: GPT.

========================================================
Disk: 1 (Size: 119.2 GB) (Disk ID: B191EA55)

Partition: GPT.

==================== Ende von Addition.txt ============================
         

Ich habe mich nachdem eröffnen des Themas mich mehr mit ByteFence beschäftigt und gelesen man könne es einfach löschen, das hab ich dann auch getan. Der Eintrag unter Software ist nicht mehr vorhanden wegen der Deinstallation.
Bis auf die Aktion mit MBAM habe ich keine betätigt.
FRST lade ich separat nochmal hoch.

mfg voxppl
Angehängte Dateien
Dateityp: txt Addition.txt (35,2 KB, 61x aufgerufen)
Dateityp: txt log1311_2.txt (35,9 KB, 51x aufgerufen)
Dateityp: txt sc-cleaner.txt (1,8 KB, 42x aufgerufen)
Dateityp: txt JRT.txt (958 Bytes, 46x aufgerufen)

Alt 14.11.2016, 18:05   #5
voxppl
 
ByteFence, Artemis: Malware, Trojan - Standard

Re: [Code]



FRST (part 1):
Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 12-11-2016
durchgeführt von yorul (Administrator) auf LAPTOP-LTTG5V9H (14-11-2016 00:25:10)
Gestartet von C:\Users\yorul\Downloads
Geladene Profile: yorul (Verfügbare Profile: yorul)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: Edge)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\IntelSSTAPO\ParameterService\ParameterService.exe
(Windows (R) Win 7 DDK provider) C:\Windows\System32\AdminService.exe
(Intel Corporation) C:\Windows\System32\IntelCpHDCPSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
(Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\mcsvchost\McSvHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.251.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\McCSPServiceHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Malwarebytes) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\core\mchost.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcuihost.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Blizzard Entertainment) C:\ProgramData\Battle.net\Agent\Agent.5269\Agent.exe
(Blizzard Entertainment) C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe
() C:\Program Files (x86)\Battle.net\Battle.net.8142\Battle.net Helper.exe
() D:\Programme\Hearthstone\Hearthstone.exe
(Microsoft Corporation) C:\Windows\System32\GameBarPresenceWriter.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe


==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16475392 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_TrueHarmony] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1454336 2016-06-03] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-05-31] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\...\Run: [Chromium] => c:\users\yorul\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
ShellIconOverlayIdentifiers-x32: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\Win32\shellext_win.dll [2016-09-09] (Acer Incorporated)
GroupPolicy: Beschränkung <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{459d3136-fa34-46e1-b3ac-48a566bd68c6}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{6f07a149-95cf-416a-9b6d-7d6bc0690793}: [DhcpNameServer] 40.33.1.55

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3756311868-1560069095-1558395152-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer17win10.msn.com/?pc=ACTE
SearchScopes: HKLM -> DefaultScope {020DE70F-877D-4F31-9C21-5AD89433CF7C} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {020DE70F-877D-4F31-9C21-5AD89433CF7C} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-11-12] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-11-12] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-12] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-12] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-12] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-11-12] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\mcieplg.dll [2016-10-03] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-09-23] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-09-23] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-11-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2016-11-13] [ist nicht signiert]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-09-23] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-11-12] (Microsoft Corporation)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AtherosSvc; C:\WINDOWS\system32\AdminService.exe [355760 2016-06-26] (Windows (R) Win 7 DDK provider)
S2 ByteFenceService; C:\Program Files\ByteFence\ByteFenceService.exe [146912 2016-11-01] (Byte Technologies LLC)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2267352 2016-08-30] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3064520 2016-10-08] (Microsoft Corporation)
R2 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [459248 2016-08-10] (Intel Corporation)
S2 Dashlane Upgrade Service; C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe [83992 2016-07-01] (Dashlane, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-05-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [324592 2016-08-10] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [974632 2016-02-19] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2016-03-02] (Intel Corporation) [Datei ist nicht signiert]
R2 IntelSSTSvc; C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe [26592 2016-03-04] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [8704 2016-03-02] (Intel Corporation) [Datei ist nicht signiert]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-05-16] (Intel Corporation)
R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [166152 2016-10-03] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-09-23] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [353128 2015-11-27] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe [1910000 2016-05-31] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-08-02] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-09-13] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [458296 2016-10-25] (NVIDIA Corporation)
R2 NVIDIA Wireless Controller Service; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [1165368 2016-10-25] (NVIDIA Corporation)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1045336 2016-05-25] (Intel Security, Inc.)
R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [440224 2016-07-29] (Acer Incorporated)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [481696 2016-07-29] (Acer Incorporated)
S3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [295840 2016-05-27] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [78632 2016-08-02] (McAfee, Inc.)
R3 ETDI2C; C:\WINDOWS\system32\DRIVERS\ETDI2C.sys [183896 2016-03-24] (ELAN Microelectronic Corp.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [216704 2016-08-02] (McAfee, Inc.)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [185144 2016-05-16] (Intel Corporation)
R3 LMDriver; C:\WINDOWS\System32\drivers\LMDriver.sys [21344 2016-07-29] (Acer Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-11-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\WINDOWS\System32\drivers\mfeaack.sys [419624 2016-08-02] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [349480 2016-08-02] (McAfee, Inc.)
S0 mfeelamk; C:\WINDOWS\System32\drivers\mfeelamk.sys [83608 2016-08-02] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [493352 2016-08-02] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [843048 2016-08-02] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [519456 2016-08-01] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [100136 2016-08-01] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\WINDOWS\System32\drivers\mfewfpk.sys [243496 2016-08-02] (McAfee, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvacwu.inf_amd64_9934c34dc6ca0c4b\nvlddmkm.sys [13754936 2016-09-12] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [29240 2016-10-25] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2016-10-25] (NVIDIA Corporation)
R3 Qcamain10x64; C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys [2381112 2016-03-23] (Qualcomm Atheros, Inc.)
R3 RadioShim; C:\WINDOWS\System32\drivers\RadioShim.sys [14688 2016-07-29] (Acer Incorporated)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [935168 2015-11-19] (Realtek                                            )
R3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [769752 2015-12-18] (Realsil Semiconductor Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-14 00:25 - 2016-11-14 00:25 - 00021766 _____ C:\Users\yorul\Downloads\FRST.txt
2016-11-14 00:24 - 2016-11-14 00:25 - 00000000 ____D C:\FRST
2016-11-14 00:13 - 2016-11-14 00:24 - 02411520 _____ (Farbar) C:\Users\yorul\Downloads\FRST64.exe
2016-11-13 23:30 - 2016-11-13 23:30 - 00000000 ____D C:\Users\yorul\AppData\Roaming\.mono
2016-11-13 23:30 - 2016-11-13 23:30 - 00000000 ____D C:\Users\yorul\AppData\LocalLow\Blizzard Entertainment
2016-11-13 23:30 - 2016-11-13 23:30 - 00000000 ____D C:\Users\yorul\AppData\Local\Blizzard
2016-11-13 23:30 - 2016-11-13 23:30 - 00000000 ____D C:\ProgramData\.mono
2016-11-13 23:16 - 2016-11-13 23:16 - 00000258 _____ C:\Users\yorul\Desktop\tfgzuh.txt
2016-11-13 22:10 - 2016-11-13 22:10 - 00000000 ____D C:\Program Files (x86)\ESET
2016-11-13 22:09 - 2016-11-13 22:10 - 02870984 _____ (ESET) C:\Users\yorul\Downloads\esetsmartinstaller_deu.exe
2016-11-13 22:08 - 2016-11-13 22:08 - 00465024 _____ (Bleeping Computer, LLC) C:\Users\yorul\Downloads\sc-cleaner.exe
2016-11-13 22:08 - 2016-11-13 22:08 - 00001832 _____ C:\Users\yorul\Desktop\sc-cleaner.txt
2016-11-13 22:05 - 2016-11-13 22:05 - 00000958 _____ C:\Users\yorul\Desktop\JRT.txt
2016-11-13 22:04 - 2016-11-13 22:04 - 01631928 _____ (Malwarebytes) C:\Users\yorul\Downloads\JRT.exe
2016-11-13 21:48 - 2016-11-13 21:49 - 00000000 ____D C:\AdwCleaner
2016-11-13 21:48 - 2016-11-13 21:48 - 03910208 _____ C:\Users\yorul\Downloads\AdwCleaner_6.030.exe
2016-11-13 21:23 - 2016-11-13 21:23 - 00000000 ___HD C:\OneDriveTemp
2016-11-13 21:17 - 2016-11-13 22:27 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-11-13 21:15 - 2016-11-13 21:15 - 00000792 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2016-11-13 21:15 - 2016-11-13 21:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2016-11-13 21:15 - 2016-11-13 21:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-13 21:15 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-11-13 21:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-11-13 21:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-11-13 21:11 - 2016-11-13 21:14 - 22851472 _____ (Malwarebytes ) C:\Users\yorul\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-13 20:38 - 2016-11-13 20:38 - 00003554 _____ C:\WINDOWS\System32\Tasks\ByteFence Scan
2016-11-13 20:38 - 2016-11-13 20:38 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
2016-11-13 19:12 - 2016-11-13 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-11-13 19:12 - 2016-11-13 19:12 - 00004122 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF4C4359-0A33-467F-84CC-86AA3C2EDB64}
2016-11-13 19:11 - 2016-11-13 21:21 - 00000000 ____D C:\ProgramData\WinZip
2016-11-13 19:11 - 2016-11-13 19:12 - 00000000 ____D C:\Program Files\WinZip Driver Updater
2016-11-13 19:10 - 2016-11-13 22:50 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-11-13 19:10 - 2016-11-13 19:10 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-11-13 19:09 - 2016-11-13 19:12 - 00000000 ____D C:\Users\yorul\AppData\Local\chromium
2016-11-13 19:06 - 2016-11-13 21:23 - 00000000 ____D C:\Program Files\ByteFence
2016-11-13 19:06 - 2016-11-13 19:06 - 00003454 _____ C:\WINDOWS\System32\Tasks\ByteFence
2016-11-13 19:06 - 2016-11-13 19:06 - 00000306 __RSH C:\ProgramData\ntuser.pol
2016-11-13 19:06 - 2016-11-13 19:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2016-11-13 19:00 - 2016-11-13 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2016-11-13 18:50 - 2016-11-13 18:50 - 00000000 ____D C:\Users\yorul\AppData\Local\Blizzard Entertainment
2016-11-13 18:49 - 2016-11-14 00:20 - 00000000 ____D C:\Users\yorul\AppData\Local\Battle.net
2016-11-13 18:49 - 2016-11-13 23:29 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-11-13 18:49 - 2016-11-13 18:49 - 00000914 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-11-13 18:49 - 2016-11-13 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-11-13 18:49 - 2016-11-13 18:49 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-11-13 18:47 - 2016-11-13 18:51 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Battle.net
2016-11-13 18:47 - 2016-11-13 18:47 - 03126768 _____ (Blizzard Entertainment) C:\Users\yorul\Downloads\Battle.net-Setup.exe
2016-11-13 18:47 - 2016-11-13 18:47 - 00000000 ____D C:\ProgramData\Battle.net
2016-11-13 17:14 - 2016-11-13 17:14 - 00003938 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-13 17:14 - 2016-11-13 17:14 - 00001493 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-11-13 17:14 - 2016-11-13 17:14 - 00000000 ____D C:\Users\yorul\AppData\Local\CEF
2016-11-13 17:14 - 2016-11-13 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2016-11-13 17:14 - 2016-10-25 21:18 - 01854008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-11-13 17:14 - 2016-10-25 21:18 - 01756728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-11-13 17:14 - 2016-10-25 21:18 - 01454136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-11-13 17:14 - 2016-10-25 21:18 - 01318968 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-11-13 17:14 - 2016-10-25 21:18 - 00121912 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-11-13 17:13 - 2016-11-13 17:13 - 00004002 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-13 17:13 - 2016-11-13 17:13 - 00003974 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-13 17:13 - 2016-11-13 17:13 - 00003912 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-13 17:13 - 2016-11-13 17:13 - 00003750 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-13 17:13 - 2016-11-13 17:13 - 00003708 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2016-11-13 17:13 - 2016-10-25 21:18 - 00106040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-11-13 17:13 - 2016-10-25 21:18 - 00095800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-11-13 17:13 - 2016-10-25 20:12 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2016-11-13 17:12 - 2016-11-13 17:13 - 73981120 _____ (NVIDIA Corporation) C:\Users\yorul\Downloads\GeForce_Experience_v3.1.0.52.exe
2016-11-13 17:03 - 2016-11-13 17:03 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-11-13 17:02 - 2016-11-13 17:02 - 00000000 ____D C:\ProgramData\USOShared
2016-11-13 17:01 - 2016-11-13 19:14 - 00000000 ____D C:\Users\yorul\AppData\Local\ConnectedDevicesPlatform
2016-11-13 17:01 - 2016-11-13 17:01 - 00000020 ___SH C:\Users\yorul\ntuser.ini
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Vorlagen
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Startmenü
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Netzwerkumgebung
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Lokale Einstellungen
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Eigene Dateien
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Druckumgebung
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Videos
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Musik
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Documents\Eigene Bilder
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Verlauf
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\AppData\Local\Anwendungsdaten
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default\Anwendungsdaten
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Videos
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Musik
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default User\Documents\Eigene Bilder
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Verlauf
2016-11-13 16:46 - 2016-11-13 16:46 - 00000000 _SHDL C:\Users\Default User\AppData\Local\Anwendungsdaten
2016-11-13 16:45 - 2016-11-13 21:24 - 00003506 _____ C:\WINDOWS\System32\Tasks\DashlaneUpgradeCheck
2016-11-13 16:45 - 2016-11-13 21:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-11-13 16:45 - 2016-11-13 19:10 - 00003126 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-11-13 16:45 - 2016-11-13 19:10 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-11-13 16:45 - 2016-11-13 16:45 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-11-13 16:45 - 2016-11-13 16:45 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-11-13 16:45 - 2016-11-13 16:45 - 00004302 _____ C:\WINDOWS\System32\Tasks\Software Update Application
2016-11-13 16:45 - 2016-11-13 16:45 - 00003852 _____ C:\WINDOWS\System32\Tasks\ACCAgent
2016-11-13 16:45 - 2016-11-13 16:45 - 00003692 _____ C:\WINDOWS\System32\Tasks\AcerCMUpdateTask2.1.16258
2016-11-13 16:45 - 2016-11-13 16:45 - 00003118 _____ C:\WINDOWS\System32\Tasks\Intel PTT EK Recertification
2016-11-13 16:45 - 2016-11-13 16:45 - 00002824 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-11-13 16:45 - 2016-11-13 16:45 - 00002820 _____ C:\WINDOWS\System32\Tasks\ACC
2016-11-13 16:45 - 2016-11-13 16:45 - 00002766 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService
2016-11-13 16:45 - 2016-11-13 16:45 - 00002760 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent
2016-11-13 16:45 - 2016-11-13 16:45 - 00002534 _____ C:\WINDOWS\System32\Tasks\AcerCloud
2016-11-13 16:45 - 2016-11-13 16:45 - 00002408 _____ C:\WINDOWS\System32\Tasks\App Explorer
2016-11-13 16:45 - 2016-11-13 16:45 - 00002328 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication
2016-11-13 16:45 - 2016-11-13 16:45 - 00002256 _____ C:\WINDOWS\System32\Tasks\Power Button
2016-11-13 16:45 - 2016-11-13 16:45 - 00002180 _____ C:\WINDOWS\System32\Tasks\Quick Access
2016-11-13 16:45 - 2016-11-13 16:45 - 00002042 _____ C:\WINDOWS\System32\Tasks\FubToolByPLD
2016-11-13 16:40 - 2016-11-13 16:40 - 00022960 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-11-13 16:39 - 2016-11-13 16:39 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-13 16:39 - 2016-11-13 16:39 - 00000000 ____D C:\Users\Default\AppData\Local\Host App Service
2016-11-13 16:39 - 2016-11-13 16:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Host App Service
2016-11-13 16:37 - 2016-11-13 16:39 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-11-13 16:36 - 2016-11-13 23:30 - 00000000 ____D C:\Users\yorul
2016-11-13 16:36 - 2016-11-13 16:36 - 01621874 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Vorlagen
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Startmenü
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Netzwerkumgebung
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Lokale Einstellungen
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Eigene Dateien
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Druckumgebung
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Documents\Eigene Videos
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Documents\Eigene Musik
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Documents\Eigene Bilder
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\AppData\Local\Verlauf
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\AppData\Local\Anwendungsdaten
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 _SHDL C:\Users\yorul\Anwendungsdaten
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 ____D C:\WINDOWS\system32\IntelSSTAPO
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 ____D C:\ProgramData\rtkSSTSetting
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 ____D C:\Program Files\Elantech
2016-11-13 16:36 - 2016-11-13 16:36 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-11-13 16:36 - 2016-06-03 01:29 - 03181209 _____ C:\WINDOWS\system32\Drivers\rtkSSTSetting.zip
2016-11-13 16:35 - 2016-11-13 22:04 - 00000000 ____D C:\ProgramData\NVIDIA
2016-11-13 16:35 - 2016-11-13 17:14 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2016-11-13 16:35 - 2016-11-13 17:14 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-11-13 16:35 - 2016-11-13 16:37 - 00000000 ____D C:\Program Files\Intel
2016-11-13 16:35 - 2016-11-13 16:37 - 00000000 ____D C:\Program Files (x86)\Intel
2016-11-13 16:35 - 2016-11-13 16:35 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-11-13 16:35 - 2016-11-13 16:35 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-11-13 16:35 - 2016-11-13 16:35 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-11-13 16:35 - 2016-11-13 16:35 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-11-13 16:35 - 2016-11-13 16:35 - 00000000 ____D C:\Program Files\Realtek
2016-11-13 16:35 - 2016-11-13 16:35 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin
2016-11-13 16:35 - 2016-08-10 19:19 - 00113680 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-11-13 16:35 - 2016-08-10 19:19 - 00104472 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-11-13 16:35 - 2016-08-01 13:54 - 06386744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-11-13 16:35 - 2016-08-01 13:54 - 02466360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-11-13 16:35 - 2016-08-01 13:54 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-11-13 16:35 - 2016-08-01 13:54 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-11-13 16:35 - 2016-08-01 13:54 - 00547896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-11-13 16:35 - 2016-08-01 13:54 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-11-13 16:35 - 2016-08-01 13:54 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-11-13 16:35 - 2016-08-01 13:54 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-11-13 16:35 - 2016-07-28 14:02 - 07242545 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-11-13 16:35 - 2016-07-16 12:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-11-13 16:34 - 2016-11-13 19:13 - 00330480 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-13 16:34 - 2016-11-13 19:13 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-11-13 16:34 - 2016-11-13 16:46 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-13 16:34 - 2016-11-13 16:34 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-11-13 16:32 - 2016-11-13 16:32 - 00000000 ____D C:\Windows.old
2016-11-13 16:31 - 2016-11-13 16:31 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 22223968 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 13441024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 13081600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 08156080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 07816544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 04148736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03778560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03133440 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 02750936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02678056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02512384 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01609920 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01570672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-13 16:31 - 2016-11-13 16:31 - 01348608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 01061968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-13 16:31 - 2016-11-13 16:31 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00940032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00909824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontext.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00848736 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-13 16:31 - 2016-11-13 16:31 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00788624 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-11-13 16:31 - 2016-11-13 16:31 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-13 16:31 - 2016-11-13 16:31 - 00773720 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2016-11-13 16:31 - 2016-11-13 16:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00714592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00682816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\sud.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sud.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00628552 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00576408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenterCPL.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ddraw.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\timedate.cpl
2016-11-13 16:31 - 2016-11-13 16:31 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-13 16:31 - 2016-11-13 16:31 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCenter.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00405856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00378720 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00376672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00238056 _____ (Microsoft Corporation) C:\WINDOWS\system32\weretw.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAnimation.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00186424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\weretw.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\chartv.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NPSM.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\chartv.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthExt.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetailsUpdate.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00048992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-13 16:31 - 2016-11-13 16:31 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00045056 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsext.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-11-13 16:31 - 2016-11-13 16:31 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-11-13 16:31 - 2016-11-13 16:31 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efsext.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-11-13 16:25 - 2016-11-13 16:25 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01990648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01853776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01557808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 01000288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-11-13 16:25 - 2016-11-13 16:25 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00862064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00856872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00725664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00719360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-11-13 16:25 - 2016-11-13 16:25 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00691080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00649568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-11-13 16:25 - 2016-11-13 16:25 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00512416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00498952 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00433832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00409952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-11-13 16:25 - 2016-11-13 16:25 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-11-13 16:25 - 2016-11-13 16:25 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-11-13 16:25 - 2016-11-13 16:25 - 00280472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-11-13 16:25 - 2016-11-13 16:25 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSrvPolicyManager.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00218008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-11-13 16:25 - 2016-11-13 16:25 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-11-13 16:25 - 2016-11-13 16:25 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-11-13 16:25 - 2016-11-13 16:25 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00090400 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-11-13 16:25 - 2016-11-13 16:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 04474368 _____ (Microsoft Corporation)
         


Alt 14.11.2016, 18:07   #6
voxppl
 
ByteFence, Artemis: Malware, Trojan - Standard

Re: [Code]



FRST (part 2):
Code:
ATTFilter
C:\WINDOWS\system32\D3DCompiler_47.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03287552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 03054080 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02827864 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-11-13 16:24 - 2016-11-13 16:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-11-13 16:24 - 2016-11-13 16:24 - 02748928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02708992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02290176 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02276736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-11-13 16:24 - 2016-11-13 16:24 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-11-13 16:24 - 2016-11-13 16:24 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01913344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01710080 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01556712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 01554944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01358336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 01292640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01235296 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01005568 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00988512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-11-13 16:24 - 2016-11-13 16:24 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00908640 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00860512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00749920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00742704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskbarcpl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00646136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00636928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00595296 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\energy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00509280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00500064 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00434528 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00424640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00402352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\esentutl.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcpl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wc_storage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esentutl.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-11-13 16:24 - 2016-11-13 16:24 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00292872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00283488 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00262960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-11-13 16:24 - 2016-11-13 16:24 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00232800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ahcache.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairingFolder.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00206096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00170960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00169056 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoplay.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-11-13 16:24 - 2016-11-13 16:24 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidclass.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoplay.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00119648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmifw.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-11-13 16:24 - 2016-11-13 16:24 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmifw.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00079200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00078688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsiwmi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00074080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pwrshplugin.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsiwmi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00063328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidparse.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dtdump.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidusb.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00023392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-11-13 16:24 - 2016-11-13 16:24 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stdole2.tlb
2016-11-13 16:24 - 2016-11-13 16:24 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2016-11-13 16:24 - 2016-11-13 16:24 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-11-13 16:24 - 2016-11-13 16:24 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-11-13 16:24 - 2016-11-13 16:24 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-11-13 16:24 - 2016-11-13 16:24 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-11-13 16:24 - 2016-11-13 16:24 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2016-11-13 16:24 - 2016-11-13 16:24 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-11-13 16:19 - 2016-11-13 16:19 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-11-13 16:18 - 2016-11-13 16:18 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-11-13 16:18 - 2016-11-13 16:18 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-11-13 16:18 - 2016-11-13 16:18 - 00000000 ____D C:\Program Files\MSBuild
2016-11-13 16:18 - 2016-11-13 16:18 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-11-13 16:18 - 2016-11-13 16:18 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-13 16:17 - 2016-11-13 16:17 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-11-13 16:17 - 2016-11-13 16:17 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-11-13 16:17 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-11-13 16:17 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-11-13 16:17 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-11-13 16:17 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-11-13 16:17 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-11-13 16:17 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-11-13 15:56 - 2016-11-13 23:17 - 00000000 ____D C:\Users\yorul\AppData\Local\CrashDumps
2016-11-13 15:51 - 2016-11-13 16:37 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-11-13 15:51 - 2016-11-13 16:37 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-11-13 15:01 - 2016-11-13 15:01 - 00007597 _____ C:\Users\yorul\AppData\Local\Resmon.ResmonCfg
2016-11-13 14:20 - 2016-11-13 14:20 - 00000000 ____D C:\Users\yorul\AppData\Roaming\LolClient
2016-11-13 13:52 - 2016-11-13 13:52 - 00000000 ___RD C:\Users\yorul\3D Objects
2016-11-13 13:15 - 2016-11-13 13:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-13 13:15 - 2016-11-13 13:15 - 141011376 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-11-13 13:12 - 2016-07-01 04:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2016-11-13 13:09 - 2016-07-01 04:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2016-11-13 13:02 - 2016-11-13 13:02 - 00000000 ____D C:\ProgramData\Riot Games
2016-11-13 13:01 - 2016-11-13 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends
2016-11-13 13:01 - 2016-11-13 13:01 - 00001585 _____ C:\Users\Public\Desktop\League of Legends.lnk
2016-11-13 13:01 - 2016-11-13 13:01 - 00000000 ____D C:\Riot Games
2016-11-13 13:01 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-11-13 13:01 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-11-13 13:01 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-11-13 13:01 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-11-13 13:01 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-11-13 13:00 - 2016-11-13 13:01 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Riot Games
2016-11-13 12:59 - 2016-11-13 13:00 - 31001328 _____ (Riot Games) C:\Users\yorul\Downloads\LeagueofLegends_EUW_Installer_2016_05_13.exe
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Videos
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Musik
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Public\Documents\Eigene Bilder
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Vorlagen
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Startmenü
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Netzwerkumgebung
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Lokale Einstellungen
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Eigene Dateien
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Druckumgebung
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Eigene Videos
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Eigene Musik
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Documents\Eigene Bilder
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Verlauf
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\AppData\Local\Anwendungsdaten
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Users\Default.migrated\Anwendungsdaten
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Programme
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\ProgramData\Vorlagen
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\ProgramData\Startmenü
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\ProgramData\Microsoft\Windows\Start Menu\Programme
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\ProgramData\Dokumente
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\ProgramData\Anwendungsdaten
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Program Files\Gemeinsame Dateien
2016-11-12 21:19 - 2016-11-12 21:19 - 00000000 _SHDL C:\Dokumente und Einstellungen
2016-11-12 21:19 - 2016-11-12 15:56 - 00000000 ____D C:\Users\defaultuser0
2016-11-12 15:50 - 2016-11-12 15:50 - 00000000 ____D C:\Users\yorul\AppData\Local\NetworkTiles
2016-11-12 15:36 - 2016-11-12 15:54 - 00000000 ____D C:\Users\yorul\AppData\Local\MicrosoftEdge
2016-11-12 15:35 - 2016-11-12 15:35 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Macromedia
2016-11-12 15:34 - 2016-11-12 15:34 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Intel Corporation
2016-11-12 15:34 - 2016-11-12 15:34 - 00000000 ____D C:\Users\yorul\AppData\Local\CareCenter
2016-11-12 15:33 - 2016-11-13 22:04 - 00000000 ___RD C:\Users\yorul\OneDrive
2016-11-12 15:33 - 2016-11-13 17:03 - 00002391 _____ C:\Users\yorul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-11-12 15:33 - 2016-11-13 12:46 - 00000000 ____D C:\Users\yorul\AppData\Local\clear.fi
2016-11-12 15:33 - 2016-11-12 15:33 - 00001337 _____ C:\Users\yorul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio-Manager.lnk
2016-11-12 15:33 - 2016-11-12 15:33 - 00000000 ____D C:\Users\yorul\PicStream
2016-11-12 15:33 - 2016-11-12 15:33 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Skype
2016-11-12 15:33 - 2016-11-12 15:33 - 00000000 ____D C:\Users\yorul\AppData\Local\Comms
2016-11-12 15:33 - 2016-11-12 15:33 - 00000000 ____D C:\Users\yorul\AppData\Local\AOP SDK
2016-11-12 15:33 - 2016-11-12 15:33 - 00000000 ____D C:\Users\yorul\AppData\Local\ActiveSync
2016-11-12 15:32 - 2016-11-12 15:32 - 00000000 ____D C:\Users\yorul\AppData\Local\Publishers
2016-11-12 15:31 - 2016-11-13 21:22 - 00000000 __SHD C:\Users\yorul\IntelGraphicsProfiles
2016-11-12 15:31 - 2016-11-13 19:13 - 00000000 ____D C:\Users\yorul\AppData\Local\NVIDIA Corporation
2016-11-12 15:31 - 2016-11-13 17:18 - 00000000 ____D C:\Users\yorul\AppData\Local\Packages
2016-11-12 15:31 - 2016-11-13 17:01 - 00000000 ____D C:\Users\yorul\AppData\Local\NVIDIA
2016-11-12 15:31 - 2016-11-12 15:31 - 00000000 ___HD C:\ProgramData\O949
2016-11-12 15:31 - 2016-11-12 15:31 - 00000000 ____D C:\Users\yorul\AppData\Roaming\Adobe
2016-11-12 15:31 - 2016-11-12 15:31 - 00000000 ____D C:\Users\yorul\AppData\Local\VirtualStore
2016-11-12 15:31 - 2016-11-12 15:31 - 00000000 ____D C:\Users\yorul\AppData\Local\TileDataLayer
2016-11-12 15:30 - 2016-11-12 15:30 - 00000000 ____D C:\Users\Public\App Explorer
2016-11-12 15:29 - 2016-11-12 15:29 - 00000000 ____D C:\Users\defaultuser0\AppData\Local\AOP SDK
2016-11-12 15:28 - 2016-11-13 12:47 - 00000000 ____D C:\Users\yorul\AppData\Local\Host App Service
2016-11-12 15:27 - 2016-11-12 15:27 - 00000000 ____D C:\WINDOWS\oem
2016-11-12 15:27 - 2016-11-12 15:27 - 00000000 ____D C:\ProgramData\Dashlane

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-11-13 21:29 - 2016-08-03 05:57 - 01478246 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-11-13 21:29 - 2016-07-16 23:51 - 00501812 _____ C:\WINDOWS\system32\perfh007.dat
2016-11-13 21:29 - 2016-07-16 23:51 - 00090164 _____ C:\WINDOWS\system32\perfc007.dat
2016-11-13 21:22 - 2016-07-16 07:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-11-13 21:14 - 2016-07-16 12:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-13 19:13 - 2016-08-03 05:49 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-11-13 19:12 - 2016-08-03 05:49 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-11-13 19:12 - 2016-07-16 12:45 - 00000000 ____D C:\WINDOWS\INF
2016-11-13 19:11 - 2016-07-16 12:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-11-13 19:10 - 2016-08-03 05:49 - 00000000 ____D C:\ProgramData\McAfee
2016-11-13 19:06 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-11-13 19:06 - 2015-10-30 08:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-11-13 17:36 - 2016-07-16 12:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-11-13 17:36 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-11-13 17:14 - 2016-09-07 20:17 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-11-13 17:13 - 2016-08-03 05:48 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-13 17:03 - 2016-08-03 05:49 - 00000000 ____D C:\Program Files\mcafee
2016-11-13 17:02 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-11-13 17:01 - 2016-02-13 14:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-13 16:46 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\rescache
2016-11-13 16:46 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows NT
2016-11-13 16:45 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-11-13 16:45 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Registration
2016-11-13 16:45 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-11-13 16:40 - 2016-07-16 12:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-11-13 16:39 - 2016-09-07 20:26 - 00000000 ____D C:\WINDOWS\system32\ihvmanager
2016-11-13 16:39 - 2016-09-07 20:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-11-13 16:39 - 2016-09-07 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2016-11-13 16:39 - 2016-08-03 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2016-11-13 16:39 - 2016-07-16 12:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-11-13 16:39 - 2016-07-16 07:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2016-11-13 16:39 - 2015-10-30 07:28 - 00000000 ____D C:\Users\Default.migrated
2016-11-13 16:37 - 2016-07-16 23:52 - 00000000 ____D C:\WINDOWS\OCR
2016-11-13 16:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-11-13 16:37 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-13 16:37 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-11-13 16:36 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-11-13 16:36 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-11-13 16:36 - 2016-07-16 12:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-13 16:36 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-11-13 16:35 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Help
2016-11-13 16:34 - 2016-07-16 12:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-11-13 16:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-13 16:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-13 16:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-13 16:31 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ___RD C:\Program Files\Windows Defender
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-11-13 16:26 - 2016-07-16 12:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-11-13 16:26 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-11-13 16:26 - 2016-07-16 07:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-11-13 16:25 - 2016-07-16 12:47 - 00015425 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-11-13 16:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-11-13 16:18 - 2016-07-16 12:47 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-11-13 16:12 - 2016-07-17 00:55 - 00000000 ___HD C:\$WINDOWS.~BT
2016-11-13 14:01 - 2016-09-07 20:33 - 00000000 ____D C:\ProgramData\Acer
2016-11-13 12:48 - 2016-09-07 20:32 - 00000000 ____D C:\Program Files (x86)\Acer
2016-11-13 12:48 - 2016-08-03 06:34 - 00000000 ___HD C:\OEM
2016-11-13 12:48 - 2015-10-30 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-11-13 12:48 - 2015-10-30 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-11-12 15:52 - 2016-09-07 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-12 15:32 - 2016-08-03 05:48 - 00000000 ____D C:\Program Files\Acer
2016-11-12 15:30 - 2016-08-03 05:48 - 00000000 ____D C:\ProgramData\OEM
2016-10-29 00:56 - 2016-07-16 12:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-29 00:56 - 2016-07-16 12:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-25 21:18 - 2016-09-07 20:16 - 00047672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2016-11-13 15:01 - 2016-11-13 15:01 - 0007597 _____ () C:\Users\yorul\AppData\Local\Resmon.ResmonCfg
2016-11-13 16:35 - 2016-11-13 16:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Einige Dateien in TEMP:
====================
C:\Users\yorul\AppData\Local\Temp\libeay32.dll
C:\Users\yorul\AppData\Local\Temp\msvcr120.dll
C:\Users\yorul\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-11-13 16:34

==================== Ende von FRST.txt ============================
         

Alt 15.11.2016, 11:09   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:


    ByteFence Anti-Malware


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.11.2016, 21:10   #8
voxppl
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



ByteFence ist deinstalliert. Was soll ich gegen die Trojaner tun oder gibt es überhaupt eine Gefahr?

Alt 16.11.2016, 01:10   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



1. Schritt: Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers




2. Schritt: Kaspersky TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.11.2016, 18:22   #10
voxppl
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



Hier sind die Logfiles:

Malware Anti-Rookit:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2016.11.16.08
  rootkit: v2016.10.31.01

Windows 10 x64 NTFS
Internet Explorer 11.447.14393.0
yorul :: LAPTOP-LTTG5V9H [administrator]

16.11.2016 17:46:07
mbar-log-2016-11-16 (17-46-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 313699
Time elapsed: 8 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
TDSS-Killer:
Code:
ATTFilter
17:59:18.0446 0x2730  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
17:59:18.0446 0x2730  UEFI system
17:59:22.0922 0x2730  ============================================================
17:59:22.0922 0x2730  Current date / time: 2016/11/16 17:59:22.0922
17:59:22.0938 0x2730  SystemInfo:
17:59:22.0938 0x2730  
17:59:22.0938 0x2730  OS Version: 10.0.14393 ServicePack: 0.0
17:59:22.0938 0x2730  Product type: Workstation
17:59:22.0938 0x2730  ComputerName: LAPTOP-LTTG5V9H
17:59:22.0938 0x2730  UserName: yorul
17:59:22.0938 0x2730  Windows directory: C:\WINDOWS
17:59:22.0938 0x2730  System windows directory: C:\WINDOWS
17:59:22.0938 0x2730  Running under WOW64
17:59:22.0938 0x2730  Processor architecture: Intel x64
17:59:22.0938 0x2730  Number of processors: 4
17:59:22.0938 0x2730  Page size: 0x1000
17:59:22.0938 0x2730  Boot type: Normal boot
17:59:22.0938 0x2730  CodeIntegrityOptions = 0x00000001
17:59:22.0938 0x2730  ============================================================
17:59:23.0123 0x2730  KLMD registered as C:\WINDOWS\system32\drivers\49453844.sys
17:59:23.0123 0x2730  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.447, osProperties = 0x19
17:59:23.0491 0x2730  System UUID: {D2803032-6124-2873-D265-A2CE7EAEF29F}
17:59:25.0362 0x2730  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:25.0362 0x2730  Drive \Device\Harddisk1\DR1 - Size: 0x1DCF856000 ( 119.24 Gb ), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:59:25.0377 0x2730  ============================================================
17:59:25.0377 0x2730  \Device\Harddisk0\DR0:
17:59:25.0377 0x2730  GPT partitions:
17:59:25.0377 0x2730  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A1030B92-9171-4F39-BE39-720B22436B35}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0x74706000
17:59:25.0377 0x2730  MBR partitions:
17:59:25.0377 0x2730  \Device\Harddisk1\DR1:
17:59:25.0377 0x2730  GPT partitions:
17:59:25.0377 0x2730  \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {F6F8BDBF-674B-4DFA-BC6E-85119301DDAE}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x32000
17:59:25.0377 0x2730  \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {3033FD18-A9CC-4F01-BEC4-2DB8A6FB0B55}, Name: Microsoft reserved partition, StartLBA 0x32800, BlocksNum 0x8000
17:59:25.0377 0x2730  \Device\Harddisk1\DR1\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {A86C0EE0-7251-4F1D-BA59-D917C97A3041}, Name: Basic data partition, StartLBA 0x3A800, BlocksNum 0xEC41800
17:59:25.0377 0x2730  \Device\Harddisk1\DR1\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {C26858B9-8FF2-4F91-A201-1CC626B7C384}, Name: Basic data partition, StartLBA 0xEC7C000, BlocksNum 0x200000
17:59:25.0377 0x2730  MBR partitions:
17:59:25.0377 0x2730  ============================================================
17:59:25.0393 0x2730  C: <-> \Device\Harddisk1\DR1\Partition3
17:59:25.0393 0x2730  D: <-> \Device\Harddisk0\DR0\Partition1
17:59:25.0393 0x2730  ============================================================
17:59:25.0393 0x2730  Initialize success
17:59:25.0393 0x2730  ============================================================
18:01:05.0848 0x1f44  ============================================================
18:01:05.0848 0x1f44  Scan started
18:01:05.0848 0x1f44  Mode: Manual; SigCheck; TDLFS; 
18:01:05.0848 0x1f44  ============================================================
18:01:05.0848 0x1f44  KSN ping started
18:01:05.0994 0x1f44  KSN ping finished: true
18:01:06.0464 0x1f44  ================ Scan system memory ========================
18:01:06.0464 0x1f44  System memory - ok
18:01:06.0464 0x1f44  ================ Scan services =============================
18:01:06.0495 0x1f44  1394ohci - ok
18:01:06.0495 0x1f44  3ware - ok
18:01:06.0495 0x1f44  ACPI - ok
18:01:06.0495 0x1f44  AcpiDev - ok
18:01:06.0495 0x1f44  acpiex - ok
18:01:06.0511 0x1f44  acpipagr - ok
18:01:06.0511 0x1f44  AcpiPmi - ok
18:01:06.0511 0x1f44  acpitime - ok
18:01:06.0511 0x1f44  ADP80XX - ok
18:01:06.0511 0x1f44  AFD - ok
18:01:06.0527 0x1f44  ahcache - ok
18:01:06.0527 0x1f44  AJRouter - ok
18:01:06.0527 0x1f44  ALG - ok
18:01:06.0527 0x1f44  AmdK8 - ok
18:01:06.0527 0x1f44  AmdPPM - ok
18:01:06.0527 0x1f44  amdsata - ok
18:01:06.0544 0x1f44  amdsbs - ok
18:01:06.0546 0x1f44  amdxata - ok
18:01:06.0549 0x1f44  AppID - ok
18:01:06.0549 0x1f44  AppIDSvc - ok
18:01:06.0549 0x1f44  Appinfo - ok
18:01:06.0549 0x1f44  applockerfltr - ok
18:01:06.0549 0x1f44  AppReadiness - ok
18:01:06.0549 0x1f44  AppXSvc - ok
18:01:06.0565 0x1f44  arcsas - ok
18:01:06.0565 0x1f44  AsyncMac - ok
18:01:06.0565 0x1f44  atapi - ok
18:01:06.0565 0x1f44  [ C345E697B68BE9A45BB6CBD03F1E66F2, F50E0CC874A67A9EED3C792599ADA92C888348E7256663F7C784FBBF51D19EAC ] AtherosSvc      C:\WINDOWS\system32\AdminService.exe
18:01:06.0612 0x1f44  AtherosSvc - ok
18:01:06.0612 0x1f44  AudioEndpointBuilder - ok
18:01:06.0612 0x1f44  Audiosrv - ok
18:01:06.0627 0x1f44  AxInstSV - ok
18:01:06.0627 0x1f44  b06bdrv - ok
18:01:06.0627 0x1f44  BasicDisplay - ok
18:01:06.0627 0x1f44  BasicRender - ok
18:01:06.0627 0x1f44  bcmfn - ok
18:01:06.0645 0x1f44  bcmfn2 - ok
18:01:06.0648 0x1f44  BDESVC - ok
18:01:06.0649 0x1f44  Beep - ok
18:01:06.0649 0x1f44  BFE - ok
18:01:06.0649 0x1f44  BITS - ok
18:01:06.0649 0x1f44  bowser - ok
18:01:06.0649 0x1f44  BrokerInfrastructure - ok
18:01:06.0649 0x1f44  Browser - ok
18:01:06.0665 0x1f44  [ 7170961E98A4F47175972D7F096AA7C5, 8D060277A7C1371DBA1CAFBFB23632664FFFFD3FA2B512F811A25C1871E5CE7D ] BtFilter        C:\WINDOWS\system32\DRIVERS\btfilter.sys
18:01:06.0680 0x1f44  BtFilter - ok
18:01:06.0680 0x1f44  BthAvrcpTg - ok
18:01:06.0696 0x1f44  BthEnum - ok
18:01:06.0696 0x1f44  BthHFEnum - ok
18:01:06.0696 0x1f44  bthhfhid - ok
18:01:06.0696 0x1f44  BthHFSrv - ok
18:01:06.0696 0x1f44  BthLEEnum - ok
18:01:06.0712 0x1f44  BTHMODEM - ok
18:01:06.0712 0x1f44  BthPan - ok
18:01:06.0712 0x1f44  BTHPORT - ok
18:01:06.0712 0x1f44  bthserv - ok
18:01:06.0712 0x1f44  BTHUSB - ok
18:01:06.0712 0x1f44  buttonconverter - ok
18:01:06.0727 0x1f44  CapImg - ok
18:01:06.0764 0x1f44  [ 4147B5CA0C368FFE0FCE4116F558986A, F466B4556A140321B8F87C486CEBFB223D37526D877343BB6DA8FEFD03E16396 ] CCDMonitorService C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
18:01:06.0827 0x1f44  CCDMonitorService - ok
18:01:06.0843 0x1f44  cdfs - ok
18:01:06.0846 0x1f44  CDPSvc - ok
18:01:06.0849 0x1f44  CDPUserSvc - ok
18:01:06.0849 0x1f44  cdrom - ok
18:01:06.0849 0x1f44  CertPropSvc - ok
18:01:06.0849 0x1f44  [ 3CA560EE2846FCC7A212ECC0A30AA24B, AF23987DA4F9EC2BC524C787F30BE49C34A3F9716E32046F510766E1F3A08A9A ] cfwids          C:\WINDOWS\system32\drivers\cfwids.sys
18:01:06.0864 0x1f44  cfwids - ok
18:01:06.0864 0x1f44  cht4iscsi - ok
18:01:06.0864 0x1f44  cht4vbd - ok
18:01:06.0864 0x1f44  circlass - ok
18:01:06.0880 0x1f44  CLFS - ok
18:01:06.0949 0x1f44  [ 6594CC3A25DD830E2DFE16C19A74D03A, 43A4FFEB5A9A6522D9AFC97CB9F34D0DC1B64C43D7FC048929F333BA8E3DBAFB ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
18:01:07.0012 0x1f44  ClickToRunSvc - ok
18:01:07.0027 0x1f44  ClipSVC - ok
18:01:07.0027 0x1f44  clreg - ok
18:01:07.0049 0x1f44  CmBatt - ok
18:01:07.0049 0x1f44  CNG - ok
18:01:07.0049 0x1f44  cnghwassist - ok
18:01:07.0065 0x1f44  CompositeBus - ok
18:01:07.0065 0x1f44  COMSysApp - ok
18:01:07.0081 0x1f44  condrv - ok
18:01:07.0081 0x1f44  CoreMessagingRegistrar - ok
18:01:07.0112 0x1f44  [ E6A74D6809627A710997A7747DFF2BFA, 21B54A7854EA4FCAECA2F4DADA4456C7007586F89798F91464712B8A5304544F ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
18:01:07.0127 0x1f44  cphs - ok
18:01:07.0127 0x1f44  [ 5F96FF5D314B4D48F4ACA55ED69476AC, EA9A903706E4C62C141496346A55E4E8A78EF9B216E7A668FA1898BA39EBCDE9 ] cplspcon        C:\WINDOWS\system32\IntelCpHDCPSvc.exe
18:01:07.0149 0x1f44  cplspcon - ok
18:01:07.0149 0x1f44  CryptSvc - ok
18:01:07.0149 0x1f44  dam - ok
18:01:07.0165 0x1f44  [ B1103FA76424EFF92DB144A751021606, 5A5F6CE6F85E9B373DE7C9E402031A6E4F0025798F9A51B440E901B7D8BB9582 ] Dashlane Upgrade Service C:\Program Files (x86)\Dashlane\Upgrade\DashlaneUpgradeService.exe
18:01:07.0165 0x1f44  Dashlane Upgrade Service - ok
18:01:07.0180 0x1f44  DcomLaunch - ok
18:01:07.0180 0x1f44  DcpSvc - ok
18:01:07.0180 0x1f44  defragsvc - ok
18:01:07.0180 0x1f44  DeviceAssociationService - ok
18:01:07.0180 0x1f44  DeviceInstall - ok
18:01:07.0196 0x1f44  DevQueryBroker - ok
18:01:07.0196 0x1f44  Dfsc - ok
18:01:07.0196 0x1f44  Dhcp - ok
18:01:07.0196 0x1f44  diagnosticshub.standardcollector.service - ok
18:01:07.0196 0x1f44  DiagTrack - ok
18:01:07.0196 0x1f44  disk - ok
18:01:07.0212 0x1f44  DmEnrollmentSvc - ok
18:01:07.0212 0x1f44  dmvsc - ok
18:01:07.0212 0x1f44  dmwappushservice - ok
18:01:07.0212 0x1f44  Dnscache - ok
18:01:07.0212 0x1f44  dot3svc - ok
18:01:07.0227 0x1f44  DPS - ok
18:01:07.0227 0x1f44  drmkaud - ok
18:01:07.0227 0x1f44  DsmSvc - ok
18:01:07.0227 0x1f44  DsSvc - ok
18:01:07.0227 0x1f44  DXGKrnl - ok
18:01:07.0227 0x1f44  EapHost - ok
18:01:07.0245 0x1f44  ebdrv - ok
18:01:07.0247 0x1f44  EFS - ok
18:01:07.0249 0x1f44  EhStorClass - ok
18:01:07.0249 0x1f44  EhStorTcgDrv - ok
18:01:07.0249 0x1f44  embeddedmode - ok
18:01:07.0249 0x1f44  EntAppSvc - ok
18:01:07.0249 0x1f44  ErrDev - ok
18:01:07.0265 0x1f44  [ 6E3D27F1FA0BEB3D1124A43C5CC516C8, 7354BBFEF4DA00B079B3A71909AC713475990201FE25FE7A8805CFBA15BC4414 ] ETDI2C          C:\WINDOWS\system32\DRIVERS\ETDI2C.sys
18:01:07.0265 0x1f44  ETDI2C - ok
18:01:07.0280 0x1f44  EventSystem - ok
18:01:07.0280 0x1f44  exfat - ok
18:01:07.0280 0x1f44  fastfat - ok
18:01:07.0280 0x1f44  Fax - ok
18:01:07.0280 0x1f44  fdc - ok
18:01:07.0296 0x1f44  fdPHost - ok
18:01:07.0296 0x1f44  FDResPub - ok
18:01:07.0296 0x1f44  fhsvc - ok
18:01:07.0296 0x1f44  FileCrypt - ok
18:01:07.0296 0x1f44  FileInfo - ok
18:01:07.0296 0x1f44  Filetrace - ok
18:01:07.0312 0x1f44  flpydisk - ok
18:01:07.0312 0x1f44  FltMgr - ok
18:01:07.0312 0x1f44  FontCache - ok
18:01:07.0312 0x1f44  FontCache3.0.0.0 - ok
18:01:07.0312 0x1f44  FrameServer - ok
18:01:07.0327 0x1f44  FsDepends - ok
18:01:07.0327 0x1f44  Fs_Rec - ok
18:01:07.0327 0x1f44  fvevol - ok
18:01:07.0327 0x1f44  gencounter - ok
18:01:07.0327 0x1f44  genericusbfn - ok
18:01:07.0327 0x1f44  GPIOClx0101 - ok
18:01:07.0345 0x1f44  gpsvc - ok
18:01:07.0349 0x1f44  GpuEnergyDrv - ok
18:01:07.0349 0x1f44  HDAudBus - ok
18:01:07.0349 0x1f44  HidBatt - ok
18:01:07.0349 0x1f44  HidBth - ok
18:01:07.0349 0x1f44  hidi2c - ok
18:01:07.0349 0x1f44  hidinterrupt - ok
18:01:07.0365 0x1f44  HidIr - ok
18:01:07.0365 0x1f44  hidserv - ok
18:01:07.0365 0x1f44  HidUsb - ok
18:01:07.0365 0x1f44  [ F60E629BADC03B5BCCF8AAE022651A64, 08D3BA75F3A43843F8F13D7EEA263E46A9452FAB3B30BFD389E4B0477675CB3B ] HipShieldK      C:\WINDOWS\system32\drivers\HipShieldK.sys
18:01:07.0380 0x1f44  HipShieldK - ok
18:01:07.0380 0x1f44  HomeGroupListener - ok
18:01:07.0380 0x1f44  HomeGroupProvider - ok
18:01:07.0396 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] HomeNetSvc      C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
18:01:07.0412 0x1f44  HomeNetSvc - ok
18:01:07.0412 0x1f44  HpSAMD - ok
18:01:07.0427 0x1f44  HTTP - ok
18:01:07.0427 0x1f44  HvHost - ok
18:01:07.0427 0x1f44  hvservice - ok
18:01:07.0427 0x1f44  hwpolicy - ok
18:01:07.0427 0x1f44  hyperkbd - ok
18:01:07.0444 0x1f44  i8042prt - ok
18:01:07.0446 0x1f44  iagpio - ok
18:01:07.0449 0x1f44  iai2c - ok
18:01:07.0449 0x1f44  iaLPSS2i_GPIO2 - ok
18:01:07.0449 0x1f44  iaLPSS2i_I2C - ok
18:01:07.0449 0x1f44  [ 6DD80E740B0A3BABDC14BE91E7A92832, 2A8931C662EBBE05E29FB2F588C2EB71A86E6A1DE93980C4226627BB91533EEB ] iaLPSS2_I2C     C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys
18:01:07.0465 0x1f44  iaLPSS2_I2C - ok
18:01:07.0465 0x1f44  iaLPSSi_GPIO - ok
18:01:07.0465 0x1f44  iaLPSSi_I2C - ok
18:01:07.0481 0x1f44  [ FAD8F30941428D201D9B235BBAB504B5, 7C9862C97FB49DF54703F08895DFEBA64A032CDFC9FE029C20CA2FF75306B162 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
18:01:07.0512 0x1f44  iaStorA - ok
18:01:07.0512 0x1f44  iaStorAV - ok
18:01:07.0527 0x1f44  [ F948363224B12576CF07574AC4282305, 93C00479CBEA246843ADC06B2BCA6396F85B0CFF3FCC70128880FCAE27932235 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
18:01:07.0527 0x1f44  IAStorDataMgrSvc - ok
18:01:07.0527 0x1f44  iaStorV - ok
18:01:07.0544 0x1f44  ibbus - ok
18:01:07.0548 0x1f44  icssvc - ok
18:01:07.0746 0x1f44  [ 2255230D3C185000D19B4A85B2C7E26C, D4F5D42E0A52D0794123C66F435ACD4CEF86729C11898E1E47108D1A0DD3E2B4 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
18:01:07.0912 0x1f44  igfx - ok
18:01:07.0928 0x1f44  [ 1CAEE28FB490F2B915EADBDC16CDB11D, 1C1D8EF2D057C2ACF367ED2099791FC01175764377CF1A5A48E14B89DBC4FA39 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
18:01:07.0950 0x1f44  igfxCUIService2.0.0.0 - ok
18:01:07.0966 0x1f44  IKEEXT - ok
18:01:07.0966 0x1f44  IndirectKmd - ok
18:01:08.0050 0x1f44  [ 048A8274D23D1C1586BEF1CFE84CFA8E, ECD0D1DB9CF190189F721DD2536E0E84BD7372B8DC0C11972752AF776EE70A1C ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
18:01:08.0128 0x1f44  IntcAzAudAddService - ok
18:01:08.0150 0x1f44  [ D77C4D2C3803F837096536BBE8CA2EEB, 8BADE29FC1D56E088F5A6747F9F9DCF314D28A6E1DC1DFAE36CDC68EDC1D4D2F ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
18:01:08.0182 0x1f44  IntcDAud - ok
18:01:08.0213 0x1f44  [ AE32376564771525DCDD2F0280619E1A, 233B7B272DCD9080DE7C9593EB7993745D1037EA87B69617E7176F074DFD5968 ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
18:01:08.0249 0x1f44  Intel(R) Capability Licensing Service TCP IP Interface - ok
18:01:08.0251 0x1f44  [ 618667DFB3E9E8D8AB98FD2ED8F6577C, 6F5FF6D710329E2B0FC390B29660B51FF73F41870F36EE567B2B34AD5044632A ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
18:01:08.0266 0x1f44  Intel(R) Security Assist - detected UnsignedFile.Multi.Generic ( 1 )
18:01:08.0429 0x1f44  Detect skipped due to KSN trusted
18:01:08.0429 0x1f44  Intel(R) Security Assist - ok
18:01:08.0429 0x1f44  intelide - ok
18:01:08.0429 0x1f44  intelpep - ok
18:01:08.0451 0x1f44  intelppm - ok
18:01:08.0451 0x1f44  [ 75D6798AE84D12C48B9C625AD2B180B9, 6E847B83C2C21442001C0B5A57DFE333D8CCF61DB3A7F655A1E1A9265A42645C ] IntelSSTSvc     C:\WINDOWS\system32\IntelSSTAPO\ParameterService\ParameterService.exe
18:01:08.0482 0x1f44  IntelSSTSvc - ok
18:01:08.0482 0x1f44  iorate - ok
18:01:08.0498 0x1f44  IpFilterDriver - ok
18:01:08.0498 0x1f44  iphlpsvc - ok
18:01:08.0498 0x1f44  IPMIDRV - ok
18:01:08.0513 0x1f44  IPNAT - ok
18:01:08.0513 0x1f44  irda - ok
18:01:08.0529 0x1f44  IRENUM - ok
18:01:08.0529 0x1f44  irmon - ok
18:01:08.0529 0x1f44  [ 8E3D5F919D6FB66557219343BD948B3D, BCE103FA09C75BB705C029356BBBB921584B166813162424D8E3CED0D20CF24E ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
18:01:08.0547 0x1f44  isaHelperSvc - detected UnsignedFile.Multi.Generic ( 1 )
18:01:08.0798 0x1f44  Detect skipped due to KSN trusted
18:01:08.0798 0x1f44  isaHelperSvc - ok
18:01:08.0798 0x1f44  isapnp - ok
18:01:08.0813 0x1f44  iScsiPrt - ok
18:01:08.0829 0x1f44  [ 9AF76317B69C9F336C18A4610DB3EF55, 20D5FDD2B0D5D9189C7892DDC68D2CADB8ABB4D683722CE46028E4692DF35C2C ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
18:01:08.0851 0x1f44  jhi_service - ok
18:01:08.0867 0x1f44  kbdclass - ok
18:01:08.0867 0x1f44  kbdhid - ok
18:01:08.0883 0x1f44  kdnic - ok
18:01:08.0883 0x1f44  KeyIso - ok
18:01:08.0898 0x1f44  KSecDD - ok
18:01:08.0898 0x1f44  KSecPkg - ok
18:01:08.0914 0x1f44  ksthunk - ok
18:01:08.0914 0x1f44  KtmRm - ok
18:01:08.0929 0x1f44  LanmanServer - ok
18:01:08.0929 0x1f44  LanmanWorkstation - ok
18:01:08.0951 0x1f44  lfsvc - ok
18:01:08.0951 0x1f44  LicenseManager - ok
18:01:08.0967 0x1f44  lltdio - ok
18:01:08.0967 0x1f44  lltdsvc - ok
18:01:08.0983 0x1f44  [ 73F2F6D3CA4A47F8CBEC77067D7BFC10, 5DFB2F42FBECFB66DE91FFC9A720F0F62BA7CFD5753EC421036D522D83D555B2 ] LMDriver        C:\WINDOWS\System32\drivers\LMDriver.sys
18:01:09.0014 0x1f44  LMDriver - ok
18:01:09.0014 0x1f44  lmhosts - ok
18:01:09.0029 0x1f44  [ DD79D7728F8E06BE4656E97B4BC20702, 657B5AF2CB59335EBEA41E3AD27BC21D90542D6AA9B187847264B932883FA29A ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
18:01:09.0067 0x1f44  LMS - ok
18:01:09.0067 0x1f44  LSI_SAS - ok
18:01:09.0067 0x1f44  LSI_SAS2i - ok
18:01:09.0067 0x1f44  LSI_SAS3i - ok
18:01:09.0083 0x1f44  LSI_SSS - ok
18:01:09.0083 0x1f44  LSM - ok
18:01:09.0083 0x1f44  luafv - ok
18:01:09.0083 0x1f44  MapsBroker - ok
18:01:09.0098 0x1f44  [ 78BFF5425E044086E74E78650A359FBB, 294738C10F3ED933D4EC40EA0659372FCF19A3C6D45D356917438CA495F2CB45 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
18:01:09.0098 0x1f44  MBAMProtector - ok
18:01:09.0993 0x1f44  [ 9611577752E293259C7DCE19E9026362, 8CB5DFD63FA15603BB6FA6B501E09ED7F4DE0E8F68CB28B78CECAC3711BEFD24 ] MBAMScheduler   D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe
18:01:10.0058 0x1f44  MBAMScheduler - ok
18:01:10.0077 0x1f44  [ F1A89A34388B5626F1548D393B23ECB1, EA00AC76C4C8C9340753B58A3313C9177A9B98F9F1BDE08F184CD0F53D0C186F ] MBAMService     D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe
18:01:10.0109 0x1f44  MBAMService - ok
18:01:10.0109 0x1f44  [ 78488AF2AB2111D67B3C4044707A519B, 7AA71B9C4C7949A1A21F60EF7CCEDE0079794990696B60557B5DC86F4D47223A ] MBAMSwissArmy   C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
18:01:10.0124 0x1f44  MBAMSwissArmy - ok
18:01:10.0124 0x1f44  [ 898415AC0B5F1D2A9A48ABCB68A6DC4B, E1FD9AE5E22E3E5A18288E66A6184E92A4B63A1274DCE147A7728BB09C6A225E ] MBAMWebAccessControl C:\WINDOWS\system32\drivers\mwac.sys
18:01:10.0140 0x1f44  MBAMWebAccessControl - ok
18:01:10.0140 0x1f44  [ 963E110F8189126FD175EDA853612B42, B4E45D42767E582590B730FBC50E6108362896954B5D3A58FB5201C4206341A0 ] McAfee SiteAdvisor Service C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
18:01:10.0160 0x1f44  McAfee SiteAdvisor Service - ok
18:01:10.0178 0x1f44  [ 874223D1130311F1C44D7BA4CACE852F, 54A6EF3CB0F445108F108C7F9EC5F3888800E9CDC2BB63F632E1FCD4DC37FD85 ] McAPExe         C:\Program Files\McAfee\MSC\McAPExe.exe
18:01:10.0193 0x1f44  McAPExe - ok
18:01:10.0209 0x1f44  [ 793F604D15996AFD397B1326AD8C3A40, 34099AB4FE63D9902E32BF6360E7DCA45E6AF083269DA04927FC400278084E2F ] McAWFwk         C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
18:01:10.0240 0x1f44  McAWFwk - ok
18:01:10.0262 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McBootDelayStartSvc C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
18:01:10.0277 0x1f44  McBootDelayStartSvc - ok
18:01:10.0309 0x1f44  [ 40B02F6D4B331443CC7E879BCD87100F, ACF976DC9565A905F71EFE9A25516A0F1B128E70B961B8D8256F51474B1F78D7 ] mccspsvc        C:\Program Files\Common Files\McAfee\CSP\1.9.829.0\\McCSPServiceHost.exe
18:01:10.0360 0x1f44  mccspsvc - ok
18:01:10.0362 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McMPFSvc        C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
18:01:10.0378 0x1f44  McMPFSvc - ok
18:01:10.0393 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McNaiAnn        C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
18:01:10.0409 0x1f44  McNaiAnn - ok
18:01:10.0425 0x1f44  [ 9151C5CDF8489F9FFE9854601FDA9A0F, 6E080E216EE1F16A7B72B3F42434F34C75A8082A3CBAAF7265116CCD22AFE582 ] McODS           C:\Program Files\mcafee\VirusScan\mcods.exe
18:01:10.0456 0x1f44  McODS - ok
18:01:10.0462 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] mcpltsvc        C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
18:01:10.0478 0x1f44  mcpltsvc - ok
18:01:10.0494 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] McProxy         C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
18:01:10.0509 0x1f44  McProxy - ok
18:01:10.0509 0x1f44  megasas - ok
18:01:10.0509 0x1f44  megasas2i - ok
18:01:10.0525 0x1f44  megasr - ok
18:01:10.0525 0x1f44  [ 1039E2C190060B1A51289B47493DA456, 96B67CD5341F6118063F1C318DDAC86089966E274FEB4EC46F934BBE98C01032 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
18:01:10.0541 0x1f44  MEIx64 - ok
18:01:10.0541 0x1f44  MessagingService - ok
18:01:10.0563 0x1f44  [ 22CE39824DECE03C8DEF8832F029E3ED, C036E7E28BD4B90B29AF5B389486836137DCF9AB371D9D98CB12AD06F4107015 ] mfeaack         C:\WINDOWS\system32\drivers\mfeaack.sys
18:01:10.0578 0x1f44  mfeaack - ok
18:01:10.0578 0x1f44  [ FB9188B17958E6DFE959D23281547605, A595D8D9A34BF390AA648883FCBAF38E96B896FAD43D97EA4F4DA791812626F2 ] mfeavfk         C:\WINDOWS\system32\drivers\mfeavfk.sys
18:01:10.0594 0x1f44  mfeavfk - ok
18:01:10.0594 0x1f44  [ 7257ECF649C19DCBEB3B5CFF5B9323EC, 1A0D0B2DDFD00628E891B5667143C8AFB698F21242574457E5222D7F6ACD5A61 ] mfeelamk        C:\WINDOWS\system32\drivers\mfeelamk.sys
18:01:10.0610 0x1f44  mfeelamk - ok
18:01:10.0625 0x1f44  [ 95A4DC60385F57418BD3361262D5F7C8, 5FAAE03B306710509E36A7B77DE9D36E4A1A38832403C29247E1A8B8C1D918B3 ] mfefire         C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:01:10.0625 0x1f44  mfefire - ok
18:01:10.0641 0x1f44  [ A2163D325F01DA86E140C91D3560C95E, 49D94BA855746591E545A6C82690E5F0B228E43FDD5AE3940F2D62835BFD7A96 ] mfefirek        C:\WINDOWS\system32\drivers\mfefirek.sys
18:01:10.0663 0x1f44  mfefirek - ok
18:01:10.0679 0x1f44  [ C30A6CB5A1B908643EEE9651E94BFE92, 394CDE243A10E5AB91FF27E722E4E8E23B5AC50EEB2A8D6A7BDB37DB0A0E23FB ] mfehidk         C:\WINDOWS\system32\drivers\mfehidk.sys
18:01:10.0710 0x1f44  mfehidk - ok
18:01:10.0725 0x1f44  [ 8703CE0AF859D00B37254E1858E68B40, 09D27BEDA8290DB3C2FBC4CCD8AA86AA8761E9975EBEF0260CA9BB57468F4025 ] mfemms          C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
18:01:10.0761 0x1f44  mfemms - ok
18:01:10.0779 0x1f44  [ 34812CE00FAE95A6275D6B58072457F5, 23118A5E58F88AF5B8C5D4C15AEFA99C47D37A8E8C8FBF840DEEECC3C483AD8B ] mfencbdc        C:\WINDOWS\system32\DRIVERS\mfencbdc.sys
18:01:10.0810 0x1f44  mfencbdc - ok
18:01:10.0810 0x1f44  [ CF9D4FCA3A5C737DCF72B9F94BB0AC62, 8534DADB74EF745F50A1A148DE5CBAD573B890C604CDA08276CDE3D5C2E8788F ] mfencrk         C:\WINDOWS\system32\DRIVERS\mfencrk.sys
18:01:10.0826 0x1f44  mfencrk - ok
18:01:10.0826 0x1f44  [ DA49A90A69B3284FD11B6F02D0209A99, 759380964E6450FF21FB9A2BD23BA0394B005EC332E714D40D47262FCDC6CFE9 ] mfesapsn        C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys
18:01:10.0826 0x1f44  mfesapsn - ok
18:01:10.0841 0x1f44  [ 8DFE9C58B1509E3BBC6FD92B954204D9, 72D519AB2F5E3A335C61C1B632BB846FCD6406194EC36E965D52C1028E68FB33 ] mfevtp          C:\Windows\system32\mfevtps.exe
18:01:10.0858 0x1f44  mfevtp - ok
18:01:10.0864 0x1f44  [ ECDFB70AB9C0DC93E0A7AE4B0893E39F, 5021C95E01870C35A3B6A5423E8BA432B4CC2014B8C6B5FD766393A963C59C35 ] mfewfpk         C:\WINDOWS\system32\drivers\mfewfpk.sys
18:01:10.0864 0x1f44  mfewfpk - ok
18:01:10.0879 0x1f44  mlx4_bus - ok
18:01:10.0879 0x1f44  MMCSS - ok
18:01:10.0879 0x1f44  Modem - ok
18:01:10.0911 0x1f44  [ DFB4BC8B5CD8C85D0BD9E608898901FB, AB3BB7FA2D23A5B7815E85F7A73E3F36E95D8FD895F76FA9936AD4C1DA1849EF ] ModuleCoreService C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
18:01:10.0942 0x1f44  ModuleCoreService - ok
18:01:10.0942 0x1f44  monitor - ok
18:01:10.0959 0x1f44  mouclass - ok
18:01:10.0962 0x1f44  mouhid - ok
18:01:10.0963 0x1f44  mountmgr - ok
18:01:10.0963 0x1f44  [ 9EA771C01B8F99360F5BE1F732C59C3F, 69868A00F29379E822DC5A77EB4372CCAD690D2BDF10FEABB79C987527730FD5 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:01:10.0979 0x1f44  MozillaMaintenance - ok
18:01:10.0979 0x1f44  mpsdrv - ok
18:01:10.0979 0x1f44  MpsSvc - ok
18:01:10.0979 0x1f44  MRxDAV - ok
18:01:10.0979 0x1f44  mrxsmb - ok
18:01:10.0979 0x1f44  mrxsmb10 - ok
18:01:10.0995 0x1f44  mrxsmb20 - ok
18:01:10.0995 0x1f44  MsBridge - ok
18:01:10.0995 0x1f44  MSDTC - ok
18:01:10.0995 0x1f44  Msfs - ok
18:01:10.0995 0x1f44  msgpiowin32 - ok
18:01:11.0010 0x1f44  mshidkmdf - ok
18:01:11.0010 0x1f44  mshidumdf - ok
18:01:11.0010 0x1f44  msisadrv - ok
18:01:11.0010 0x1f44  MSiSCSI - ok
18:01:11.0010 0x1f44  msiserver - ok
18:01:11.0026 0x1f44  [ FFD55794A830AA05BF4E59D724D7D344, 2BD84931D4BF21A128319E48D55394C8415F42FC1D1CC71C08C6C2792BA1480E ] MSK80Service    C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
18:01:11.0042 0x1f44  MSK80Service - ok
18:01:11.0042 0x1f44  MSKSSRV - ok
18:01:11.0058 0x1f44  MsLldp - ok
18:01:11.0061 0x1f44  MSPCLOCK - ok
18:01:11.0063 0x1f44  MSPQM - ok
18:01:11.0063 0x1f44  MsRPC - ok
18:01:11.0063 0x1f44  mssmbios - ok
18:01:11.0063 0x1f44  MSTEE - ok
18:01:11.0063 0x1f44  MTConfig - ok
18:01:11.0079 0x1f44  Mup - ok
18:01:11.0079 0x1f44  mvumis - ok
18:01:11.0079 0x1f44  NativeWifiP - ok
18:01:11.0079 0x1f44  NcaSvc - ok
18:01:11.0079 0x1f44  NcbService - ok
18:01:11.0094 0x1f44  NcdAutoSetup - ok
18:01:11.0094 0x1f44  ndfltr - ok
18:01:11.0094 0x1f44  NDIS - ok
18:01:11.0094 0x1f44  NdisCap - ok
18:01:11.0094 0x1f44  NdisImPlatform - ok
18:01:11.0094 0x1f44  NdisTapi - ok
18:01:11.0110 0x1f44  Ndisuio - ok
18:01:11.0110 0x1f44  NdisVirtualBus - ok
18:01:11.0110 0x1f44  NdisWan - ok
18:01:11.0110 0x1f44  ndiswanlegacy - ok
18:01:11.0110 0x1f44  ndproxy - ok
18:01:11.0110 0x1f44  Ndu - ok
18:01:11.0126 0x1f44  NetAdapterCx - ok
18:01:11.0126 0x1f44  NetBIOS - ok
18:01:11.0126 0x1f44  NetBT - ok
18:01:11.0126 0x1f44  Netlogon - ok
18:01:11.0126 0x1f44  Netman - ok
18:01:11.0141 0x1f44  netprofm - ok
18:01:11.0141 0x1f44  NetSetupSvc - ok
18:01:11.0141 0x1f44  NetTcpPortSharing - ok
18:01:11.0159 0x1f44  NgcCtnrSvc - ok
18:01:11.0162 0x1f44  NgcSvc - ok
18:01:11.0163 0x1f44  NlaSvc - ok
18:01:11.0163 0x1f44  Npfs - ok
18:01:11.0163 0x1f44  npsvctrig - ok
18:01:11.0163 0x1f44  nsi - ok
18:01:11.0163 0x1f44  nsiproxy - ok
18:01:11.0179 0x1f44  NTFS - ok
18:01:11.0179 0x1f44  Null - ok
18:01:11.0195 0x1f44  [ 4B485A3EDCEE3099D1535246519F384B, 767AC69F222EF6E2660A8A36AA2C44D14753B6D35EA6DB6106DCA64BAA4E8844 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
18:01:11.0195 0x1f44  NvContainerLocalSystem - ok
18:01:11.0210 0x1f44  [ 4B485A3EDCEE3099D1535246519F384B, 767AC69F222EF6E2660A8A36AA2C44D14753B6D35EA6DB6106DCA64BAA4E8844 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
18:01:11.0226 0x1f44  NvContainerNetworkService - ok
18:01:11.0242 0x1f44  [ 223347DBFA3CD1AD212064FD9C0B6AB6, 9712368864FB51E2D0A89BCA0FC62C900134D596B940B9C59955EE1629B5BF6B ] NVIDIA Wireless Controller Service C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe
18:01:11.0279 0x1f44  NVIDIA Wireless Controller Service - ok
18:01:11.0542 0x1f44  [ 25C83321B51908E5F35F1ED17F443591, FDF9BFCAEDD16960113292BA5527CCFC88FC27B017F098A30AFE1EAD361DFB0D ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvaci.inf_amd64_6b197c374d22a686\nvlddmkm.sys
18:01:11.0785 0x1f44  nvlddmkm - ok
18:01:11.0804 0x1f44  nvraid - ok
18:01:11.0807 0x1f44  nvstor - ok
18:01:11.0811 0x1f44  [ 09B0552CD55D7475FB6FCE6816BB7B0A, 3B880308A71AAD4301DDE7228AE5B52DB95E0C7F6AC41CC91586039E56AFCB4B ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:01:11.0818 0x1f44  NvStreamKms - ok
18:01:11.0823 0x1f44  [ 723938468EF91020E98AC1FBE7654AAA, 34A32570E1FF35103F45A1B570B3511D29CF7F4EA5D8D5BB4E4A062414F5078B ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
18:01:11.0824 0x1f44  nvvad_WaveExtensible - ok
18:01:11.0824 0x1f44  OneSyncSvc - ok
18:01:11.0839 0x1f44  [ 63511820A101C1C5DB95B9ECFFEDA089, AD517FFE1FFD103FF1F371A0406CA8CDCAD762CE4DDC829759BE1914F4DF0675 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:01:11.0855 0x1f44  ose - ok
18:01:11.0855 0x1f44  p2pimsvc - ok
18:01:11.0855 0x1f44  p2psvc - ok
18:01:11.0855 0x1f44  Parport - ok
18:01:11.0870 0x1f44  partmgr - ok
18:01:11.0870 0x1f44  PcaSvc - ok
18:01:11.0870 0x1f44  pci - ok
18:01:11.0870 0x1f44  pciide - ok
18:01:11.0870 0x1f44  pcmcia - ok
18:01:11.0886 0x1f44  pcw - ok
18:01:11.0886 0x1f44  pdc - ok
18:01:11.0886 0x1f44  PEAUTH - ok
18:01:11.0917 0x1f44  [ EDD4C63050ED1821B4C92D06FFD7180B, 33C6B54147771C813CD78CEF66C0A76CA50D9F1D13D41E6764310BF8C0D8D89D ] PEFService      C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
18:01:11.0939 0x1f44  PEFService - ok
18:01:11.0939 0x1f44  percsas2i - ok
18:01:11.0939 0x1f44  percsas3i - ok
18:01:11.0955 0x1f44  PerfHost - ok
18:01:11.0970 0x1f44  PhoneSvc - ok
18:01:11.0970 0x1f44  PimIndexMaintenanceSvc - ok
18:01:11.0970 0x1f44  pla - ok
18:01:11.0970 0x1f44  PlugPlay - ok
18:01:11.0986 0x1f44  PNRPAutoReg - ok
18:01:11.0986 0x1f44  PNRPsvc - ok
18:01:11.0986 0x1f44  PolicyAgent - ok
18:01:11.0986 0x1f44  Power - ok
18:01:11.0986 0x1f44  PptpMiniport - ok
18:01:12.0101 0x1f44  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
18:01:12.0201 0x1f44  PrintNotify - ok
18:01:12.0219 0x1f44  Processor - ok
18:01:12.0222 0x1f44  ProfSvc - ok
18:01:12.0224 0x1f44  Psched - ok
18:01:12.0224 0x1f44  [ 130CF61C87176675BDA0C4D2FA45970E, 73684C4FC6E642AE05A3DD4EF729B05538DF11BF939BF2C18F0EF89299000E20 ] QALSvc          C:\Program Files\Acer\Acer Quick Access\QALSvc.exe
18:01:12.0239 0x1f44  QALSvc - ok
18:01:12.0255 0x1f44  [ CCD6DB13256BDCF23C2B6A5F4F10ACA2, AB74084FC2CA08E77B5EBDC76E781D4500B21DFF8FB9609FFCEFCAB2937BDD0B ] QASvc           C:\Program Files\Acer\Acer Quick Access\QASvc.exe
18:01:12.0270 0x1f44  QASvc - ok
18:01:12.0320 0x1f44  [ 2B3EB6B0F8B2A59EBAA664FC64C27A70, 9FEB2FC4610D032427976A48FAA64DE567C763F20C3CC04E8E64F1B5DE992740 ] Qcamain10x64    C:\WINDOWS\system32\DRIVERS\Qcamain10x64.sys
18:01:12.0356 0x1f44  Qcamain10x64 - ok
18:01:12.0356 0x1f44  QWAVE - ok
18:01:12.0372 0x1f44  QWAVEdrv - ok
18:01:12.0372 0x1f44  [ 3977A5DC4BCD101728576E1BBB02079C, C507B148075B88D1BC1A7A09EB42988443C21910CB97CD30CD498A9688D19B68 ] RadioShim       C:\WINDOWS\System32\drivers\RadioShim.sys
18:01:12.0372 0x1f44  RadioShim - ok
18:01:12.0372 0x1f44  RasAcd - ok
18:01:12.0387 0x1f44  RasAgileVpn - ok
18:01:12.0387 0x1f44  RasAuto - ok
18:01:12.0387 0x1f44  Rasl2tp - ok
18:01:12.0387 0x1f44  RasMan - ok
18:01:12.0387 0x1f44  RasPppoe - ok
18:01:12.0403 0x1f44  RasSstp - ok
18:01:12.0403 0x1f44  rdbss - ok
18:01:12.0403 0x1f44  rdpbus - ok
18:01:12.0403 0x1f44  RDPDR - ok
18:01:12.0420 0x1f44  RdpVideoMiniport - ok
18:01:12.0422 0x1f44  rdyboost - ok
18:01:12.0424 0x1f44  ReFSv1 - ok
18:01:12.0424 0x1f44  RemoteAccess - ok
18:01:12.0424 0x1f44  RemoteRegistry - ok
18:01:12.0424 0x1f44  RetailDemo - ok
18:01:12.0424 0x1f44  RFCOMM - ok
18:01:12.0439 0x1f44  RmSvc - ok
18:01:12.0439 0x1f44  RpcEptMapper - ok
18:01:12.0439 0x1f44  RpcLocator - ok
18:01:12.0439 0x1f44  RpcSs - ok
18:01:12.0439 0x1f44  rspndr - ok
18:01:12.0470 0x1f44  [ E74FB6DC8D8140BB30B21695D79144ED, C3E62EAD0532B70ABAC671E5171291E719AD1833B98D476F154CBFD80487762C ] rt640x64        C:\WINDOWS\System32\drivers\rt640x64.sys
18:01:12.0486 0x1f44  rt640x64 - ok
18:01:12.0502 0x1f44  [ 1AD7DCCDACD8C48CD68CFA51AE805156, 2E6B7B52C7E137B35C149B9835115468A7B94CFA470CA92446F123D2F99E04CF ] RTSPER          C:\WINDOWS\system32\DRIVERS\RtsPer.sys
18:01:12.0523 0x1f44  RTSPER - ok
18:01:12.0523 0x1f44  s3cap - ok
18:01:12.0523 0x1f44  SamSs - ok
18:01:12.0539 0x1f44  sbp2port - ok
18:01:12.0539 0x1f44  SCardSvr - ok
18:01:12.0539 0x1f44  ScDeviceEnum - ok
18:01:12.0539 0x1f44  scfilter - ok
18:01:12.0539 0x1f44  Schedule - ok
18:01:12.0555 0x1f44  scmbus - ok
18:01:12.0555 0x1f44  scmdisk0101 - ok
18:01:12.0555 0x1f44  SCPolicySvc - ok
18:01:12.0555 0x1f44  sdbus - ok
18:01:12.0555 0x1f44  SDRSVC - ok
18:01:12.0570 0x1f44  sdstor - ok
18:01:12.0570 0x1f44  seclogon - ok
18:01:12.0570 0x1f44  SENS - ok
18:01:12.0570 0x1f44  SensorDataService - ok
18:01:12.0570 0x1f44  SensorService - ok
18:01:12.0586 0x1f44  SensrSvc - ok
18:01:12.0586 0x1f44  SerCx - ok
18:01:12.0586 0x1f44  SerCx2 - ok
18:01:12.0586 0x1f44  Serenum - ok
18:01:12.0586 0x1f44  Serial - ok
18:01:12.0602 0x1f44  sermouse - ok
18:01:12.0602 0x1f44  SessionEnv - ok
18:01:12.0602 0x1f44  sfloppy - ok
18:01:12.0602 0x1f44  SharedAccess - ok
18:01:12.0618 0x1f44  ShellHWDetection - ok
18:01:12.0623 0x1f44  shpamsvc - ok
18:01:12.0624 0x1f44  SiSRaid2 - ok
18:01:12.0624 0x1f44  SiSRaid4 - ok
18:01:12.0624 0x1f44  smphost - ok
18:01:12.0624 0x1f44  SmsRouter - ok
18:01:12.0639 0x1f44  SNMPTRAP - ok
18:01:12.0639 0x1f44  spaceport - ok
18:01:12.0639 0x1f44  SpbCx - ok
18:01:12.0639 0x1f44  Spooler - ok
18:01:12.0639 0x1f44  sppsvc - ok
18:01:12.0655 0x1f44  srv - ok
18:01:12.0655 0x1f44  srv2 - ok
18:01:12.0655 0x1f44  srvnet - ok
18:01:12.0655 0x1f44  SSDPSRV - ok
18:01:12.0655 0x1f44  SstpSvc - ok
18:01:12.0671 0x1f44  StateRepository - ok
18:01:12.0671 0x1f44  stexstor - ok
18:01:12.0671 0x1f44  stisvc - ok
18:01:12.0671 0x1f44  storahci - ok
18:01:12.0671 0x1f44  storflt - ok
18:01:12.0686 0x1f44  stornvme - ok
18:01:12.0686 0x1f44  storqosflt - ok
18:01:12.0686 0x1f44  StorSvc - ok
18:01:12.0686 0x1f44  storufs - ok
18:01:12.0686 0x1f44  storvsc - ok
18:01:12.0702 0x1f44  svsvc - ok
18:01:12.0702 0x1f44  swenum - ok
18:01:12.0702 0x1f44  swprv - ok
18:01:12.0702 0x1f44  Synth3dVsc - ok
18:01:12.0702 0x1f44  SysMain - ok
18:01:12.0717 0x1f44  SystemEventsBroker - ok
18:01:12.0720 0x1f44  TabletInputService - ok
18:01:12.0723 0x1f44  TapiSrv - ok
18:01:12.0723 0x1f44  Tcpip - ok
18:01:12.0723 0x1f44  Tcpip6 - ok
18:01:12.0723 0x1f44  tcpipreg - ok
18:01:12.0723 0x1f44  tdx - ok
18:01:12.0739 0x1f44  terminpt - ok
18:01:12.0739 0x1f44  TermService - ok
18:01:12.0739 0x1f44  Themes - ok
18:01:12.0739 0x1f44  TieringEngineService - ok
18:01:12.0755 0x1f44  tiledatamodelsvc - ok
18:01:12.0755 0x1f44  TimeBrokerSvc - ok
18:01:12.0755 0x1f44  TPM - ok
18:01:12.0755 0x1f44  TrkWks - ok
18:01:12.0770 0x1f44  TrustedInstaller - ok
18:01:12.0770 0x1f44  tsusbflt - ok
18:01:12.0770 0x1f44  TsUsbGD - ok
18:01:12.0770 0x1f44  tunnel - ok
18:01:12.0770 0x1f44  tzautoupdate - ok
18:01:12.0786 0x1f44  UASPStor - ok
18:01:12.0786 0x1f44  UcmCx0101 - ok
18:01:12.0786 0x1f44  UcmTcpciCx0101 - ok
18:01:12.0786 0x1f44  UcmUcsi - ok
18:01:12.0786 0x1f44  Ucx01000 - ok
18:01:12.0802 0x1f44  UdeCx - ok
18:01:12.0802 0x1f44  udfs - ok
18:01:12.0802 0x1f44  UEFI - ok
18:01:12.0802 0x1f44  [ F46CA71263031E4CA6FBBC9DA1C2B6C5, ED61514BBF82E536962E2EFC3A5ED9E24FBF3E748A9481AE8AA37A882156B3D0 ] UEIPSvc         C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
18:01:12.0824 0x1f44  UEIPSvc - ok
18:01:12.0824 0x1f44  Ufx01000 - ok
18:01:12.0824 0x1f44  UfxChipidea - ok
18:01:12.0824 0x1f44  ufxsynopsys - ok
18:01:12.0840 0x1f44  UI0Detect - ok
18:01:12.0840 0x1f44  umbus - ok
18:01:12.0840 0x1f44  UmPass - ok
18:01:12.0840 0x1f44  UmRdpService - ok
18:01:12.0855 0x1f44  UnistoreSvc - ok
18:01:12.0855 0x1f44  upnphost - ok
18:01:12.0855 0x1f44  UrsChipidea - ok
18:01:12.0855 0x1f44  UrsCx01000 - ok
18:01:12.0871 0x1f44  UrsSynopsys - ok
18:01:12.0871 0x1f44  usbccgp - ok
18:01:12.0871 0x1f44  usbcir - ok
18:01:12.0871 0x1f44  usbehci - ok
18:01:12.0886 0x1f44  usbhub - ok
18:01:12.0886 0x1f44  USBHUB3 - ok
18:01:12.0886 0x1f44  usbohci - ok
18:01:12.0886 0x1f44  usbprint - ok
18:01:12.0886 0x1f44  usbser - ok
18:01:12.0902 0x1f44  USBSTOR - ok
18:01:12.0902 0x1f44  usbuhci - ok
18:01:12.0902 0x1f44  usbvideo - ok
18:01:12.0902 0x1f44  USBXHCI - ok
18:01:12.0902 0x1f44  UserDataSvc - ok
18:01:12.0921 0x1f44  UserManager - ok
18:01:12.0924 0x1f44  UsoSvc - ok
18:01:12.0924 0x1f44  VaultSvc - ok
18:01:12.0924 0x1f44  vdrvroot - ok
18:01:12.0924 0x1f44  vds - ok
18:01:12.0924 0x1f44  VerifierExt - ok
18:01:12.0940 0x1f44  vhdmp - ok
18:01:12.0940 0x1f44  vhf - ok
18:01:12.0940 0x1f44  vmbus - ok
18:01:12.0940 0x1f44  VMBusHID - ok
18:01:12.0940 0x1f44  vmgid - ok
18:01:12.0940 0x1f44  vmicguestinterface - ok
18:01:12.0955 0x1f44  vmicheartbeat - ok
18:01:12.0955 0x1f44  vmickvpexchange - ok
18:01:12.0955 0x1f44  vmicrdv - ok
18:01:12.0955 0x1f44  vmicshutdown - ok
18:01:12.0955 0x1f44  vmictimesync - ok
18:01:12.0971 0x1f44  vmicvmsession - ok
18:01:12.0971 0x1f44  vmicvss - ok
18:01:12.0971 0x1f44  volmgr - ok
18:01:12.0971 0x1f44  volmgrx - ok
18:01:12.0971 0x1f44  volsnap - ok
18:01:12.0986 0x1f44  volume - ok
18:01:12.0986 0x1f44  vpci - ok
18:01:12.0986 0x1f44  vsmraid - ok
18:01:12.0986 0x1f44  VSS - ok
18:01:13.0002 0x1f44  VSTXRAID - ok
18:01:13.0002 0x1f44  vwifibus - ok
18:01:13.0002 0x1f44  vwififlt - ok
18:01:13.0002 0x1f44  vwifimp - ok
18:01:13.0002 0x1f44  W32Time - ok
18:01:13.0019 0x1f44  WacomPen - ok
18:01:13.0023 0x1f44  WalletService - ok
18:01:13.0024 0x1f44  wanarp - ok
18:01:13.0024 0x1f44  wanarpv6 - ok
18:01:13.0024 0x1f44  wbengine - ok
18:01:13.0024 0x1f44  WbioSrvc - ok
18:01:13.0024 0x1f44  wcifs - ok
18:01:13.0039 0x1f44  Wcmsvc - ok
18:01:13.0039 0x1f44  wcncsvc - ok
18:01:13.0039 0x1f44  wcnfs - ok
18:01:13.0039 0x1f44  WdBoot - ok
18:01:13.0055 0x1f44  Wdf01000 - ok
18:01:13.0055 0x1f44  WdFilter - ok
18:01:13.0055 0x1f44  WdiServiceHost - ok
18:01:13.0055 0x1f44  WdiSystemHost - ok
18:01:13.0055 0x1f44  wdiwifi - ok
18:01:13.0070 0x1f44  WdNisDrv - ok
18:01:13.0070 0x1f44  WdNisSvc - ok
18:01:13.0070 0x1f44  WebClient - ok
18:01:13.0070 0x1f44  Wecsvc - ok
18:01:13.0070 0x1f44  WEPHOSTSVC - ok
18:01:13.0086 0x1f44  wercplsupport - ok
18:01:13.0086 0x1f44  WerSvc - ok
18:01:13.0086 0x1f44  WFPLWFS - ok
18:01:13.0086 0x1f44  WiaRpc - ok
18:01:13.0086 0x1f44  WIMMount - ok
18:01:13.0102 0x1f44  WinDefend - ok
18:01:13.0102 0x1f44  WindowsTrustedRT - ok
18:01:13.0102 0x1f44  WindowsTrustedRTProxy - ok
18:01:13.0117 0x1f44  WinHttpAutoProxySvc - ok
18:01:13.0121 0x1f44  WinMad - ok
18:01:13.0124 0x1f44  Winmgmt - ok
18:01:13.0124 0x1f44  WinRM - ok
18:01:13.0124 0x1f44  WINUSB - ok
18:01:13.0140 0x1f44  WinVerbs - ok
18:01:13.0140 0x1f44  wisvc - ok
18:01:13.0140 0x1f44  WlanSvc - ok
18:01:13.0140 0x1f44  wlidsvc - ok
18:01:13.0140 0x1f44  WmiAcpi - ok
18:01:13.0156 0x1f44  wmiApSrv - ok
18:01:13.0156 0x1f44  WMPNetworkSvc - ok
18:01:13.0156 0x1f44  Wof - ok
18:01:13.0156 0x1f44  workfolderssvc - ok
18:01:13.0171 0x1f44  WPDBusEnum - ok
18:01:13.0171 0x1f44  WpdUpFltr - ok
18:01:13.0171 0x1f44  WpnService - ok
18:01:13.0171 0x1f44  WpnUserService - ok
18:01:13.0187 0x1f44  ws2ifsl - ok
18:01:13.0187 0x1f44  wscsvc - ok
18:01:13.0187 0x1f44  WSearch - ok
18:01:13.0187 0x1f44  wuauserv - ok
18:01:13.0203 0x1f44  WudfPf - ok
18:01:13.0203 0x1f44  WUDFRd - ok
18:01:13.0203 0x1f44  wudfsvc - ok
18:01:13.0203 0x1f44  WUDFWpdFs - ok
18:01:13.0203 0x1f44  WwanSvc - ok
18:01:13.0220 0x1f44  XblAuthManager - ok
18:01:13.0225 0x1f44  XblGameSave - ok
18:01:13.0225 0x1f44  xboxgip - ok
18:01:13.0225 0x1f44  XboxNetApiSvc - ok
18:01:13.0225 0x1f44  xinputhid - ok
18:01:13.0225 0x1f44  ================ Scan global ===============================
18:01:13.0240 0x1f44  [ Global ] - ok
18:01:13.0240 0x1f44  ================ Scan MBR ==================================
18:01:13.0272 0x1f44  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
18:01:13.0387 0x1f44  \Device\Harddisk0\DR0 - ok
18:01:13.0387 0x1f44  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
18:01:13.0456 0x1f44  \Device\Harddisk1\DR1 - ok
18:01:13.0456 0x1f44  ================ Scan VBR ==================================
18:01:13.0487 0x1f44  [ 07AE6C60AB8DAE51FCA4FA3D0BF9C147 ] \Device\Harddisk0\DR0\Partition1
18:01:13.0487 0x1f44  \Device\Harddisk0\DR0\Partition1 - ok
18:01:13.0487 0x1f44  [ 32A5F36B320C7C5E0D7679E25CDDFE7A ] \Device\Harddisk1\DR1\Partition1
18:01:13.0487 0x1f44  \Device\Harddisk1\DR1\Partition1 - ok
18:01:13.0487 0x1f44  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk1\DR1\Partition2
18:01:13.0487 0x1f44  \Device\Harddisk1\DR1\Partition2 - ok
18:01:13.0503 0x1f44  [ 1806CD021664CB5B4899CA583C092E87 ] \Device\Harddisk1\DR1\Partition3
18:01:13.0503 0x1f44  \Device\Harddisk1\DR1\Partition3 - ok
18:01:13.0503 0x1f44  [ 915F373BE2C74190D8814E58A2F4054B ] \Device\Harddisk1\DR1\Partition4
18:01:13.0503 0x1f44  \Device\Harddisk1\DR1\Partition4 - ok
18:01:13.0503 0x1f44  ================ Scan generic autorun ======================
18:01:13.0804 0x1f44  [ 8626860A81DE4E1FE099D189E922EF65, E63911EA3127A21304187A2BE381F25C68236D89A7D666AC4E9D5C18A3EA4E34 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
18:01:14.0066 0x1f44  RTHDVCPL - ok
18:01:14.0105 0x1f44  [ 1056510ED7D1E9E32A64B302D8612E79, 8E6B251CAE361CC34268948D462D9913966EE8AB4D1845782736C631741E7C81 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
18:01:14.0137 0x1f44  RtHDVBg_TrueHarmony - ok
18:01:14.0143 0x1f44  Logitech Download Assistant - ok
18:01:14.0148 0x1f44  [ 14EE60FFD316BF6DAAD2862A6B502004, 3DDB05B2BDFF030C4184F5A5D84D177DC6B8DAF39770BA6C47A4B55763BC264D ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
18:01:14.0155 0x1f44  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
18:01:14.0302 0x1f44  Detect skipped due to KSN trusted
18:01:14.0302 0x1f44  IAStorIcon - ok
18:01:14.0302 0x1f44  ShadowPlay - ok
18:01:14.0334 0x1f44  OneDriveSetup - ok
18:01:14.0350 0x1f44  OneDriveSetup - ok
18:01:14.0371 0x1f44  [ 1D7DD340E13DF9585EABB849CFC3E11B, 31CCD9753402DC030C641214B4ECB48A757BCD9F427A143A88745C62EFF87766 ] C:\Users\yorul\AppData\Local\Microsoft\OneDrive\OneDrive.exe
18:01:14.0402 0x1f44  OneDrive - ok
18:01:14.0433 0x1f44  [ 562A46474509A0F52C5035727207FD40, 47769A2738B11C2A6D459663249BD9CD79ACF4E1178768F1DF5ADEA11B3079E0 ] c:\users\yorul\appdata\local\chromium\application\chrome.exe
18:01:14.0472 0x1f44  Chromium - detected UnsignedFile.Multi.Generic ( 1 )
18:01:14.0719 0x1f44  Chromium ( UnsignedFile.Multi.Generic ) - warning
18:01:14.0887 0x1f44  Waiting for KSN requests completion. In queue: 73
18:01:15.0958 0x1f44  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
18:01:15.0958 0x1f44  AV detected via SS2: McAfee Anti-Virus und Anti-Spyware, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 15.0.0.0 ), 0x51000 ( enabled : updated )
18:01:15.0958 0x1f44  FW detected via SS2: McAfee Firewall, C:\Program Files\McAfee.com\Agent\mcupdate.exe ( 15.0.0.0 ), 0x51010 ( enabled )
18:01:16.0089 0x1f44  ============================================================
18:01:16.0089 0x1f44  Scan finished
18:01:16.0089 0x1f44  ============================================================
18:01:16.0104 0x2a64  Detected object count: 1
18:01:16.0104 0x2a64  Actual detected object count: 1
18:17:11.0483 0x2a64  Chromium ( UnsignedFile.Multi.Generic ) - skipped by user
18:17:11.0483 0x2a64  Chromium ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 17.11.2016, 09:54   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ByteFence, Artemis: Malware, Trojan - Standard

ByteFence, Artemis: Malware, Trojan



Adware/Junkware/Toolbars entfernen

Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!
Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren!


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu ByteFence, Artemis: Malware, Trojan
aktion, anti-malware, bytefence, computer, dateien, durchgeführt, folge, folgende, forum, guten, log, log files, malware, malwarebytes, mcafee, merkwürdig, namens, neuer, programm, stehe, task-manager, tool, troja, trojan, trojaner, viren, würde



Ähnliche Themen: ByteFence, Artemis: Malware, Trojan


  1. Windows 10 mit PUP Corner Sunshine, ByteFence Anti-Malware, Driver Restore, SlimCleaner Plus und weitere
    Log-Analyse und Auswertung - 07.09.2016 (10)
  2. Rechner ist mit schadsoftware belagert: chromium, bytefence,....
    Plagegeister aller Art und deren Bekämpfung - 12.08.2016 (25)
  3. Vermutlich Artemis! Virus, McAfee isoliert: Artemis!E8A2AFF7Cf21
    Plagegeister aller Art und deren Bekämpfung - 09.08.2016 (19)
  4. Danke Deathkid535 bei ARTEMIS! Malware
    Lob, Kritik und Wünsche - 13.02.2016 (1)
  5. ByteFence Search entfernen
    Anleitungen, FAQs & Links - 12.10.2015 (2)
  6. Artemis-Trojaner
    Plagegeister aller Art und deren Bekämpfung - 20.01.2014 (3)
  7. Hartnäckige Tasks (Trojan.FraudPack & Trojan.Downloader lt. Malwarebytes Anti-Malware)
    Log-Analyse und Auswertung - 23.09.2013 (16)
  8. PWS:Win32/Zbot malware : Trojan.Phex.TGen (File) und Trojan.Agent.IET (Registry Value und File)
    Log-Analyse und Auswertung - 16.01.2013 (15)
  9. Trojan.Banker, Trojan.Agent, Stolen.Data, Malware.Trace, was nun?
    Log-Analyse und Auswertung - 07.10.2012 (1)
  10. Log-Analyse nach Trojaner/Malware befall (Malware.Trace / Trojan.BHO)
    Log-Analyse und Auswertung - 26.09.2011 (16)
  11. Malwarebytes' Anti-Malware hat Trojan.ZbotR.Gen, Trojan.Agent und Malware.Trace entdeckt - und nun?
    Log-Analyse und Auswertung - 18.07.2011 (32)
  12. Trojan.BHO, Spyware.Passwords.XGen, Trojan.Dropper und Trojan.Agent mit Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.12.2010 (9)
  13. Rätselhafter Mailversand - Malware.Packer.Gen, Trojan.Patched und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 03.11.2010 (25)
  14. Kann Malware nicht löschen! Trojan.Agent und Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 18.06.2010 (19)
  15. Artemis / Was soll ich tun ?
    Plagegeister aller Art und deren Bekämpfung - 03.05.2010 (1)
  16. Generic!Artemis
    Plagegeister aller Art und deren Bekämpfung - 16.01.2009 (5)
  17. Trojan.Vundo/Trojan.Downloader/Trojan.Agent/Malware.Trace
    Plagegeister aller Art und deren Bekämpfung - 02.08.2008 (2)

Zum Thema ByteFence, Artemis: Malware, Trojan - Guten Tag, mein neuer Computer hat eine Malware Namens "ByteFenceService" und einen Trojaner Namens "Artemis". Ich besitze meinen Computer erst seit zwei Tagen und mein Anti-Virus Programm ist McAfee LiveSafe, - ByteFence, Artemis: Malware, Trojan...
Archiv
Du betrachtest: ByteFence, Artemis: Malware, Trojan auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.