Werbebanner im Steamclient

jomei · 21.02.2017, 08:26

Moin zusammen.

Leider bin ich schon wieder davon betroffen. Warum das so ist kann ich nicht sagen.
Wenige Stunden vorher hat sich ein Launcher eines Tools aktualisiert und kurz danach tauchten dann die Banner auf. Dabei handelt es sich um itch Launcher 23.2.1. Ob der daran schuld hat weiss ich natürlich nicht.

Durch die beiden Male zuvor weiss ich, dass ich hier zuerst einmal ein Logfile von FRST (64 Bit) posten soll. Das mache ich gleich mal: aufgeteilt in mehrere Parts

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-02-2017
Ran by ezztr (21-02-2017 14:20:39)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version:  - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version:  - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version:  - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version:  - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
PrivateTunnel (HKLM-x32\...\PrivateTunnel) (Version: 2.8.2.0 - OpenVPN Technologies)
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version:  - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version:  - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version:  - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
TMPGEnc Video Mastering Works 6 Testversion (HKLM\...\{C21B422E-CA43-4CE9-B5E3-BA9D641EB047}) (Version: 6.1.5.26 - Pegasys Inc.)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version:  - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
YouPloader Version 0.9.1 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.1 - BeCast)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {1B343C47-9E8F-43A0-A524-1984379BAFA2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe 
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe 
Task: {8750A57D-9BFA-4D2B-A981-3BED95846E00} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-01-21] (NVIDIA Corporation)
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe 
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E09D2D97-0118-4A48-AC63-32397DFF4F6E} - System32\Tasks\{2F9E6DA4-2C8B-428B-A4BE-2A050C4CB698} => msiexec.exe /l*vx "C:\ProgramData\Dell\Dell Customer Connect\Logs\OTBSurvey.1.4.15.0.msi_install_log.txt" ALLUSERS=1 /qn /norestart /i "C:\ProgramData\Dell\Dell Customer Connect\Downloads\OTBSurvey.1.4.15.0\OTBSurvey.1.4.15.0.msi"
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-08-30 00:31 - 2016-08-30 00:31 - 00949480 _____ () C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-11-02 17:31 - 2016-11-02 17:31 - 00230064 _____ () C:\Program Files\Notepad++\NppShell_06.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-19 16:59 - 2017-02-19 16:59 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-19 16:59 - 2017-02-19 16:59 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-19 16:59 - 2017-02-19 16:59 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-18 19:30 - 2017-02-18 19:30 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32api.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pywintypes27.dll
2017-02-18 19:30 - 2017-02-18 19:30 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pythoncom27.dll
2017-02-18 19:30 - 2017-02-18 19:30 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32com.shell.shell.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_hashlib.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._core_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._gdi_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._windows_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._controls_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._misc_.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pysqlite2._sqlite.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_ctypes.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\unicodedata.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32file.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32security.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\hashobjs_ext.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\thumbnails_ext.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\usb_ext.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\common.time34.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32event.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32gui.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_socket.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_ssl.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_elementtree.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\pyexpat.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32inet.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_psutil_windows.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\windows._lib_cacheinvalidation.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32crypt.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._wizard.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._html2.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_multiprocessing.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\_yappi.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32process.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\wx._animate.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32pipe.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\select.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32pdh.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32profile.pyd
2017-02-18 19:30 - 2017-02-18 19:30 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI94762\win32ts.pyd
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

Ehe ich es vergessen, weil das beim letzten Mal angesprochen wurde. Ich wohne in Jakarta, befinde mich also nicht in der MEZ Zeitzone.

Code:

ATTFilter

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{84BB91C0-D0D8-46B8-9CA1-532F4D95BDDA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{4BD0509B-4734-4336-8AF3-401A75059318}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe

==================== Restore Points =========================

30-01-2017 00:01:57 Installed QuickTime 7
06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212

==================== Faulty Device Manager Devices =============

Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/20/2017 11:55:26 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [32] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#

Error: (02/20/2017 12:02:58 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [14] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#

Error: (02/19/2017 06:24:13 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Die erweiterbare Leistungsindikator-DLL rdyboost kann nicht geladen werden. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Windows-Fehlercode.

Error: (02/19/2017 04:56:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 10.0.14393.479, Zeitstempel: 0x58258a90
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.479, Zeitstempel: 0x5825887f
Ausnahmecode: 0xc0000264
Fehleroffset: 0x00000000000a5aa0
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0x01d289e2b6e1f25d
Pfad der fehlerhaften Anwendung: C:\WINDOWS\Explorer.EXE
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: 93a2185f-82d8-4abb-ac02-c01c5e26d8a5
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/17/2017 04:49:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ShellExperienceHost.exe, Version: 10.0.14393.447, Zeitstempel: 0x5819bf85
Name des fehlerhaften Moduls: igd10iumd64.dll, Version: 20.19.15.4531, Zeitstempel: 0x57ed27c8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000003c9a45
ID des fehlerhaften Prozesses: 0x2c90
Startzeit der fehlerhaften Anwendung: 0x01d2861abadb856e
Pfad der fehlerhaften Anwendung: C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\igd10iumd64.dll
Berichtskennung: dbfb7ed5-2566-40fd-b77e-c8ff41f53d3d
Vollständiger Name des fehlerhaften Pakets: Microsoft.Windows.ShellExperienceHost_10.0.14393.693_neutral_neutral_cw5n1h2txyewy
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: App

Error: (02/17/2017 12:02:59 AM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [25] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#

Error: (02/16/2017 02:00:20 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (02/16/2017 12:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: privatetunnel2.8.2.exe, Version: 2.8.2.0, Zeitstempel: 0x5894bb53
Name des fehlerhaften Moduls: privatetunnel2.8.2.exe, Version: 2.8.2.0, Zeitstempel: 0x5894bb53
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00017cf7
ID des fehlerhaften Prozesses: 0x4dc4
Startzeit der fehlerhaften Anwendung: 0x01d28807db4cae19
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.8.2.exe
Pfad des fehlerhaften Moduls: C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\privatetunnel2.8.2.exe
Berichtskennung: 97926ac6-6211-467d-acb9-67439f3d0a31
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/16/2017 10:35:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VPNManager.exe, Version: 1.8.10.0, Zeitstempel: 0x57c9c628
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.479, Zeitstempel: 0x58256d37
Ausnahmecode: 0xe0434352
Fehleroffset: 0x000da832
ID des fehlerhaften Prozesses: 0x3740
Startzeit der fehlerhaften Anwendung: 0x01d2880402a4e047
Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManager.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 073d6fb4-49ae-4a83-a036-7c899636f4fb
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (02/16/2017 10:35:37 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: VPNManager.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.ComponentModel.InvalidAsynchronousStateException
   bei System.Windows.Forms.Control.WaitForWaitHandle(System.Threading.WaitHandle)
   bei System.Windows.Forms.Control.MarshaledInvoke(System.Windows.Forms.Control, System.Delegate, System.Object[], Boolean)
   bei System.Windows.Forms.Control.Invoke(System.Delegate, System.Object[])
   bei VPNManager.FrmGlobalStatus.setLabelText(System.Windows.Forms.Label, System.String)
   bei VPNManager.FrmGlobalStatus.setStatusLines()
   bei VPNManager.FrmGlobalStatus.checkAdvancedProtection(System.String)
   bei VPNManager.VpnConfig.connect_thread(Int32)
   bei VPNManager.VpnConfig+<>c__DisplayClass73_0.<Connect>b__0()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()


System errors:
=============
Error: (02/21/2017 01:34:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 8 0x0 0x0

Error: (02/21/2017 01:34:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 2 0xdeaddeed 0xeeec

Error: (02/21/2017 01:34:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 1 0xc 0x4

Error: (02/21/2017 01:12:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/21/2017 02:14:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 06:56:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 04:15:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 02:49:45 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/20/2017 12:54:05 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 8 0x0 0x0

Error: (02/20/2017 12:54:02 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: Bei der automatischen WLAN-Konfiguration wurde eine eingeschränkte Konnektivität erkannt, "Reset/Recover.adapter" wird ausgeführt.

 Code: 2 0xdeaddeed 0xeeec


CodeIntegrity:
===================================
  Date: 2017-02-08 20:01:07.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 22:40:22.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-07 21:00:35.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-06 20:47:49.537
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-28 13:57:26.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-28 09:49:07.891
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-22 17:51:25.453
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_abcfc5746cfa0cc0\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-22 11:49:02.271
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-01-21 18:20:43.708
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_abcfc5746cfa0cc0\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-01-21 10:40:12.341
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 34%
Total physical RAM: 16238.91 MB
Available physical RAM: 10616.37 MB
Total Virtual: 18670.91 MB
Available Virtual: 11437.8 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:153.94 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)

Partition: GPT.

==================== End of Addition.txt ====

jomei · 21.02.2017, 08:28

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (21-02-2017 14:20:09)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
() C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.109.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\uaclauncher.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)

Edge: 
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]

FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-21]
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-21]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2016-12-03]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-16]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2016-10-25]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 ovpnagent; C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\ovpnagent.exe [949480 2016-08-30] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
R3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 14:20 - 2017-02-21 14:20 - 00028802 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:08 - 2017-02-21 14:19 - 02422784 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-20 11:01 - 2017-02-20 11:01 - 00046039 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\WINDOWS\LastGood
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00004506 _____ C:\WINDOWS\System32\Tasks\{2F9E6DA4-2C8B-428B-A4BE-2A050C4CB698}
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-16 16:00 - 00000000 ____D C:\Users\ezztr\AppData\Local\PrivateTunnel
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 10:50 - 2017-02-16 10:50 - 00002356 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrivateTunnel.lnk
2017-02-16 10:50 - 2017-02-16 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 23:35 - 2017-02-14 23:39 - 00000000 ____D C:\Users\ezztr\Downloads\The.Walking.Dead.S07E09.HDTV.x264-FUM[ettv]
2017-02-14 23:33 - 2017-02-14 23:34 - 00007637 _____ C:\Users\ezztr\Downloads\87D8EB78DA788DD1CF0988FA063B8C7D9D21F87C.torrent
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 18:28 - 2017-02-06 18:28 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:51 - 2017-01-27 20:51 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 10:22 - 2016-12-21 14:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:22 - 2016-12-21 11:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-21 14:20 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-21 13:48 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-21 13:36 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-21 13:33 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-21 12:25 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-21 11:54 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-21 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-20 22:55 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-20 18:40 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 16:53 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-20 15:41 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-20 11:01 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 17:00 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-18 23:32 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-18 19:31 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-18 19:29 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-18 19:29 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-18 19:29 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 00:05 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 13:21 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 23:47 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-14 21:11 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 19:40 - 2016-08-04 03:47 - 01826720 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-10 19:40 - 2016-08-04 03:47 - 00490284 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-10 19:40 - 2015-12-27 02:15 - 04173406 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 22:40 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-07 22:40 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-08-03 12:50 - 05078304 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 19:18 - 2016-07-04 09:47 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 20:44 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-01-27 18:13 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-25 10:29 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-01-25 09:12 - 2016-08-03 12:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-12-23 17:59 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-09-22 22:39 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2015-12-27 02:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-01-22 01:16 - 2016-08-22 19:28 - 00000000 ____D C:\Website

==================== Files in the root of some directories =======

2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-20 11:01 - 2017-02-20 11:01 - 0046039 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2016-12-30 11:08 - 2016-12-30 11:09 - 2842808 _____ () C:\Users\ezztr\AppData\Local\Temp\npp.7.2.2.Installer.x64.exe
2016-10-29 03:26 - 2016-12-12 01:23 - 0860776 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\nvSCPAPI64.dll
2016-11-17 19:56 - 2017-01-20 21:07 - 0352704 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\nvStInst.exe
2016-08-29 22:56 - 2016-11-17 20:45 - 1135552 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetry.dll
2016-08-29 22:56 - 2017-01-06 08:10 - 0255032 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetryAPI32.dll
2016-08-29 22:56 - 2017-01-06 08:10 - 0335928 _____ (NVIDIA Corporation) C:\Users\ezztr\AppData\Local\Temp\NvTelemetryAPI64.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-18 12:55

==================== End of FRST.txt ============================

--- --- ---

M-K-D-B · 21.02.2017, 16:09

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

jomei · 22.02.2017, 01:50

Hallo,

hier das Logfile.

Code:

ATTFilter

07:42:10.0401 0x1be0  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
07:42:10.0401 0x1be0  UEFI system
07:42:14.0390 0x1be0  ============================================================
07:42:14.0390 0x1be0  Current date / time: 2017/02/22 07:42:14.0390
07:42:14.0390 0x1be0  SystemInfo:
07:42:14.0390 0x1be0  
07:42:14.0390 0x1be0  OS Version: 10.0.14393 ServicePack: 0.0
07:42:14.0390 0x1be0  Product type: Workstation
07:42:14.0390 0x1be0  ComputerName: DESKTOP-CSVQ63S
07:42:14.0390 0x1be0  UserName: ezztr
07:42:14.0390 0x1be0  Windows directory: C:\WINDOWS
07:42:14.0390 0x1be0  System windows directory: C:\WINDOWS
07:42:14.0390 0x1be0  Running under WOW64
07:42:14.0390 0x1be0  Processor architecture: Intel x64
07:42:14.0390 0x1be0  Number of processors: 8
07:42:14.0390 0x1be0  Page size: 0x1000
07:42:14.0390 0x1be0  Boot type: Normal boot
07:42:14.0390 0x1be0  CodeIntegrityOptions = 0x00000001
07:42:14.0390 0x1be0  ============================================================
07:42:14.0456 0x1be0  KLMD registered as C:\WINDOWS\system32\drivers\42858280.sys
07:42:14.0456 0x1be0  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.693, osProperties = 0x19
07:42:15.0025 0x1be0  System UUID: {B0C49137-0ECE-1D27-FCB8-5A0695621C42}
07:42:15.0431 0x1be0  Drive \Device\Harddisk0\DR0 - Size: 0x773C256000 ( 476.94 Gb ), SectorSize: 0x200, Cylinders: 0xF334, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:42:15.0436 0x1be0  ============================================================
07:42:15.0436 0x1be0  \Device\Harddisk0\DR0:
07:42:15.0436 0x1be0  GPT partitions:
07:42:15.0437 0x1be0  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {165AC4DB-617F-4771-970A-87796BC180A5}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0xFA000
07:42:15.0437 0x1be0  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {68494F86-D24F-4D70-9760-B23DD64306F8}, Name: Microsoft reserved partition, StartLBA 0xFA800, BlocksNum 0x40000
07:42:15.0437 0x1be0  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {81D4A5D9-DCE0-428C-A22F-DE86FA566D55}, Name: Basic data partition, StartLBA 0x13A800, BlocksNum 0x39B1D000
07:42:15.0437 0x1be0  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {6D83A601-5C67-4C05-958A-2BE29AF30678}, Name: , StartLBA 0x39C57800, BlocksNum 0x1CD800
07:42:15.0437 0x1be0  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {FB621AB6-DC40-490D-9964-595107640B80}, Name: , StartLBA 0x39E25000, BlocksNum 0x1BBC000
07:42:15.0437 0x1be0  MBR partitions:
07:42:15.0437 0x1be0  ============================================================
07:42:15.0438 0x1be0  C: <-> \Device\Harddisk0\DR0\Partition3
07:42:15.0438 0x1be0  ============================================================
07:42:15.0438 0x1be0  Initialize success
07:42:15.0438 0x1be0  ============================================================
07:42:49.0729 0x2a18  ============================================================
07:42:49.0729 0x2a18  Scan started
07:42:49.0729 0x2a18  Mode: Manual; SigCheck; TDLFS; 
07:42:49.0729 0x2a18  ============================================================
07:42:49.0729 0x2a18  KSN ping started
07:42:50.0057 0x2a18  KSN ping finished: true
07:42:51.0021 0x2a18  ================ Scan system memory ========================
07:42:51.0021 0x2a18  System memory - ok
07:42:51.0022 0x2a18  ================ Scan services =============================
07:42:51.0103 0x2a18  [ A7901875F89D011C38CF52C98ACF5B29, 782141AB1DD7ACDE6EA08B5BAFDE8BADD05B81D38C18E097D6D9C46102056EB1 ] 1394ohci        C:\WINDOWS\System32\drivers\1394ohci.sys
07:42:51.0171 0x2a18  1394ohci - ok
07:42:51.0179 0x2a18  [ EE1CCC54F75C24727A218F98FC5349DA, 0B0D26640BFA0F551B7087027E572D0BF2C5EAF50A4187C5A7D839180B7FF589 ] 3ware           C:\WINDOWS\system32\drivers\3ware.sys
07:42:51.0193 0x2a18  3ware - ok
07:42:51.0212 0x2a18  [ 73C73E1AA0D4D727A04AAAB120B7F56A, 5D311F11022994410DF5C67914D38B1F0D813EFD181EA234750286A272D67A1A ] ACPI            C:\WINDOWS\system32\drivers\ACPI.sys
07:42:51.0241 0x2a18  ACPI - ok
07:42:51.0246 0x2a18  [ 0935496EF9624B46B935CB35ECE1F205, A22A2A29195505A65E8626D60B00C86C23E0CABC1EB8345EA5ED523516CC21C0 ] AcpiDev         C:\WINDOWS\System32\drivers\AcpiDev.sys
07:42:51.0260 0x2a18  AcpiDev - ok
07:42:51.0266 0x2a18  [ D6794C31F4077B71433988787BAA926E, F16365C2F195AAE94D4740E6C3DF4C0CECEC6393CAD65425DCCD28CDBA6EC51A ] acpiex          C:\WINDOWS\system32\Drivers\acpiex.sys
07:42:51.0281 0x2a18  acpiex - ok
07:42:51.0284 0x2a18  [ FE5F656D6B35089DA39112E74EC6A85A, 5D81EE63998232A5B36DE47FE15B9D04D5BD02234CA133A2462AECA8C60A22ED ] acpipagr        C:\WINDOWS\System32\drivers\acpipagr.sys
07:42:51.0297 0x2a18  acpipagr - ok
07:42:51.0301 0x2a18  [ 2F242941E4DFF69B883D77A16F039557, 45C388365317C720654A659A9326B2BC0E9D84929C704654985597D5D620101C ] AcpiPmi         C:\WINDOWS\System32\drivers\acpipmi.sys
07:42:51.0315 0x2a18  AcpiPmi - ok
07:42:51.0319 0x2a18  [ C247E35A21682DA8D0DC3AF9F025FCC5, 455415EE3166B3043AD8A4DD50B688DB74242267FB555642441251EFA823E971 ] acpitime        C:\WINDOWS\System32\drivers\acpitime.sys
07:42:51.0331 0x2a18  acpitime - ok
07:42:51.0357 0x2a18  [ 49B9DB97AFC85DCCBDACDAB2E90085B7, 2A6C2A09F74EA15044F442CCFB54A0F24F105ADB915E5C78F02F59652DC29152 ] ADP80XX         C:\WINDOWS\system32\drivers\ADP80XX.SYS
07:42:51.0395 0x2a18  ADP80XX - ok
07:42:51.0409 0x2a18  [ 323AA1953ED9C01E23F740FA891FE064, 4CED6E3D61749316CDE28965C913E7ED462539DAAD637A29484F62AF47AD650D ] AFD             C:\WINDOWS\system32\drivers\afd.sys
07:42:51.0429 0x2a18  AFD - ok
07:42:51.0471 0x2a18  [ F2EB8EB5FC46FB849498BBEF2AD6539D, 6BC9938B3E432963FFAB6A13E9237DA7888A3595522BBE99F2AA556ED06F5651 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
07:42:51.0514 0x2a18  AGSService - ok
07:42:51.0523 0x2a18  [ 23522E5D581F7722B1B5B86737CAE39C, FB81ABD304376A1E87B65F5E1B34477B628CEDB2091C5D754DE97464B6050C5B ] ahcache         C:\WINDOWS\system32\DRIVERS\ahcache.sys
07:42:51.0542 0x2a18  ahcache - ok
07:42:51.0546 0x2a18  [ D0905D4A945D01D4B28DB9E1BD5985F7, CF389CBCD3B99D1BAE34A42F723F1005C32213A394F691978076D3DF1727715C ] AJRouter        C:\WINDOWS\System32\AJRouter.dll
07:42:51.0557 0x2a18  AJRouter - ok
07:42:51.0561 0x2a18  [ 8FD51B3B35707A66080D7C8CB05E792D, FE52F3DC280D208FDDC75F6E3294B8D601E0D86F9BD3DB1ACC8FC296AC74C23B ] ALG             C:\WINDOWS\System32\alg.exe
07:42:51.0575 0x2a18  ALG - ok
07:42:51.0580 0x2a18  [ DF21E05E41E5AC3F13F304D91457649A, 7F48F2AD1DBE89A261113C76D7C23AD7D87D5599BCC31F8A558A8A10B81BF521 ] AmdK8           C:\WINDOWS\System32\drivers\amdk8.sys
07:42:51.0594 0x2a18  AmdK8 - ok
07:42:51.0598 0x2a18  [ 45D0AA4BB90B821DF92E8F19ABED0C5E, EA87A6E98DB3C5A88A844C04C6934E870B7004E783AA5211722115382A211B90 ] AmdPPM          C:\WINDOWS\System32\drivers\amdppm.sys
07:42:51.0611 0x2a18  AmdPPM - ok
07:42:51.0615 0x2a18  [ 74FFBC43B4B899C9A8CA06A892F2CE73, 8D599363C7F3D373F1859BAA4D06DD0F40BE78B56BE52B74DE6EA6EF99452004 ] amdsata         C:\WINDOWS\system32\drivers\amdsata.sys
07:42:51.0625 0x2a18  amdsata - ok
07:42:51.0632 0x2a18  [ AAB0F1D8D7E54761ABAB13AF161F1680, CF847990EFFA2828F5B1DB1A68F08A6C2C918E9612EDFFCF95C36BCABBBEA272 ] amdsbs          C:\WINDOWS\system32\drivers\amdsbs.sys
07:42:51.0644 0x2a18  amdsbs - ok
07:42:51.0649 0x2a18  [ F91BAAC4237C40352A807000F3B716F9, F7EFA08E5067C3D419C9D21EDB880BA08883A80DDF35F8B42EC3AB293FE5E03E ] amdxata         C:\WINDOWS\system32\drivers\amdxata.sys
07:42:51.0657 0x2a18  amdxata - ok
07:42:51.0663 0x2a18  [ BC121C099C6C659126AD2102AFDFF8CF, 42B5EE293BDD7ADCE48173A01B30D8452564B9DA225EAF25E9292FE77C0FCF3E ] AppID           C:\WINDOWS\system32\drivers\appid.sys
07:42:51.0674 0x2a18  AppID - ok
07:42:51.0678 0x2a18  [ 74A24CF946279111D7F203B36569EC02, FD67D36804744B4FE3E20BA891852575E6C2DA6515643B2F4B4210118B0FCCDA ] AppIDSvc        C:\WINDOWS\System32\appidsvc.dll
07:42:51.0695 0x2a18  AppIDSvc - ok
07:42:51.0699 0x2a18  [ 73FAA5517CCD1332F00192A303CF2026, 75636222BFF381A3EECA010752DF7DC1603A395B91FF7FBF92127B5CA8EFFEE5 ] Appinfo         C:\WINDOWS\System32\appinfo.dll
07:42:51.0716 0x2a18  Appinfo - ok
07:42:51.0719 0x2a18  [ 68190E2BADF23BD782344970E5B5DE9E, 95D30EC12C7FDF5822CED8BC2F17669A6687A2FB262B4F0D15C8DCFF4E9AB33D ] applockerfltr   C:\WINDOWS\system32\drivers\applockerfltr.sys
07:42:51.0739 0x2a18  applockerfltr - ok
07:42:51.0751 0x2a18  [ A0746EF6C5AB7A17A67BC167167499C1, 1D2154D3AFC5219293EDD508C7726E7756FB72BF04F73861C575D1FE5C553411 ] AppReadiness    C:\WINDOWS\system32\AppReadiness.dll
07:42:51.0779 0x2a18  AppReadiness - ok
07:42:51.0817 0x2a18  [ D70B1453ADA82A92E76EAE72D936A0F6, 439DBC5818025887343D4B5B509C7D2C97ED0FFA4641A5178EA5719C50E5013F ] AppXSvc         C:\WINDOWS\system32\appxdeploymentserver.dll
07:42:51.0887 0x2a18  AppXSvc - ok
07:42:51.0894 0x2a18  [ E6AB1F0B4C3D4E0D2A88332D76FECD03, 0D3003EB979DA4546DCDD055011E24F13E34F683F02C9801CAC564D1809F11D2 ] arcsas          C:\WINDOWS\system32\drivers\arcsas.sys
07:42:51.0904 0x2a18  arcsas - ok
07:42:51.0906 0x2a18  [ 61C5A480C43E7E8E49C42869F49D0D3E, E610F0E4315ABA1D90AD4A1D7A68ABA2ACBB7FCA89E9D1798470365D52592D55 ] AsyncMac        C:\WINDOWS\System32\drivers\asyncmac.sys
07:42:51.0920 0x2a18  AsyncMac - ok
07:42:51.0923 0x2a18  [ A10F989A812B57B9695F6C305907C9C6, E2B292610079AA1A10696138DE8130905A8A834B75A8DED7EBF8B6732B77A0F4 ] atapi           C:\WINDOWS\system32\drivers\atapi.sys
07:42:51.0930 0x2a18  atapi - ok
07:42:51.0940 0x2a18  [ 2DC3D53FFA0D10EB8C911AE2DB7BF4CF, 8E0A4B5D610D487A216E70396A99ACC1BEA12C46A6681B1A39CD0FD01EDD406A ] AudioEndpointBuilder C:\WINDOWS\System32\AudioEndpointBuilder.dll
07:42:51.0966 0x2a18  AudioEndpointBuilder - ok
07:42:51.0985 0x2a18  [ 7B993290E7691C446C16A56A431669BA, 004551934E27E9FC1A939C9BD1DEB850A216CBED9B18CB3317920F5656D9F6BF ] Audiosrv        C:\WINDOWS\System32\Audiosrv.dll
07:42:52.0019 0x2a18  Audiosrv - ok
07:42:52.0024 0x2a18  [ 6D90FDA2DC364B8EA1420F2F81585CC3, 10E6F23A213CFE49BE04BB7D366ADD4028D61D7114FEC67C30B5467DF6B36D4F ] AxInstSV        C:\WINDOWS\System32\AxInstSV.dll
07:42:52.0039 0x2a18  AxInstSV - ok
07:42:52.0050 0x2a18  [ 61BAC67048CA5C1D08C48FCC8012B613, 71B2A466FC38DA1029B471FBD2541D8FE359751A7B212AE0F420DB3645916450 ] b06bdrv         C:\WINDOWS\system32\drivers\bxvbda.sys
07:42:52.0069 0x2a18  b06bdrv - ok
07:42:52.0073 0x2a18  [ 68F72B05EBC6D1779C0D60A147C7CA0B, AA1C857BEE34865C6B901157FC22570D4CF45D950708BAD7AA333F120F2B474C ] BasicDisplay    C:\WINDOWS\System32\drivers\BasicDisplay.sys
07:42:52.0087 0x2a18  BasicDisplay - ok
07:42:52.0090 0x2a18  [ 23156E7EDAF613D839E2839746B168D3, CAEF8F9C7D3A338BD747AC9D5BFBE730D77B911E87BCF532EBB75E1F80916AFA ] BasicRender     C:\WINDOWS\System32\drivers\BasicRender.sys
07:42:52.0099 0x2a18  BasicRender - ok
07:42:52.0107 0x2a18  [ 2583ABE384B847C09F2FF68552267A70, A8898ABCD4346140EA5B863F700307D670C1DD336337FDFF7D85FD26E14FE13C ] bcbtums         C:\WINDOWS\system32\drivers\bcbtums.sys
07:42:52.0121 0x2a18  bcbtums - ok
07:42:52.0157 0x2a18  [ 4F9633DC161B69E8950A54BFCE95C5EB, B580B1543311ABA50F15BE806B0858182DAB5D1EEB10AEEC5BEF7E0B7E4552BD ] BcmBtRSupport   C:\WINDOWS\system32\BtwRSupportService.exe
07:42:52.0208 0x2a18  BcmBtRSupport - ok
07:42:52.0213 0x2a18  [ 3F5523DCEFE42B385659C5CB46A6B810, CA24A3DF002B19E7BDEDE9B5EB60623F299D0E78B2E4F58DCFC028D76DEFE52D ] bcmfn           C:\WINDOWS\System32\drivers\bcmfn.sys
07:42:52.0222 0x2a18  bcmfn - ok
07:42:52.0225 0x2a18  [ 0B750A6A6D847E73CA48ADD7A0F5A393, 6A43020F23846EFB1AFA3C070465B0059E9DF60DEB16899E09559462DF30939F ] bcmfn2          C:\WINDOWS\System32\drivers\bcmfn2.sys
07:42:52.0234 0x2a18  bcmfn2 - ok
07:42:52.0257 0x2a18  [ A3898CDAE4BC67637EAA6EA1295031CE, 0C0C08D063B0A714AB99D8353569E9C455A69582197A8A9A483F6E734CF5A355 ] BCMPCIEDHD63    C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys
07:42:52.0307 0x2a18  BCMPCIEDHD63 - ok
07:42:52.0319 0x2a18  [ 2B4D3AEAAD02954F8C191BC2D67949AD, 8237C9AD556CFAF7442FF60F78608104BC17CE3134C89D986D49C38CC60B1518 ] BDESVC          C:\WINDOWS\System32\bdesvc.dll
07:42:52.0343 0x2a18  BDESVC - ok
07:42:52.0346 0x2a18  [ 0A508274355745EEF01C6BE3198D02C4, E2DB08AEE2368FA95FDB357BB31EA4EBF31679C3E72E109DB3D7CD1B5F7B828E ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
07:42:52.0356 0x2a18  Beep - ok
07:42:52.0381 0x2a18  [ 36147F78E903E8F42A12D95ADEEB034D, E753888611489B216BC1DD1D07031FA5D6E2825864D065D4B06D787BFFC3146C ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
07:42:52.0410 0x2a18  BEService - ok
07:42:52.0428 0x2a18  [ 5125CBB61AC81168366BEB290399CB8E, B2A3095D45E2114DE2BD0E5A3AE20B3CE95EE517A35B9E1EAD05E231F38DBDCF ] BFE             C:\WINDOWS\System32\bfe.dll
07:42:52.0458 0x2a18  BFE - ok
07:42:52.0479 0x2a18  [ D876C567AB767258036F05E4766189FD, DE8BA67325CB64495BD454B8F9DDCAE82636253844FC68B360C7E1CF5D51DD0E ] BITS            C:\WINDOWS\System32\qmgr.dll
07:42:52.0528 0x2a18  BITS - ok
07:42:52.0534 0x2a18  [ 9CD2A4821DE379305CACB2E99AD8953A, 89D700DFC3C59ACBBADB48954A28C0EBF8D6A11A9E63837689DD891868E43188 ] bowser          C:\WINDOWS\system32\DRIVERS\bowser.sys
07:42:52.0550 0x2a18  bowser - ok
07:42:52.0566 0x2a18  [ 2447BD15B41298622CC662249CD0F496, 013A326D2E3BF68D654BBABE2F1E5DF0FF0A153A4B95D570EE28F9BC0F5A78C3 ] BrokerInfrastructure C:\WINDOWS\System32\bisrv.dll
07:42:52.0600 0x2a18  BrokerInfrastructure - ok
07:42:52.0606 0x2a18  [ B3F32C630DD3F2F6A6091B89CFF13641, 7A9C53EF9AB9FF1DC392FD711B194A101DB36CA5BC799E817BEB446741089B76 ] Browser         C:\WINDOWS\System32\browser.dll
07:42:52.0621 0x2a18  Browser - ok
07:42:52.0625 0x2a18  [ 722036C26D2C4E50EC2A2EC5FD678846, 999468038AE01F0FF6881F4B2A2CB67BC636641188E95F10729E08ADBC3CB3DE ] BthAvrcpTg      C:\WINDOWS\System32\drivers\BthAvrcpTg.sys
07:42:52.0639 0x2a18  BthAvrcpTg - ok
07:42:52.0643 0x2a18  [ C2E31BE025D46D189E38DD1EDF07837A, 656528DCAAAF485EC57EE5C3021E96736634DE3B9C39CBCD2728E055ABD4C0A5 ] BthHFEnum       C:\WINDOWS\System32\drivers\bthhfenum.sys
07:42:52.0657 0x2a18  BthHFEnum - ok
07:42:52.0660 0x2a18  [ F7CD605FC0B0B22F3F6F247595E3A655, 1CD9140DE5415DDBEACD8667E63E5C95FD64D693B56302A0474E693E578BEAB0 ] bthhfhid        C:\WINDOWS\System32\drivers\BthHFHid.sys
07:42:52.0671 0x2a18  bthhfhid - ok
07:42:52.0680 0x2a18  [ B157D72BDA6A6DD6E9DC6BF338CD0CF8, B2AC26AE214151E5AD93DED78256BC0295DBF0133C854E7DEE4CD776D9C9A349 ] BthHFSrv        C:\WINDOWS\System32\BthHFSrv.dll
07:42:52.0697 0x2a18  BthHFSrv - ok
07:42:52.0702 0x2a18  [ 535DC41A33630AE4C262406F9E981C03, 599332589AA28D04189E19B87A4AE6FEEB60B40A7BC6E3B11240DA363A981C29 ] BTHMODEM        C:\WINDOWS\System32\drivers\bthmodem.sys
07:42:52.0714 0x2a18  BTHMODEM - ok
07:42:52.0732 0x2a18  [ 851ED52AE3E62CD5374BD4BBFF7A9DAB, 381281CB7D8FC4026092330B06E24BC84EEF79EE3C97E21900D950D7D9AB2FC3 ] BTHPORT         C:\WINDOWS\System32\drivers\BTHport.sys
07:42:52.0782 0x2a18  BTHPORT - ok
07:42:52.0787 0x2a18  [ 96932F631F5CB9F5D1C8F99A71568EF3, 5E4C8955A2EE9DC76B4EBC383653EB753D76D6B017E1A5DD553AC16094D7F12A ] bthserv         C:\WINDOWS\system32\bthserv.dll
07:42:52.0803 0x2a18  bthserv - ok
07:42:52.0807 0x2a18  [ DC5955E589C55E2313D69B64E1A183F3, 06D703246D0813DE53D62885C8B7381135783673FF4BDDD5CC38FEB54901BB76 ] BTHUSB          C:\WINDOWS\System32\drivers\BTHUSB.sys
07:42:52.0828 0x2a18  BTHUSB - ok
07:42:52.0834 0x2a18  [ 9667D279C41AA1C31631E52EE6709559, 4859C95AB462A8A821731303F51822B0D0C35D01F731C0DA56F50CC4D5F0A336 ] btwampfl        C:\WINDOWS\system32\DRIVERS\btwampfl.sys
07:42:52.0845 0x2a18  btwampfl - ok
07:42:52.0868 0x2a18  [ 66D870B50A4F5CBAF0C0A72976E057FA, 1689DF95149F0D174F4836B5DE103BAAC24410A0EA79ACAB6F1EBF35FCEF8AEE ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
07:42:52.0894 0x2a18  btwdins - ok
07:42:52.0899 0x2a18  [ 23F9EF739F685E07482116425E7879AA, 0EBDF96A49A319C0BCF6F51FB6C8C392C017E1738B950C19C91FF43E14D73143 ] buttonconverter C:\WINDOWS\System32\drivers\buttonconverter.sys
07:42:52.0912 0x2a18  buttonconverter - ok
07:42:52.0916 0x2a18  [ 60EB6A4CE3E21887D302350631C16F26, 4270EFA22285C1A9336CF1220761E416950D2DA9C6A40D1D8452686CD5040DAB ] CapImg          C:\WINDOWS\System32\drivers\capimg.sys
07:42:52.0943 0x2a18  CapImg - ok
07:42:52.0948 0x2a18  [ F8FB51B9EF6372610E9B31A1D86B62FC, 7461584A8B39AC549AD7BAFFA509D4CD81EEE542808BC8EFC285863A0AE6432D ] cdfs            C:\WINDOWS\system32\DRIVERS\cdfs.sys
07:42:52.0964 0x2a18  cdfs - ok
07:42:52.0973 0x2a18  [ 2E6612376D257F74781F2EF1F869D8C3, 908B0DECB9F098F7F11B029A03C06C67FB52E5E8BEA42033A2B579D3B3686AB8 ] CDPSvc          C:\WINDOWS\System32\CDPSvc.dll
07:42:52.0996 0x2a18  CDPSvc - ok
07:42:53.0005 0x2a18  [ A93C9B9EBE2FDE5A536000D72CC17F7F, 9793CFAE8BE8C6B5B39A1D276577965FBB2CE131325A410B7C68BD23492ADAAF ] CDPUserSvc      C:\WINDOWS\System32\CDPUserSvc.dll
07:42:53.0024 0x2a18  CDPUserSvc - ok
07:42:53.0031 0x2a18  [ 613D0137C269187FA298A157E3D14A18, 84BC268525F14BB27202CE242BF94D9E83BC91B50A0335908574F31B29A2F04D ] cdrom           C:\WINDOWS\System32\drivers\cdrom.sys
07:42:53.0044 0x2a18  cdrom - ok
07:42:53.0050 0x2a18  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] CertPropSvc     C:\WINDOWS\System32\certprop.dll
07:42:53.0071 0x2a18  CertPropSvc - ok
07:42:53.0080 0x2a18  [ 0AED948DA8D5F08B3D6F12E4E2089736, 95E538E81DDBC83492C5F3820C82C78F050B4D74ACF12D7970EC84F93581AE29 ] cht4iscsi       C:\WINDOWS\system32\drivers\cht4sx64.sys
07:42:53.0095 0x2a18  cht4iscsi - ok
07:42:53.0137 0x2a18  [ 0002A0FDE087C1657AB31CE73077539C, 4DD6210B67E9633AB3240371590869DC833A4C986C74FC12A5D4FFFFD361848A ] cht4vbd         C:\WINDOWS\System32\drivers\cht4vx64.sys
07:42:53.0259 0x2a18  cht4vbd - ok
07:42:53.0265 0x2a18  [ 6B4F90A287D75CCD78694F6790C911B2, 73D7C31E9F475FA3FD568FCA9A953F968729AA114F63C06F38BF5198DAD67BD8 ] circlass        C:\WINDOWS\System32\drivers\circlass.sys
07:42:53.0278 0x2a18  circlass - ok
07:42:53.0289 0x2a18  [ B72D26074E72A757D788FB1BEF8B2F2E, 36847C5315AFB9A5EC66AD3EF2A09C24C0FAF669FDF0831F78600F4609352CB4 ] CLFS            C:\WINDOWS\system32\drivers\CLFS.sys
07:42:53.0308 0x2a18  CLFS - ok
07:42:53.0414 0x2a18  [ 77469C0C4540C39D3C5BF29D8CEDFB32, CBA289465516E9E4972542048068C7E25840B55645605C8C3577D0364BC05441 ] ClickToRunSvc   C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
07:42:53.0482 0x2a18  ClickToRunSvc - ok
07:42:53.0500 0x2a18  [ E133CFCBFABB3CB517BE9F42FEA5887C, DA699CDD5F3CC427354540C907BD24CCA7BAC3112C53918EB611CB4EEC7611DA ] ClipSVC         C:\WINDOWS\System32\ClipSVC.dll
07:42:53.0522 0x2a18  ClipSVC - ok
07:42:53.0527 0x2a18  [ EEC3A4A98AE1A337E3CD1483AD6F2E15, 764DA329984A95E092F5C15116DA34FA7FC27216C0862365D4BF10ADC97EC5C5 ] clreg           C:\WINDOWS\System32\drivers\registry.sys
07:42:53.0540 0x2a18  clreg - ok
07:42:53.0546 0x2a18  [ 429623E266EF067A44E8CF148E9DFB9B, A48AA85ACC52C7AD73DB2D6148B3F9FB5EAC33C8F8C5BB6D7D0A9D84B7C08E11 ] CmBatt          C:\WINDOWS\System32\drivers\CmBatt.sys
07:42:53.0555 0x2a18  CmBatt - ok
07:42:53.0568 0x2a18  [ 90C07EB909C42316982E753BDAA7860D, 438581FD3468FAF01D35529672201A920E8821EC80E30E59A43645DA57738F21 ] CNG             C:\WINDOWS\system32\Drivers\cng.sys
07:42:53.0589 0x2a18  CNG - ok
07:42:53.0593 0x2a18  [ 3DB10C59405931E2C72EFB82C1AF97D1, 100B5450A70988DB1C1F8A5FDBB3553AF1A0D47B42A5AC71460DB92E26010CE6 ] cnghwassist     C:\WINDOWS\system32\DRIVERS\cnghwassist.sys
07:42:53.0600 0x2a18  cnghwassist - ok
07:42:53.0615 0x2a18  [ 34C935AF2A414572B412B3556586D783, 912981B88B0796576ECCD5EBE0C4728EC02D5D6A96B039447DCBA59B2583F25E ] CompositeBus    C:\WINDOWS\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
07:42:53.0625 0x2a18  CompositeBus - ok
07:42:53.0628 0x2a18  COMSysApp - ok
07:42:53.0631 0x2a18  [ 44EEEB2382F566999287E13F2067693C, 53A4A0C85EAD38030FF2078C67465E3710ECD03A08FF34E1E67B2E3E1CC70043 ] condrv          C:\WINDOWS\system32\drivers\condrv.sys
07:42:53.0639 0x2a18  condrv - ok
07:42:53.0654 0x2a18  [ 5DE2049D5F57C1D142F36FA9CE443693, E6C2807C0B1EF90C11EB39634693B76EACE6CC675777776112835212A334F328 ] CoreMessagingRegistrar C:\WINDOWS\system32\coremessaging.dll
07:42:53.0678 0x2a18  CoreMessagingRegistrar - ok
07:42:53.0700 0x2a18  [ B1A626A3AD0CA86B25F3D4984D1C366A, DF028DA1DD5D9511FFFBCD2DD47F2D1E878AD68D47525F1E5D7E4D656F8CADB5 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
07:42:53.0717 0x2a18  cphs - ok
07:42:53.0727 0x2a18  [ 1A97E6461CD8A7FC7AAF49F579D67681, B6782AEB339F3489C11F6466786A8543A84FD99A184BC358E85165BCD251682C ] cplspcon        C:\WINDOWS\system32\IntelCpHDCPSvc.exe
07:42:53.0791 0x2a18  cplspcon - ok
07:42:53.0800 0x2a18  [ 5F06CAC4B09250CDDDD0180A08162924, A2EB0A57225E65FC264CFC9FAD858D8B54A015CDAE3DC904B1C4E9AAB40B1F06 ] CryptSvc        C:\WINDOWS\system32\cryptsvc.dll
07:42:53.0827 0x2a18  CryptSvc - ok
07:42:53.0834 0x2a18  [ 039B5A8CBD5C75D1C46DF15F7C74D136, A5C8A41F2D406D37E147939F2058373ED091BFCC00CA7E829F887638CD3A2F64 ] dam             C:\WINDOWS\system32\drivers\dam.sys
07:42:53.0851 0x2a18  dam - ok
07:42:53.0858 0x2a18  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdate        C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
07:42:53.0869 0x2a18  dbupdate - ok
07:42:53.0874 0x2a18  [ A1F58FFF448E4099297D6EE0641D4D0E, 47839789332AAF8861F7731BF2D3FBB5E0991EA0D0B457BB4C8C1784F76C73DC ] dbupdatem       C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
07:42:53.0882 0x2a18  dbupdatem - ok
07:42:53.0906 0x2a18  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
07:42:53.0978 0x2a18  DcomLaunch - ok
07:42:53.0987 0x2a18  [ AE9F09F87755C18904656CB4F59F351D, B352A43B3B68B497D87B49C302AF3F37F36D56D49878AE3785C3D43597E5DC57 ] DcpSvc          C:\WINDOWS\system32\dcpsvc.dll
07:42:54.0018 0x2a18  DcpSvc - ok
07:42:54.0023 0x2a18  [ 3802CBF4BDDE6F99974B27EE1782E5F9, 51562209E16A1C0247D73D7BFC8827AE4A2E57AF11350379A8FBA1EC44E56E54 ] DDDriver        C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys
07:42:54.0032 0x2a18  DDDriver - ok
07:42:54.0050 0x2a18  [ ABBD3EE724117242E28D31F19FBCFF03, 68EA91A969DD80A5DE28B0A8EAEB308837183713559C2C2FAEF991858C971393 ] defragsvc       C:\WINDOWS\System32\defragsvc.dll
07:42:54.0093 0x2a18  defragsvc - ok
07:42:54.0098 0x2a18  [ 04D91223860DB9B4169909A01CD66819, 0B598306E99BF9AF036908C9333D34A81F7A9FF292213A9EB583F3F4C8FE2CB1 ] Dell Customer Connect C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
07:42:54.0106 0x2a18  Dell Customer Connect - ok
07:42:54.0111 0x2a18  [ 802FC4E1B3E24185C731C81CD629F41D, FDA38B16E3D8CB1C6D7621AAD25663B954B7015F21F84524DAE2BB04923A996F ] Dell Foundation Services C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
07:42:54.0118 0x2a18  Dell Foundation Services - ok
07:42:54.0190 0x2a18  [ 19C5F4EBA0B9670A923EEDCD97526B3A, 6D02BC69FD8D2099098255C7776E90FD98CAB343473D92238CB5F7DE9B080A89 ] DellDataVault   C:\Program Files\Dell\DellDataVault\DellDataVault.exe
07:42:54.0276 0x2a18  DellDataVault - ok
07:42:54.0285 0x2a18  [ 5F57C0E23FB5FC5F3DDE5ACAF5D299D7, 381EB4B54B77CA061AFA484F5BF98B2518D3C7FD54406631C6C7F43E3132C4A3 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
07:42:54.0294 0x2a18  DellDataVaultWiz - ok
07:42:54.0301 0x2a18  [ 58F416B0E25755C3EE1FC754A5EDE1FC, DD5658C3AA4F019A30A76C2EEFA4DF9DDCE2A9425CC93D8EC870521D17D172EA ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
07:42:54.0314 0x2a18  DellDigitalDelivery - ok
07:42:54.0318 0x2a18  [ A8CD0B40A2DE20CCD6843774119A4FA1, 622C21231C6DCCAF6D8D4F0FBF4F55D474EFE9147EE7DA2C72EF51E2C946F1AC ] DellDockUpdate  C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
07:42:54.0325 0x2a18  DellDockUpdate - ok
07:42:54.0330 0x2a18  [ DB1FA276F9559782005D0B1F0124E1FE, A6E14276CC9DE5E63D2556FCF91CAA86C6D076F3F5D9B43CB8B9CA219256EC42 ] DellPremierColorService C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe
07:42:54.0374 0x2a18  DellPremierColorService - ok
07:42:54.0383 0x2a18  [ DC3BD578642252FD9569B9CD75CEF81E, 63F44BC19389C19BA9F9E974BF2E5236AF7F66D9076943B9CF46775264BBE413 ] DellProf        C:\WINDOWS\system32\drivers\DellProf.sys
07:42:54.0397 0x2a18  DellProf - ok
07:42:54.0413 0x2a18  [ 303CC91C34B77E49ECDC1F88F2CC48DC, A3B6539F473CB89774354153EE4D07E6C2C3B75FA171979407A03A95159C9096 ] DellUpdate      C:\Program Files (x86)\Dell Update\DellUpService.exe
07:42:54.0441 0x2a18  DellUpdate - ok
07:42:54.0471 0x2a18  [ DD74F18227ACC837D9856E24282D446D, 6A760E44CD897952538CDFA8895FE11263D51AAA79CFF24C01F3862E919DA478 ] DeviceAssociationService C:\WINDOWS\system32\das.dll
07:42:54.0522 0x2a18  DeviceAssociationService - ok
07:42:54.0530 0x2a18  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] DeviceInstall   C:\WINDOWS\system32\umpnpmgr.dll
07:42:54.0566 0x2a18  DeviceInstall - ok
07:42:54.0572 0x2a18  [ CDF1B1B5C5951111791C236B2696C7F8, BF6C4BA545C8827B40DB69890DB4D2B2F9C583C5E3CFBDFD370B05891141458D ] DevQueryBroker  C:\WINDOWS\system32\DevQueryBroker.dll
07:42:54.0594 0x2a18  DevQueryBroker - ok
07:42:54.0603 0x2a18  [ 0D1D392ED2597F295956D058D33BD7C3, 2F7FE5A06D880F9E2A46C9803DD249DC40C2898C04E946D14E7EECCCC9F2B24F ] Dfsc            C:\WINDOWS\system32\Drivers\dfsc.sys
07:42:54.0637 0x2a18  Dfsc - ok
07:42:54.0653 0x2a18  [ F0D4400BA0F08610D9A551B15BF10B76, 83EB8FB272FC2DD2CC0659C2FB90AD0DAE88A88AB3951E03BCD933A25B601E10 ] Dhcp            C:\WINDOWS\system32\dhcpcore.dll
07:42:54.0702 0x2a18  Dhcp - ok
07:42:54.0710 0x2a18  [ CA7FEDDFCF61EF15A09C54DA2C07C49F, 346EF7709BA9E6BD48592B86FA46F9D956C847EF91F4980EEAD98269D0F0EF67 ] diagnosticshub.standardcollector.service C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
07:42:54.0742 0x2a18  diagnosticshub.standardcollector.service - ok
07:42:54.0816 0x2a18  [ CAD14E0AD1F03397E9B1C8733D76BEF4, 0035EF35F6520B1DF0E599C8A06D4163C52576BCE0976BF729B44DECDC506627 ] DiagTrack       C:\WINDOWS\system32\diagtrack.dll
07:42:54.0924 0x2a18  DiagTrack - ok
07:42:54.0930 0x2a18  [ 35B9D46560339A5A7F0CAC6ED702C817, F70480B01533B7029F90E2DE297E9E829660300DDE7A7D009B0AC2684E7691A7 ] disk            C:\WINDOWS\system32\drivers\disk.sys
07:42:54.0950 0x2a18  disk - ok
07:42:54.0970 0x2a18  [ 09CF47A74BFB480B8262FCEE222004B6, F5CD0ACA04BCB95984595CC2E17BC9E92865091A0A3BCAD4B06438A1570E7696 ] DmEnrollmentSvc C:\WINDOWS\system32\Windows.Internal.Management.dll
07:42:55.0011 0x2a18  DmEnrollmentSvc - ok
07:42:55.0015 0x2a18  [ 815F45161A4571C2C44491564F3D5968, 32E7AE8414A178CE429C0CDFCF718E3C11C705FB3155EA5CA0EAD48AAE507B01 ] dmvsc           C:\WINDOWS\System32\drivers\dmvsc.sys
07:42:55.0029 0x2a18  dmvsc - ok
07:42:55.0034 0x2a18  [ 6E5EE6E420FECD64DE463C5F01CBFE71, F173C56895E80AA03D70CD78B3AB659C2EEAACFF43BE3B6EF3939D6F4AD4F62D ] dmwappushservice C:\WINDOWS\system32\dmwappushsvc.dll
07:42:55.0059 0x2a18  dmwappushservice - ok
07:42:55.0069 0x2a18  [ 7F8A3ABF7750326E18CE953CCE262670, 5DBD159E8A455A42764FC73CF7DCAC849B5896848C5589B00BD36697804C0A3B ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
07:42:55.0096 0x2a18  Dnscache - ok
07:42:55.0107 0x2a18  [ 8F46B4C3F9BA19C26A26D0A11137B20B, BA0A66DBA98D77FD85A7CD2D4593F2B2A1A3B4D32BBECBCFFBEB5A54DCB0D8ED ] dot3svc         C:\WINDOWS\System32\dot3svc.dll
07:42:55.0130 0x2a18  dot3svc - ok
07:42:55.0137 0x2a18  [ CA09EAEE92C6FDDC6B05057F11A0372D, 14DB5C186B69644AA93C445BF31CC9670204F95A47B77B6EACB19B4A316378AD ] DPS             C:\WINDOWS\system32\dps.dll
07:42:55.0158 0x2a18  DPS - ok
07:42:55.0162 0x2a18  [ B7AD595A1C686403404C79A854CAD17E, E122EDB5939DE8F6E1202F06551FA816BEE953C00D60C136F8657532C1DE828B ] dptf_acpi       C:\WINDOWS\System32\drivers\dptf_acpi.sys
07:42:55.0172 0x2a18  dptf_acpi - ok
07:42:55.0177 0x2a18  [ 5A47D54EEBB3554887BC27F89984C8EB, BBDE5F29FC65F8A66DA98C96163A99315583BC5A6895F1CB6967EF0707E27154 ] dptf_cpu        C:\WINDOWS\System32\drivers\dptf_cpu.sys
07:42:55.0185 0x2a18  dptf_cpu - ok
07:42:55.0190 0x2a18  [ AE6BD4C879A8C849E53947C92DF3B3A0, 8C29774CB2D30D901C54AAC0C8ACE709351EE40E5C8FB9951B2A18B4A03F28B7 ] drmkaud         C:\WINDOWS\system32\DRIVERS\drmkaud.sys
07:42:55.0200 0x2a18  drmkaud - ok
07:42:55.0207 0x2a18  [ 7433474BE77F065D2FA628671FE31A3E, 063ADDC68F48036749E6EC7B2F66284DB29F90F62E9468D16B4EF5A0FDC45E35 ] DsmSvc          C:\WINDOWS\System32\DeviceSetupManager.dll
07:42:55.0229 0x2a18  DsmSvc - ok
07:42:55.0234 0x2a18  [ 5FCA45C24501DA7390065D3706A9FC3F, 093FD840F1502ECC6F05B9723CA523B3F15CF39A5D2B9106E1267739B3F2C52C ] DsSvc           C:\WINDOWS\System32\DsSvc.dll
07:42:55.0250 0x2a18  DsSvc - ok
07:42:55.0295 0x2a18  [ 19F2B54EE8861D90579BD0E3AE5182F9, FDD4F091C61C8C20550C8F68375ABD7ED718A733F680F0F0367D4796C302BA14 ] DXGKrnl         C:\WINDOWS\System32\drivers\dxgkrnl.sys
07:42:55.0369 0x2a18  DXGKrnl - ok
07:42:55.0379 0x2a18  [ 9FCE4EF7D5E274F862D9A2526B5F4779, 81D42D5475C2801C8E0C233A0BA827569D8A70590017C91C665C8B232D9BFAA9 ] EapHost         C:\WINDOWS\System32\eapsvc.dll
07:42:55.0400 0x2a18  EapHost - ok
07:42:55.0404 0x2a18  EasyAntiCheat - ok
07:42:55.0500 0x2a18  [ 7EC6FC0266D74BD47ABB130A328B70EC, 3856790AF967AB03B1A89F97328DC4D5A6854ACDA6169681A9AFB03D7CF791F9 ] ebdrv           C:\WINDOWS\system32\drivers\evbda.sys
07:42:55.0622 0x2a18  ebdrv - ok
07:42:55.0631 0x2a18  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] EFS             C:\WINDOWS\System32\lsass.exe
07:42:55.0641 0x2a18  EFS - ok
07:42:55.0645 0x2a18  [ 8D74B8B5D6F7C5BC4C525BAF2B083FF1, DA5656F745B3911F96871887FDFDC40F4D9C820622A0AA27EFE4BA93662833CA ] EhStorClass     C:\WINDOWS\system32\drivers\EhStorClass.sys
07:42:55.0655 0x2a18  EhStorClass - ok
07:42:55.0660 0x2a18  [ 2A9817B5A9260D8F60D52E36BEF10443, AC1A0203221AFAF584C71317FA07AA1B6E61BE619E918B3B1E4AD57CCED1CF03 ] EhStorTcgDrv    C:\WINDOWS\system32\drivers\EhStorTcgDrv.sys
07:42:55.0670 0x2a18  EhStorTcgDrv - ok
07:42:55.0675 0x2a18  [ 80A7999DE02CE678B865832E1CE78CD6, 2576EBB6E4D630A906DE724F125099E52A962B5B68B9F9BCA849A7B29D8C8689 ] embeddedmode    C:\WINDOWS\System32\embeddedmodesvc.dll
07:42:55.0690 0x2a18  embeddedmode - ok
07:42:55.0698 0x2a18  [ 3CE2B6AECB9AF8BC159299EEC46A35CA, E933B28BB6E4D01FCCDF8FBBB134C244B28DA3ECBDFA13333F0D4C24B2551780 ] EntAppSvc       C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
07:42:55.0715 0x2a18  EntAppSvc - ok
07:42:55.0719 0x2a18  [ 77B60DEC7DCB4233E4A69D3F52E5DB24, 3A5C905E37A93899051497C90E5BA8E1D003B56C6906CADFD2F1CDF52052D248 ] ErrDev          C:\WINDOWS\System32\drivers\errdev.sys
07:42:55.0731 0x2a18  ErrDev - ok
07:42:55.0762 0x2a18  [ 03860DE7D2EC356A6DB7DF8836689AE3, 62706FE7D356EA0BAE163F698934949D4EFD659AFCED60E1028129B6E635CDF0 ] esifsvc         C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
07:42:55.0828 0x2a18  esifsvc - ok
07:42:55.0839 0x2a18  [ 17861A6D45A46B88C077F9211959D119, D6C2746E0C9E3E0ED6FF702673F2B4AAEDCBE27D7D1C2E476D6EFED3B1C14C7C ] esif_lf         C:\WINDOWS\system32\DRIVERS\esif_lf.sys
07:42:55.0850 0x2a18  esif_lf - ok
07:42:55.0870 0x2a18  [ 8842ED1E87D7662F249B5B63501E693B, A6D71351C2F32295926664875369C0BF93C59541B023884BDAC684E1EA94487A ] ESRV_SVC_QUEENCREEK C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
07:42:55.0895 0x2a18  ESRV_SVC_QUEENCREEK - ok
07:42:55.0908 0x2a18  [ F89083AB8B9F51C0031C1CBD0A9A7E35, 9EE973A25134960E62D1A6A1E34AD9B3F7690E71C1AD31A23FA2081A73438754 ] EventSystem     C:\WINDOWS\system32\es.dll
07:42:55.0936 0x2a18  EventSystem - ok
07:42:55.0945 0x2a18  [ FCD2C63754C2E739A8EEAD9BC63F9DDC, C57A72ABA4C0BD71F914B9C8FF965DCFF585A205498F19A4584A4BAF7674839D ] exfat           C:\WINDOWS\system32\drivers\exfat.sys
07:42:55.0967 0x2a18  exfat - ok
07:42:55.0978 0x2a18  [ FA918EC296EB410FF02867D008D02421, 23D164A24CB0D212778FA9592A046B6BA1F3628003E04181744A1F891B5B3E5A ] fastfat         C:\WINDOWS\system32\drivers\fastfat.sys
07:42:55.0994 0x2a18  fastfat - ok
07:42:56.0009 0x2a18  [ 77CE56471AF984800F318F3734D768C7, 72D540072374A56C2C497F0532A50705D3F0637F2C0C96B1D715F2EDFCA3AA2D ] Fax             C:\WINDOWS\system32\fxssvc.exe
07:42:56.0037 0x2a18  Fax - ok
07:42:56.0041 0x2a18  [ 99598ECA5E41996E005D5B9D9FF1EFA2, 91345CD50EF02431B69093505C1C5F5DC6A1AA6BF192EE9392ED4D5626B60462 ] fdc             C:\WINDOWS\System32\drivers\fdc.sys
07:42:56.0053 0x2a18  fdc - ok
07:42:56.0056 0x2a18  [ EF0DD43A4CBAB367BCA1AFBDC9971E4F, 73E161C45D63FDDE71EE2438137913724DC513860539D1E7F6BD861F5D1B33F3 ] fdPHost         C:\WINDOWS\system32\fdPHost.dll
07:42:56.0075 0x2a18  fdPHost - ok
07:42:56.0080 0x2a18  [ 34DAC585994CD3B4E910DE11C584EF3D, A6C6A4CB5413EA61F1A54E2D3AD71A311CEA2C26218544D2D2D4A5CFEC52DE8C ] FDResPub        C:\WINDOWS\system32\fdrespub.dll
07:42:56.0092 0x2a18  FDResPub - ok
07:42:56.0097 0x2a18  [ B68DA1FE3CA2311AFD38DD6905CA7F71, 4B395DFB1B47D2507CA4D9DC996A70D0A3BDB1A245CD6DA6C42B2A299AFCCF37 ] fhsvc           C:\WINDOWS\system32\fhsvc.dll
07:42:56.0115 0x2a18  fhsvc - ok
07:42:56.0119 0x2a18  [ F44F666B0EACC3181544FFCF8CA0FFC7, 83F771CF9DAE1C504B30731EEC55355EA1253174252DA2192ADF1D228B3735C3 ] FileCrypt       C:\WINDOWS\system32\drivers\filecrypt.sys
07:42:56.0132 0x2a18  FileCrypt - ok
07:42:56.0136 0x2a18  [ 78A210DDFDF2C9EC884631D2DAA573F0, 5D39C6EF4AC690A9749EEDBE2478FFF15A22877A2861EDA103C7BF1607B0C1BD ] FileInfo        C:\WINDOWS\system32\drivers\fileinfo.sys
07:42:56.0145 0x2a18  FileInfo - ok
07:42:56.0148 0x2a18  [ 1A97DB5E701A186989F3795223C3BE39, F7982220D4DF7E104955E63CACE352394E2577DEF49506EA126127F820EB62DF ] Filetrace       C:\WINDOWS\system32\drivers\filetrace.sys
07:42:56.0161 0x2a18  Filetrace - ok
07:42:56.0164 0x2a18  [ 46626665F0E5906E45619B4EFD6186B8, 37FDD3B8AD49FD29E54DA5567EA77F28A53498AE56348F7A2628E5E5549D638B ] flpydisk        C:\WINDOWS\System32\drivers\flpydisk.sys
07:42:56.0175 0x2a18  flpydisk - ok
07:42:56.0184 0x2a18  [ FDA72ACA14D516D18C33AFCD0FD9260F, 6509612DEC82EA74614B5C9A7B432305A1A468C97B88BED9E141DF2929B621B1 ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
07:42:56.0198 0x2a18  FltMgr - ok
07:42:56.0232 0x2a18  [ 49BF5C8182C3D2D6CD9F7EEDF1CFDB66, 0977EBE86B57FC370D27CA69D58122397D5D5369AF0C8DBCC492AE7AD55CBA2B ] FontCache       C:\WINDOWS\system32\FntCache.dll
07:42:56.0294 0x2a18  FontCache - ok
07:42:56.0300 0x2a18  [ 59241194DBDF30A2B4029E402F377900, 47A92E9CD8494C403B377799D395670A393766647E24CD83B15338CE2AA50266 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:42:56.0308 0x2a18  FontCache3.0.0.0 - ok
07:42:56.0324 0x2a18  [ 8B52024D3A5C3A12F1C4D75D30A976C5, 982F1C783966C9A6D255AA7DBAB6D225EBE0050A36176B8DE85E8ADBFE17FDF1 ] FrameServer     C:\WINDOWS\system32\FrameServer.dll
07:42:56.0358 0x2a18  FrameServer - ok
07:42:56.0362 0x2a18  [ D152CCBFC8251670BF0AAFE00D6BC782, 9DE82D8FC4E1DAF8FF23EE08C0B7CB5051A9224E64544D262CFA4996A41B04E1 ] FsDepends       C:\WINDOWS\system32\drivers\FsDepends.sys
07:42:56.0371 0x2a18  FsDepends - ok
07:42:56.0374 0x2a18  [ 6D6BB5C7363CD35FA715E826F3D029EE, C214F791EB39E8B25CE57ED9D6C1D56EE1AF6021BCB380980BD42A6338A6C9F7 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
07:42:56.0382 0x2a18  Fs_Rec - ok
07:42:56.0395 0x2a18  [ 8EEC4925C03E375C4EC496E45C44139A, 06C5C7BCC28D3E435675F0759A09CAB726E971DF4BFC1DC3DCF503EABCDCCCC6 ] fvevol          C:\WINDOWS\system32\DRIVERS\fvevol.sys
07:42:56.0420 0x2a18  fvevol - ok
07:42:56.0425 0x2a18  [ EF78034773CE506323655A868C949144, DF195BEEE6704FBCC6D2D9E1BF6723E52ED502A1459F495B7D18481E6A79B5BC ] gencounter      C:\WINDOWS\System32\drivers\vmgencounter.sys
07:42:56.0436 0x2a18  gencounter - ok
07:42:56.0440 0x2a18  [ B55FEBC6A00DAA1FE074F020B6907516, 67071FBAC2ABA47AB71358A5F08E92E034A55343878F00137E90B3B1F7362976 ] genericusbfn    C:\WINDOWS\System32\drivers\genericusbfn.sys
07:42:56.0451 0x2a18  genericusbfn - ok
07:42:56.0457 0x2a18  [ DDD8A8CDDC7F13EF57D1DAAE71865936, 9D472A8689F72F24D40D5B94849690F53C67849FDF6162A94EF4FB330A3DA566 ] GPIOClx0101     C:\WINDOWS\system32\Drivers\msgpioclx.sys
07:42:56.0468 0x2a18  GPIOClx0101 - ok
07:42:56.0490 0x2a18  [ 713A176494CEC107E663CAD6C2B27F77, 76871D8CFBA8FCD8CFF96208AE84C658EBEC60270D978898B90EE9451AA1BCE1 ] gpsvc           C:\WINDOWS\System32\gpsvc.dll
07:42:56.0549 0x2a18  gpsvc - ok
07:42:56.0557 0x2a18  [ 7ACD8F69B5D6EC97E6D2C006E19BED88, FC69214C9308EA64B88EF4C3C95800586DDBB44C8540846B79A161BAD8203B6E ] GpuEnergyDrv    C:\WINDOWS\system32\drivers\gpuenergydrv.sys
07:42:56.0571 0x2a18  GpuEnergyDrv - ok
07:42:56.0577 0x2a18  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:56.0587 0x2a18  gupdate - ok
07:42:56.0593 0x2a18  [ 750446ED76A5D13E902174DDDDA1A62B, F67355A6659E21D8D97E6982B28F22453F8C298E822E27FADDB440DA4A6DE7C0 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:42:56.0602 0x2a18  gupdatem - ok
07:42:56.0607 0x2a18  [ 10E3515FE5DBA6656FA62C29342EC4A1, 2051F10F74ED712B1766EB61E87FADE25AB3D0970BABFD320600D1B0D6377F26 ] HDAudBus        C:\WINDOWS\System32\drivers\HDAudBus.sys
07:42:56.0623 0x2a18  HDAudBus - ok
07:42:56.0627 0x2a18  [ B90D284B97CD4CA9DE7430AAAD887A56, 2F14F985C39B7801ED64590979CF2114924E9547F5B11D2B37A74DBFFDD9E7C5 ] HidBatt         C:\WINDOWS\System32\drivers\HidBatt.sys
07:42:56.0638 0x2a18  HidBatt - ok
07:42:56.0643 0x2a18  [ B2FE11643CC6ACDEE6C247DD36018FDB, 5796613C7DBF8B2A9E860E006FF1A245B6BE7D10E3F6685AD142B48E5C237B8C ] HidBth          C:\WINDOWS\System32\drivers\hidbth.sys
07:42:56.0659 0x2a18  HidBth - ok
07:42:56.0663 0x2a18  [ 81E52ADEA1D8B051DC1E3FC97C044C28, 494C9BAEE00F2BFD88485FB4F3521AD903A6500DB3844017FE56335D37760953 ] HidEventFilter  C:\WINDOWS\System32\drivers\HidEventFilter.sys
07:42:56.0672 0x2a18  HidEventFilter - ok
07:42:56.0676 0x2a18  [ D24355488A2D4D2323518EC1AC7A6D9E, ED2176A2093726087EDDA25B86E9CDD4BA35F4E748E3A6DE0B15C4C97646B5C7 ] hidi2c          C:\WINDOWS\System32\drivers\hidi2c.sys
07:42:56.0690 0x2a18  hidi2c - ok
07:42:56.0694 0x2a18  [ 0AF9ABBA4F3F55C6C803890D64BC3C29, D3DE6FA308F8E7CD4F16387F46AE4B2F7EC9BBA07BF87652B660A0D645710571 ] hidinterrupt    C:\WINDOWS\System32\drivers\hidinterrupt.sys
07:42:56.0706 0x2a18  hidinterrupt - ok
07:42:56.0710 0x2a18  [ CDBCF8E9AB06D88A1E1191D32F320C5D, F76963AB7CF2BAB3A220013879AECD3976BFD851CFB66B5A69A9EA2541048861 ] HidIr           C:\WINDOWS\System32\drivers\hidir.sys
07:42:56.0725 0x2a18  HidIr - ok
07:42:56.0729 0x2a18  [ C900FE0DD6A1E2220084B8F1C427790C, 802194EBEDA1A50EDA300078B0888AAC1F17A42E67147B7B3B9C50AD8D4E5C89 ] hidserv         C:\WINDOWS\system32\hidserv.dll
07:42:56.0743 0x2a18  hidserv - ok
07:42:56.0750 0x2a18  [ D8536CB438CC4CCDAE047B768EED22B2, 4F666BFA3554F9ACA6B9D436BFA64474D5F30FB3E78F4E66068CCDF283D9867F ] HidUsb          C:\WINDOWS\System32\drivers\hidusb.sys
07:42:56.0766 0x2a18  HidUsb - ok
07:42:56.0776 0x2a18  [ 0AC1BD5A28FAA371EF34859FE703E515, 1DD1C33AF8D6EBE7C36FCD051F066E4039D2B47ABAECF7C68BC3933D567930B2 ] HomeGroupListener C:\WINDOWS\system32\ListSvc.dll
07:42:56.0804 0x2a18  HomeGroupListener - ok
07:42:56.0821 0x2a18  [ 86161A89F16851728802590EC7C92608, 3A3B05BB4E115410D27063B30C0EF3F18295F542050F329F1E466C81A9E23A46 ] HomeGroupProvider C:\WINDOWS\system32\provsvc.dll
07:42:56.0853 0x2a18  HomeGroupProvider - ok
07:42:56.0858 0x2a18  [ F5CA18197B4646E04DB9EB2D6642CC4D, 5BA3342DDF1BCB67E4156169FE9A33E7BC2641C729E9F1A80C0E80953C6AB114 ] HpSAMD          C:\WINDOWS\system32\drivers\HpSAMD.sys
07:42:56.0870 0x2a18  HpSAMD - ok
07:42:56.0897 0x2a18  [ A10C7C1E69FC90620C7BF2E51302A01F, D725AEAE38255CED73F4922A10F226215528706580B06D01C228488F93AC0397 ] HTTP            C:\WINDOWS\system32\drivers\HTTP.sys
07:42:56.0937 0x2a18  HTTP - ok
07:42:56.0943 0x2a18  [ 0C84C250F80EAEC2C9768464CC1A9626, 212E1003B78F9B98FEB084FD1FDB59B26A9DE4C9120F24D4361FBBF0F3C035E7 ] HvHost          C:\WINDOWS\System32\hvhostsvc.dll
07:42:56.0954 0x2a18  HvHost - ok
07:42:56.0958 0x2a18  [ 74FC79C52395B10FFD0B55CF22CF88FC, 94D977DA2092EE8C2A598AC48758A84BB22CB6378BD114C2D3B4172A07A9CACC ] hvservice       C:\WINDOWS\system32\drivers\hvservice.sys
07:42:56.0968 0x2a18  hvservice - ok
07:42:56.0972 0x2a18  [ 771EDDA9830A3079F996F34D681FB6E5, F452AD656872A1C8B2D6DCE232CE01EBD456C46F4934A7601E78470F2A2CBF38 ] hwpolicy        C:\WINDOWS\system32\drivers\hwpolicy.sys
07:42:56.0980 0x2a18  hwpolicy - ok
07:42:56.0983 0x2a18  [ 3B9F315E7FA72CC25228EB097DD9C694, B26F1E494428EF197A0C97645C05BB3CA093827A005D35C987F1D6778BC4E52C ] hyperkbd        C:\WINDOWS\System32\drivers\hyperkbd.sys
07:42:56.0994 0x2a18  hyperkbd - ok
07:42:56.0998 0x2a18  [ B54B30992620C97230013A74461C8517, CAF09BDCDD6DE2A39CB8AE2C65E6F8FE12D8E93D84BBEF6C6A98F872BF54A4E3 ] i8042prt        C:\WINDOWS\System32\drivers\i8042prt.sys
07:42:57.0011 0x2a18  i8042prt - ok
07:42:57.0015 0x2a18  [ C6B8743B213F06AA60943D8366FE968F, 758954F70B810063914B243115B2C753B2BCE40190F95C30ACBA0BF04EBD5B33 ] iagpio          C:\WINDOWS\System32\drivers\iagpio.sys
07:42:57.0027 0x2a18  iagpio - ok
07:42:57.0031 0x2a18  [ 9A2A2F3C69B9A30B6E78536F6D258BAD, 5E28E132A7300E6F5E0C6439D6BA00F1AEF66D729FF671FDA91274A25A921463 ] iai2c           C:\WINDOWS\System32\drivers\iai2c.sys
07:42:57.0044 0x2a18  iai2c - ok
07:42:57.0048 0x2a18  [ 5A0E850F8CD17791A3E6A3CF81D0CA28, 10A965A49D53360DD250E0758B6BB142872298A21C732EB026ACB93492C5C6CF ] iaLPSS2i_GPIO2  C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys
07:42:57.0059 0x2a18  iaLPSS2i_GPIO2 - ok
07:42:57.0064 0x2a18  [ 7508F1096803385D6376BFD0BD473AC4, 1F32EC23CDC94DCB9710E6663B5C3BD83568545DDC2C741CFC13550A4E4DD2BE ] iaLPSS2i_I2C    C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys
07:42:57.0074 0x2a18  iaLPSS2i_I2C - ok
07:42:57.0081 0x2a18  [ E2C14D6C31F27C4C370E41484674BD81, 73AEB6E4A3F43F0EC33576DBC75C3259D5D4F9302C2D79871B66C47DE7D03C40 ] iaLPSS2_I2C     C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys
07:42:57.0090 0x2a18  iaLPSS2_I2C - ok
07:42:57.0093 0x2a18  [ 16A10CCEDCF5AC4CAAE43DC9FC40392F, F77696AE55B992154A3B35F7660BD73E0AB35A6ECEEC1931C0D35748CFA605C0 ] iaLPSSi_GPIO    C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys
07:42:57.0100 0x2a18  iaLPSSi_GPIO - ok
07:42:57.0105 0x2a18  [ EB82A11613326691508D9ED9A4FE29E7, 8445E41BAB21964C7F014742795E462BDDC6C37A261990B3D6BF4E637A719547 ] iaLPSSi_I2C     C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys
07:42:57.0117 0x2a18  iaLPSSi_I2C - ok
07:42:57.0138 0x2a18  [ 4E3C0C534D873FCCC31E0538C548710F, DE1E0530DB1EA8198E99EC5AA41E4C5E7A5CBFBAD98C017D13D56DD7B3C38317 ] iaStorA         C:\WINDOWS\system32\drivers\iaStorA.sys
07:42:57.0175 0x2a18  iaStorA - ok
07:42:57.0201 0x2a18  [ 97E553D03219D3D51705C7235D9EAEBD, 5D4578C8804AF32D1DC0868E34D6538138DC15F9568CA7E21051B1C82C0D8D55 ] iaStorAV        C:\WINDOWS\system32\drivers\iaStorAV.sys
07:42:57.0253 0x2a18  iaStorAV - ok
07:42:57.0260 0x2a18  [ 676699B87BF75E5A423E96C58A402905, 582D68FBEE947A39EDD29596822F3153E0F8448B52AA7A75EB7380C7EF8B0690 ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:42:57.0272 0x2a18  IAStorDataMgrSvc - ok
07:42:57.0284 0x2a18  [ 8350FE3BCDE3428BC040877BB7E9EAEB, 77F9456351CA640C6B7862907C0580627E761EC807B551976A95657EB4D6CC20 ] iaStorV         C:\WINDOWS\system32\drivers\iaStorV.sys
07:42:57.0305 0x2a18  iaStorV - ok
07:42:57.0318 0x2a18  [ 3BA03F7C7700DDF4C383DDE9252F5817, 3E90F69D0010E7764349D9AE865D577E431FEBC67DA554B400BC808DD286E203 ] ibbus           C:\WINDOWS\System32\drivers\ibbus.sys
07:42:57.0341 0x2a18  ibbus - ok
07:42:57.0349 0x2a18  [ A54B6E75CA5A3C9E39200FE305649FB7, F86DCE0DAB3CF20149CEFD1D2BE215FAEC68FB6F0CD6F1B7C573FBAC363E0A2B ] ICCS            C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
07:42:57.0361 0x2a18  ICCS - ok
07:42:57.0365 0x2a18  [ 1B904E09172A2D63CB728F56B9DC72AA, E83D8A55319B378EB76A88EF778F69F560C8F2541BBD58151754509008D1A2C5 ] ICCWDT          C:\WINDOWS\System32\drivers\ICCWDT.sys
07:42:57.0373 0x2a18  ICCWDT - ok
07:42:57.0380 0x2a18  [ 937AC47F7356554DA05D9722C356EB55, 9EABC9F19B4E1193B669D2674967F5C6F03FAD348EDF0615E3F78554FF9A83CC ] icssvc          C:\WINDOWS\System32\tetheringservice.dll
07:42:57.0400 0x2a18  icssvc - ok
07:42:57.0532 0x2a18  [ 35304583BA4C0C9E78487C0CFD6764DE, ED3FF3F6E9CBFBEC0A787771D34382C4E79EEE2A6A6520E16A22E8E973384CC7 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
07:42:57.0666 0x2a18  igfx - ok
07:42:57.0682 0x2a18  [ BB8FCF2D6134C8D13A901B9B23DB483A, A1533BB22476266A3CA5ED99D9E48C3E36ACAC0D84069AD06DBA128508FC3404 ] igfxCUIService2.0.0.0 C:\WINDOWS\system32\igfxCUIService.exe
07:42:57.0695 0x2a18  igfxCUIService2.0.0.0 - ok
07:42:57.0711 0x2a18  [ F2934208C0E50C0B971A7981AB90BED2, B936BFBBD71E731CC2CDB8B47D262F2EF09726FF921C2DA0841910CA2401423D ] IKEEXT          C:\WINDOWS\System32\ikeext.dll
07:42:57.0743 0x2a18  IKEEXT - ok
07:42:57.0747 0x2a18  [ 2A01C96DF5802D3434634E55C91232D8, A3ABEF36E2FD2CF5C371ADBF92566A09669A1D990ABE4677370F57F2EEAF8121 ] IndirectKmd     C:\WINDOWS\System32\drivers\IndirectKmd.sys
07:42:57.0758 0x2a18  IndirectKmd - ok
07:42:57.0765 0x2a18  [ 7D38E9F9574A6B9B89379708DF9820DA, 100DFB2BC4C28DD59323EBB0900BEC38CCF38D5BE1C02FA605CB35FD135E03CE ] IntcAudioBus    C:\WINDOWS\System32\drivers\IntcAudioBus.sys
07:42:57.0777 0x2a18  IntcAudioBus - ok
07:42:57.0852 0x2a18  [ 5455252E556F4BBDA7874F5A9DF88BBD, C81436052E5514FC7616939BEB2C8C15185B9A372C52F0E32EDDB43A5AB22E7D ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
07:42:57.0942 0x2a18  IntcAzAudAddService - ok
07:42:57.0969 0x2a18  [ 947360145F94C61E17EECD4BD3516AA9, F55A9EC31FE253E063D34B0118070B14156567B2E3B4ED74B697CA656D7789A0 ] IntcDAud        C:\WINDOWS\system32\DRIVERS\IntcDAud.sys
07:42:58.0020 0x2a18  IntcDAud - ok
07:42:58.0056 0x2a18  [ E3D3DB60FED00183A59EF71C4A831326, 9F61734F2FC1954848CDBE51A3408104E539F27B2C81F30634796EC4644649EC ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
07:42:58.0263 0x2a18  Intel(R) Capability Licensing Service TCP IP Interface - ok
07:42:58.0272 0x2a18  [ 8213094EA736A9C575AB0E22AD09B0BA, 12670A466B5AA37283BD4CB481D000DE3AE2A8D1BD159F67A41703A6FE5675EC ] Intel(R) Security Assist C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
07:42:58.0285 0x2a18  Intel(R) Security Assist - detected UnsignedFile.Multi.Generic ( 1 )
07:42:58.0570 0x2a18  Detect skipped due to KSN trusted
07:42:58.0570 0x2a18  Intel(R) Security Assist - ok
07:42:58.0582 0x2a18  [ 9F7E87F6595D065A8A200A291043045E, 6944F72F73EADC6C9B7691F2C1C6DF1898F22C88EFA78EC0BA8CB5FFD9CE057B ] intelide        C:\WINDOWS\system32\drivers\intelide.sys
07:42:58.0606 0x2a18  intelide - ok
07:42:58.0615 0x2a18  [ A6BD2E20AE1BC5CB2776C87C28E4F4CA, BD8BE67CED9A4982D785CE9ECBEFE868C3A2E37DF7F9592B9F9049B807A1554B ] intelpep        C:\WINDOWS\system32\drivers\intelpep.sys
07:42:58.0642 0x2a18  intelpep - ok
07:42:58.0653 0x2a18  [ 2A48DA39542636DB0FA3BA915385D1B3, 6CA0916F5F4B1E81AE6A6233276320599BFA7C129267177703E3BB6468FB4683 ] intelppm        C:\WINDOWS\System32\drivers\intelppm.sys
07:42:58.0678 0x2a18  intelppm - ok
07:42:58.0684 0x2a18  [ 1619EE2C1FC5684C526D6F0D7DD40F50, B771ED85A4596A5C3D137AA440FB1B1F12CA8091E5304C741B8840C24DF1B35F ] iocbios2        C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys
07:42:58.0697 0x2a18  iocbios2 - ok
07:42:58.0704 0x2a18  [ DB32758F3A7F6CCE81A5430080A2EA65, 36A26BAA884E96804F8EA0B12BB3E81BBE6D4EE704809904091445F36CAB5A29 ] iorate          C:\WINDOWS\system32\drivers\iorate.sys
07:42:58.0721 0x2a18  iorate - ok
07:42:58.0729 0x2a18  [ FE85D0A86CA7A5A99CF8CD04DE7F80AE, 544C01FC01EE728EB5667158207E5F4418FE77A88BA318192A834722DB766F4E ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
07:42:58.0754 0x2a18  IpFilterDriver - ok
07:42:58.0788 0x2a18  [ EF1BB0EF8A12C32DD88C409706B8145E, 7AEDE717C258C29592CC8AEC40F61617E5382646E5141E1C0941882ACE5C5758 ] iphlpsvc        C:\WINDOWS\System32\iphlpsvc.dll
07:42:58.0871 0x2a18  iphlpsvc - ok
07:42:58.0879 0x2a18  [ 450DBDD716C7911F83E05F78EE18BFA2, 43C0DA172F632131898F315A53DEDD1AE99FB0620AB32B3A5B99FEC498C9AAE5 ] IPMIDRV         C:\WINDOWS\System32\drivers\IPMIDrv.sys
07:42:58.0897 0x2a18  IPMIDRV - ok
07:42:58.0907 0x2a18  [ F1DAECC3B3D6399875D4F10529D6A77C, 6533D2F858816BE6570C998510919FCA2904EC6EF806F61C1FD325E88133111B ] IPNAT           C:\WINDOWS\system32\drivers\ipnat.sys
07:42:58.0929 0x2a18  IPNAT - ok
07:42:58.0934 0x2a18  [ 7475A2903BB704B446AA6309E34D3362, C94643A1626A9716015EBA7041A1224098501EB7DAA704CBFCAD3DC6F3CFC6AF ] irda            C:\WINDOWS\system32\drivers\irda.sys
07:42:58.0950 0x2a18  irda - ok
07:42:58.0954 0x2a18  [ 9725E7F0C64CE9916A5CDABE8D6E13C3, 04AF9E48FEF208A2850DF28352E8FDCBF4018982C72C0F67EE12C048C4070116 ] IRENUM          C:\WINDOWS\system32\drivers\irenum.sys
07:42:58.0966 0x2a18  IRENUM - ok
07:42:58.0970 0x2a18  [ 8C604213A2E73088BFFE6CD2E6F1AE53, B4C4FEE4D398A29F72EC27D5668071D7E68CD943FFFC38624DD5DF5BEBDF46D3 ] irmon           C:\WINDOWS\System32\irmon.dll
07:42:58.0984 0x2a18  irmon - ok
07:42:58.0986 0x2a18  [ 1DFC3CCA51785254C5604238BB1A5467, 31451A90A91AEE14C6B24F84CB9816E5C77179D411B8B3E8547F538235BEEFB0 ] isaHelperSvc    C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
07:42:59.0020 0x2a18  isaHelperSvc - detected UnsignedFile.Multi.Generic ( 1 )
07:42:59.0786 0x2a18  Detect skipped due to KSN trusted
07:42:59.0786 0x2a18  isaHelperSvc - ok
07:42:59.0797 0x2a18  [ 58040898883A96160D41739C80328BBF, 7F85C91C905811416E266A263DDEFCDCB0B45376AAE51B551AB636C16577DB9F ] isapnp          C:\WINDOWS\system32\drivers\isapnp.sys
07:42:59.0822 0x2a18  isapnp - ok
07:42:59.0842 0x2a18  [ C9FD02D62E09337B67B0C61EC8CA38CC, DC77E935ECC8474BE9018F0937CB11C137073582B20A0EE107CE247FD9E1F9C1 ] iScsiPrt        C:\WINDOWS\System32\drivers\msiscsi.sys
07:42:59.0882 0x2a18  iScsiPrt - ok
07:42:59.0892 0x2a18  [ A6A25432D71931AC7424C1E322C83628, 3D5807C5F0375B0DB60C474A15EAFF8016342CBCF4D9A2ECBACE57530C8F3639 ] jhi_service     C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
07:42:59.0910 0x2a18  jhi_service - ok
07:42:59.0917 0x2a18  [ 210808437570BDDEE71A43535E3A2D30, EF5DE6EE4FF58F44CDE4D4E7F298ABBC9086EC05CC3AE4903060DA878115AC1E ] kbdclass        C:\WINDOWS\System32\drivers\kbdclass.sys
07:42:59.0933 0x2a18  kbdclass - ok
07:42:59.0939 0x2a18  [ 0B779E9FC426CA2268D28181FA6C222F, 83292023A688C3044D096F22242EB954B7F7511BE8341D45FF0AFBD9CB9BCB4E ] kbdhid          C:\WINDOWS\System32\drivers\kbdhid.sys
07:42:59.0964 0x2a18  kbdhid - ok
07:42:59.0969 0x2a18  [ 813BA3EB2CE038F2A5382DDD75CAD60B, 99FA444027CAC247B54317730D54AB0C4C000AE076B97E47470FDA9834594312 ] kdnic           C:\WINDOWS\System32\drivers\kdnic.sys
07:42:59.0989 0x2a18  kdnic - ok
07:42:59.0999 0x2a18  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] KeyIso          C:\WINDOWS\system32\lsass.exe
07:43:00.0016 0x2a18  KeyIso - ok
07:43:00.0025 0x2a18  [ 705C0F8BCCEF6E7CB704CCB454192D7E, FC608C708E2C3BF7A66E57B95E19E71E5F5C87EF359D8BC1A817500B45DF9338 ] KSecDD          C:\WINDOWS\system32\Drivers\ksecdd.sys
07:43:00.0055 0x2a18  KSecDD - ok
07:43:00.0066 0x2a18  [ 55AD13E2BAFC5AB53A10F8C271F5D242, 058BEF14DCB95574BCAB985F04737BA89483937E8D8A74F7B4CEAFB7400C2397 ] KSecPkg         C:\WINDOWS\system32\Drivers\ksecpkg.sys
07:43:00.0088 0x2a18  KSecPkg - ok
07:43:00.0100 0x2a18  [ 4ED115CD1A1099705F56B5E0FFF97CC6, 9CC49DF2CD6AAAE405BA661D13EFC1E05111D1DE3D1E50C39C425AF1F075610B ] ksthunk         C:\WINDOWS\system32\drivers\ksthunk.sys
07:43:00.0144 0x2a18  ksthunk - ok
07:43:00.0162 0x2a18  [ 8125BDF7ADC261F75EF0CAD92456E350, 184797AA1D58C4FF743BA60D48590B88B781EE7779205E45E0679DEC79F3E185 ] KtmRm           C:\WINDOWS\system32\msdtckrm.dll
07:43:00.0205 0x2a18  KtmRm - ok
07:43:00.0219 0x2a18  [ 8CCAB08815B50AD78B823DB3F96C8604, 265E6D582EB7207B5CC577D61CB7BC3646F613047F168CD69BB776C37780EBF5 ] LanmanServer    C:\WINDOWS\system32\srvsvc.dll
07:43:00.0252 0x2a18  LanmanServer - ok
07:43:00.0262 0x2a18  [ 33DBBCF71F68EA97D9FD34E4C9AB5AC6, 104F04A1560E75EB224A3825707CE51E8798ABD764F5CC3B854FFFC93A39AF60 ] LanmanWorkstation C:\WINDOWS\System32\wkssvc.dll
07:43:00.0290 0x2a18  LanmanWorkstation - ok
07:43:00.0296 0x2a18  [ F8EBAA1FE6D3BF84752931DE1BFA0E2A, 2F3C512712BA709BBBBD779D9E792DBE324876C402CDCEF0345B8B7ABE1D232A ] lfsvc           C:\WINDOWS\System32\lfsvc.dll
07:43:00.0311 0x2a18  lfsvc - ok
07:43:00.0315 0x2a18  [ 5A23E4BE0CCF49663C4CF7EB74C20278, 9DF91014B13B7CED1C3D409F90858FD03EFC5C4347C98901B4DF0AFF2B77845D ] LicenseManager  C:\WINDOWS\system32\LicenseManagerSvc.dll
07:43:00.0335 0x2a18  LicenseManager - ok
07:43:00.0340 0x2a18  [ 5933A6673F00D8255C52957E40C2D601, 0AA1281F8B3F97E360592D1B35EE7D3D614F1AB46007F9884CFFB1C5E647575E ] lltdio          C:\WINDOWS\system32\drivers\lltdio.sys
07:43:00.0355 0x2a18  lltdio - ok
07:43:00.0364 0x2a18  [ 88A3C935725FA6EA1A228DCC26CF9C6F, 9B1F70644EEFA1EE7CE151A8A970430087339B7A6345F2E0252370929D4AFAC6 ] lltdsvc         C:\WINDOWS\System32\lltdsvc.dll
07:43:00.0387 0x2a18  lltdsvc - ok
07:43:00.0392 0x2a18  [ 3F858E28AEE6545FA1B64134DFD5C2CE, FFD7B4FB0A7B61BC6B76A172134673842F2CF00E96FA3ED4A8273DC525B6BB92 ] lmhosts         C:\WINDOWS\System32\lmhsvc.dll
07:43:00.0408 0x2a18  lmhosts - ok
07:43:00.0419 0x2a18  [ 7EE651D92EFCA0CEA1115D03C0714495, 4B169368269824E92A86A7254399554FC87868B4E343C3AC03CA9C625B939EEC ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:43:00.0437 0x2a18  LMS - ok
07:43:00.0445 0x2a18  [ 8E1B0946948CCC0BC1FA3CB70374A795, 0B894C129A35E223FF9594725AC90916CBD597FAD2211A18FC2AE03EA8679597 ] LSI_SAS         C:\WINDOWS\system32\drivers\lsi_sas.sys
07:43:00.0458 0x2a18  LSI_SAS - ok
07:43:00.0464 0x2a18  [ 4F68163FC04C973500DC4DA0946917B0, DF060C29109EB3978CEDFE781999B0C4C1E8C0FDB133428058D8400C53315EEC ] LSI_SAS2i       C:\WINDOWS\system32\drivers\lsi_sas2i.sys
07:43:00.0477 0x2a18  LSI_SAS2i - ok
07:43:00.0482 0x2a18  [ E5AC5F2815938651CDCC27F425474673, 3AF0598982153C36A766506FA088F7B84333CC96FEBB050402547AFC613AF9F7 ] LSI_SAS3i       C:\WINDOWS\system32\drivers\lsi_sas3i.sys
07:43:00.0495 0x2a18  LSI_SAS3i - ok
07:43:00.0499 0x2a18  [ CCF6EC9FB9B8F18E05B4253E81013E48, EBE8D77FEE8B99BD8C29702404774D554673C96DF3FDF3DCEA9C99E22C2709FC ] LSI_SSS         C:\WINDOWS\system32\drivers\lsi_sss.sys
07:43:00.0510 0x2a18  LSI_SSS - ok
07:43:00.0525 0x2a18  [ D5EFC0BAEC21EDE6FE03D377D403B421, 41BE71AF7C896FD4C51EF7E3871AAB769164DFB8050DA43E48C7A100711414B4 ] LSM             C:\WINDOWS\System32\lsm.dll
07:43:00.0556 0x2a18  LSM - ok
07:43:00.0561 0x2a18  [ C9579D32219E5B936AC3A48D470117EC, E61A77191B6BA25D29B1221FEBBE826BBC11F825C0E35A72B4CEFFF8B7FE59A8 ] luafv           C:\WINDOWS\system32\drivers\luafv.sys
07:43:00.0576 0x2a18  luafv - ok
07:43:00.0580 0x2a18  [ CAAF0CD70FEE7C5110B1E62804E41B17, 48482A6C8D2296C4DC613304637C8DBB7DD1DB39326F27650EBCA6FD2793BCFD ] MapsBroker      C:\WINDOWS\System32\moshost.dll
07:43:00.0595 0x2a18  MapsBroker - ok
07:43:00.0599 0x2a18  [ C3CDCCF07486BD2616A7B82946E07AC0, 1EF95DAB2DA856BC7D7573B2EB2D9006DF337F827F0B56A161D0C97F45DB755E ] megasas         C:\WINDOWS\system32\drivers\megasas.sys
07:43:00.0608 0x2a18  megasas - ok
07:43:00.0611 0x2a18  [ 2CF0CB2A0ED68C5455371E84C16F9627, 1C9166B52140145F1968E83E52BFF041250811B23C770FE181A18A4BA060CA81 ] megasas2i       C:\WINDOWS\system32\drivers\MegaSas2i.sys
07:43:00.0620 0x2a18  megasas2i - ok
07:43:00.0632 0x2a18  [ FADB2FE017E69EECE0E1BA78661C2E8C, BE99B49031D8B4B670B6F6B6E829E54406779CF6F1D8AFE8AB79A73E6764AB2F ] megasr          C:\WINDOWS\system32\drivers\megasr.sys
07:43:00.0651 0x2a18  megasr - ok
07:43:00.0659 0x2a18  [ 43DB6A9CFC704F48D362B13E05926276, 300AF81F71E808F7B611B91BB65754E41FB60D93EBDB548D06D7829138E78DD4 ] MEIx64          C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
07:43:00.0670 0x2a18  MEIx64 - ok
07:43:00.0674 0x2a18  [ 55A417C3E41F2A98666CF929EC19108E, A38C262B2863C87E4151525BF26D6AC16E7982D370E2C6998EB15C88C4BC8254 ] MessagingService C:\WINDOWS\System32\MessagingService.dll
07:43:00.0686 0x2a18  MessagingService - ok
07:43:00.0703 0x2a18  [ FD60818B66B2E8A5415EA840E99A9D8F, 5D2F22909354534B821D958FBEF6A40EB4F642F53C7B509D00949096EF716F36 ] mlx4_bus        C:\WINDOWS\System32\drivers\mlx4_bus.sys
07:43:00.0731 0x2a18  mlx4_bus - ok
07:43:00.0736 0x2a18  [ 68F6977F1CFBAAC770D940A8C0326FA1, 90EE1E7DAC680EAA5AD50E9B0B9FD8FCE8DD6A02D5EF941B5AA5084CBD40BB80 ] MMCSS           C:\WINDOWS\system32\drivers\mmcss.sys
07:43:00.0749 0x2a18  MMCSS - ok
07:43:00.0753 0x2a18  [ 0D50B3F3AB32D416786B58D4553859CE, 9DA4D7A30982E8B31C45BDB721AEF5240EAD9DA6839CF34FDDBCF123BF104F2C ] Modem           C:\WINDOWS\system32\drivers\modem.sys
07:43:00.0774 0x2a18  Modem - ok
07:43:00.0777 0x2a18  [ 9CCCB7FC3EDADEBA461D78615A6011A6, C120B58F25E8CCFD971EB78645C0682F367AD56DC15F2D8C1980CE75B04719DF ] monitor         C:\WINDOWS\System32\drivers\monitor.sys
07:43:00.0787 0x2a18  monitor - ok
07:43:00.0790 0x2a18  [ 27A07B2FB2E3057DA8DAEA4F25D843C7, 09D2B39E6B9AAEC879E5871DD6BCFF2AEF0B894F3B44649665A685F8B3CA6F27 ] mouclass        C:\WINDOWS\System32\drivers\mouclass.sys
07:43:00.0798 0x2a18  mouclass - ok
07:43:00.0801 0x2a18  [ 7BD6E7F7C9001AB21B8362CFFEE80B25, C470C3363EEF3A60409A5934988BFB9B72AE7C2BB63CC2C2D006D7EB1C797F6A ] mouhid          C:\WINDOWS\System32\drivers\mouhid.sys
07:43:00.0812 0x2a18  mouhid - ok
07:43:00.0816 0x2a18  [ F5BDAEE4B7D369D4C74668DCFBA3FF10, 100F39288E56AFE0D39D1CC235BDC9F3727C873CD3114E092DA7A08810BD3EB2 ] mountmgr        C:\WINDOWS\system32\drivers\mountmgr.sys
07:43:00.0826 0x2a18  mountmgr - ok
07:43:00.0831 0x2a18  [ ADF79A49E942C91D1FC9863CBFDD6B58, C2B2A792C4717133DCAE6297EE3F5D985B11D3C1E68A8DC23985AC6B78ACDE98 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:43:00.0841 0x2a18  MozillaMaintenance - ok
07:43:00.0846 0x2a18  [ 30844BD376F9D01E62C820BEF446F1F8, 910D672EDB544A20AEB4450B4D89830F46EDD28CE0021156176315C5D068A1B4 ] mpsdrv          C:\WINDOWS\system32\drivers\mpsdrv.sys
07:43:00.0858 0x2a18  mpsdrv - ok
07:43:00.0878 0x2a18  [ 779CFDB17EA07A6D26FEBBAC95B65772, 74D9542E8DCCD07396A45A45D2F500AA6F9DCC1DB785A6153EB3067E42F576A4 ] MpsSvc          C:\WINDOWS\system32\mpssvc.dll
07:43:00.0913 0x2a18  MpsSvc - ok
07:43:00.0919 0x2a18  [ 25D32BE04FE0A23FDF57FD5382757672, 64E39E3E21D9173FB1116B989D80C244C49DA827698A05AF5CC5CD1C6AE155DE ] MRxDAV          C:\WINDOWS\system32\drivers\mrxdav.sys
07:43:00.0941 0x2a18  MRxDAV - ok
07:43:00.0952 0x2a18  [ E671EDAB0726E05ECEF4058B4CD73C4D, 9F4C50E635CE2204E3291C8D3D7F658A969E80722B8B6F0304228D9B434C20EA ] mrxsmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
07:43:00.0968 0x2a18  mrxsmb - ok
07:43:00.0977 0x2a18  [ D4D12BC29DE0F09280868FDCA65B3474, A6FE89ABD52087FEE52FDF31DDF4CB627ED400E94FDA86BEBF1D4763F1E42518 ] mrxsmb10        C:\WINDOWS\system32\DRIVERS\mrxsmb10.sys
07:43:01.0009 0x2a18  mrxsmb10 - ok
07:43:01.0023 0x2a18  [ 93A77008A8932FC84A173C4E97E52874, B7510CF7998C538D68BD2ECDC512A0BFC7CB7362F598EE4110F728427AFF0F5A ] mrxsmb20        C:\WINDOWS\system32\DRIVERS\mrxsmb20.sys
07:43:01.0048 0x2a18  mrxsmb20 - ok
07:43:01.0057 0x2a18  [ 74C9D21523DAE0C18F413C196DF0058A, 3DB4B8CA368D9DD82FAE2C2BC828A21142C8D29780A7C8667188C447519FF702 ] MsBridge        C:\WINDOWS\system32\drivers\bridge.sys
07:43:01.0087 0x2a18  MsBridge - ok
07:43:01.0101 0x2a18  [ 308F08347923DEEDE7BC03EC7D485841, 72DB45CA11FE635DF9F8273C38CBEFB8DF5362ADA0CBF6D2B1E570365DC700C0 ] MSDTC           C:\WINDOWS\System32\msdtc.exe
07:43:01.0144 0x2a18  MSDTC - ok
07:43:01.0159 0x2a18  [ F01B849D9D4A8CEAF32D4FDBD0B83C92, D2473AC4C6E6C03DEF13EA73EC78FB878BDC95C047651BF79A16C9DEA82AD046 ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
07:43:01.0191 0x2a18  Msfs - ok
07:43:01.0201 0x2a18  [ 22ECD8F5D1DFADF2011BBB1700CB871D, 8F9EFF51137394EFA5471B8A29C541710063B65806B075B4925A84D5B6BC3BBB ] msgpiowin32     C:\WINDOWS\System32\drivers\msgpiowin32.sys
07:43:01.0227 0x2a18  msgpiowin32 - ok
07:43:01.0232 0x2a18  [ FD870F6968A145E4D2BA8A8842686B03, 34B8F601F3B5E42B4D0A41E2AF7DB4EB4E5B627DA8DA9A2A2D46B153AF23AEB1 ] mshidkmdf       C:\WINDOWS\System32\drivers\mshidkmdf.sys
07:43:01.0253 0x2a18  mshidkmdf - ok
07:43:01.0258 0x2a18  [ 30364757963A028CE5DF0FBAAC270173, C72588A6A52FF8E418A15D2C407A4DB7EA768585423720145F8253D5CA519DC2 ] mshidumdf       C:\WINDOWS\System32\drivers\mshidumdf.sys
07:43:01.0277 0x2a18  mshidumdf - ok
07:43:01.0283 0x2a18  [ 6BB0FEDDAE7135FA37FFAFF4D9E0E876, B41A3C0FFDFC493D6325ED493445AFCED04EC9DFF2B38125616FC5419AD1ACC4 ] msisadrv        C:\WINDOWS\system32\drivers\msisadrv.sys
07:43:01.0299 0x2a18  msisadrv - ok
07:43:01.0309 0x2a18  [ 07E3E54734B14F43A4A95A849C0A0DE2, 314AA02EA84D267B32DBAEBEA6C1AC1A266DED1E8D35A17B41D1D2AC75E8049E ] MSiSCSI         C:\WINDOWS\system32\iscsiexe.dll
07:43:01.0336 0x2a18  MSiSCSI - ok
07:43:01.0340 0x2a18  msiserver - ok
07:43:01.0344 0x2a18  [ 13D614E6B51ECF36746C48CE829FA7F6, CAD63C0A4F7110093F84C58252C5803F14E3FC46584B79DA17EC86D49FEAEA64 ] MSKSSRV         C:\WINDOWS\system32\DRIVERS\MSKSSRV.sys
07:43:01.0363 0x2a18  MSKSSRV - ok
07:43:01.0369 0x2a18  [ 642CDE46351D5D2D90311E77072AB46D, B2D3033E607BA2F6E6B9CFB1CBF154CD0CE910EA473C56343EC81B9B94044CCA ] MsLldp          C:\WINDOWS\system32\drivers\mslldp.sys
07:43:01.0385 0x2a18  MsLldp - ok
07:43:01.0390 0x2a18  [ F2302A5CE63CA7673200FAFCEEEDB6AF, B8C44FC2DC0332183DE325CDBF511101F3307225295EDD428CE575A8DE15C223 ] MSPCLOCK        C:\WINDOWS\system32\DRIVERS\MSPCLOCK.sys
07:43:01.0410 0x2a18  MSPCLOCK - ok
07:43:01.0413 0x2a18  [ 6114512EA26E835BA522C63635429DB5, 0F91CE41B4555316A79AEF3047C152D538CC9C7C329987C9FD0E3D961AFC87C8 ] MSPQM           C:\WINDOWS\system32\DRIVERS\MSPQM.sys
07:43:01.0433 0x2a18  MSPQM - ok
07:43:01.0445 0x2a18  [ AA538E16E644D00E3BA5349BBA9598EC, 64A68B06883FE7ED34E04AB119BA819753F1222923EDD4E802C35D402B89D075 ] MsRPC           C:\WINDOWS\system32\drivers\MsRPC.sys
07:43:01.0465 0x2a18  MsRPC - ok
07:43:01.0472 0x2a18  [ 0543BEFD41EC4D25C7F7CF36409CEC7D, 631622CFEC49952C0470531B23FFFFF483DC0EFFEF7A97B1179A600392C05DDD ] mssmbios        C:\WINDOWS\System32\drivers\mssmbios.sys
07:43:01.0484 0x2a18  mssmbios - ok
07:43:01.0488 0x2a18  [ C1569E4DB8EFE3617847BF041A3C842F, 99ADE5E7F50E04CAEC737F7F90741CCA8EE628996BA5EB6C6BC62184884429B6 ] MSTEE           C:\WINDOWS\system32\DRIVERS\MSTEE.sys
07:43:01.0507 0x2a18  MSTEE - ok
07:43:01.0511 0x2a18  [ 130B16970154BA9876B09E5C4BAC63BE, BE3AF8FC5A26AB9C9DBA9C015C2E1FD3C4CD9CB423A2BBDABA91428BF8620553 ] MTConfig        C:\WINDOWS\System32\drivers\MTConfig.sys
07:43:01.0525 0x2a18  MTConfig - ok
07:43:01.0532 0x2a18  [ 15D987C8F6CCD4AC94E070C5986762CB, 452FB0C48B86C7F8F53794CC2DDBF2B900B03A0383B2DE8F6A830F8CB0AFBAD8 ] Mup             C:\WINDOWS\system32\Drivers\mup.sys
07:43:01.0559 0x2a18  Mup - ok
07:43:01.0565 0x2a18  [ 3D2C5B4995CA0751D32DEA0DE9FDFE44, A26958785FD9E05E2CA97078C9BB277CD44222BF5F7D9E8DC2F3F6AAAFFC6483 ] mvumis          C:\WINDOWS\system32\drivers\mvumis.sys
07:43:01.0581 0x2a18  mvumis - ok
07:43:01.0601 0x2a18  [ DB31EBB04C871F422C36A0962DA7D38B, B1BC2344744F537FB2C7D07B415F860195B7795E185253F05C0817A3764FEC10 ] NativeWifiP     C:\WINDOWS\system32\DRIVERS\nwifi.sys
07:43:01.0639 0x2a18  NativeWifiP - ok
07:43:01.0646 0x2a18  [ C3D9870E680D9D843B18F4626C3858FE, 43596CAC9FB488F810FBA954C52BC4D13F7D32028C40ACFE33DFD7EE36A65C17 ] NcaSvc          C:\WINDOWS\System32\ncasvc.dll
07:43:01.0663 0x2a18  NcaSvc - ok
07:43:01.0673 0x2a18  [ 04CE2C0F0759EACD886BA4B658B60D5D, E34D0976FC5936C8629800D826DB127072D1DFC3D350EFACA3AA1B8119551762 ] NcbService      C:\WINDOWS\System32\ncbservice.dll
07:43:01.0696 0x2a18  NcbService - ok
07:43:01.0701 0x2a18  [ E6094065008FE423377294050E7CEA2D, 86E200227256407530E2C28243DEFBC3CB6E9497644404D9AD79DA242286DF7B ] NcdAutoSetup    C:\WINDOWS\System32\NcdAutoSetup.dll
07:43:01.0730 0x2a18  NcdAutoSetup - ok
07:43:01.0734 0x2a18  [ 629CB21AC49C8867E0F29DF1C16DB7B4, 20663E68C69D0A1A2FE99A0C2A9DEFABF49786A1DC8F7F4E1699458AF57D7E79 ] ndfltr          C:\WINDOWS\System32\drivers\ndfltr.sys
07:43:01.0747 0x2a18  ndfltr - ok
07:43:01.0771 0x2a18  [ D5564FC81350458ED570528C4E3B1CCF, DD3C5012492EF9BCE3BE635BBB3AA40B3C5F5FDBD795A76B327D9C994102AC2B ] NDIS            C:\WINDOWS\system32\drivers\ndis.sys
07:43:01.0807 0x2a18  NDIS - ok
07:43:01.0812 0x2a18  [ 6DD605338FAAF6BA17662AA874E0D162, 636607829F5D7C3B7A4683C0A2DD594360D72F2AA3F8710153BE32575AE34A15 ] NdisCap         C:\WINDOWS\system32\drivers\ndiscap.sys
07:43:01.0826 0x2a18  NdisCap - ok
07:43:01.0831 0x2a18  [ E34196F285F8B8879E1FF36C31F7179E, 77A4F24F995D4C0689C43F9956E08DCEC62517E4F8B1B9EAA1852B5293DB5B9A ] NdisImPlatform  C:\WINDOWS\system32\drivers\NdisImPlatform.sys
07:43:01.0850 0x2a18  NdisImPlatform - ok
07:43:01.0854 0x2a18  [ 1FAD2398673F30CEC616B89C46B7DCBA, 70302049E6AE2BC6B3A7A9DE54D3F940AD6A9771CC2EBCCEC65994E67A25ECB5 ] NdisTapi        C:\WINDOWS\system32\DRIVERS\ndistapi.sys
07:43:01.0870 0x2a18  NdisTapi - ok
07:43:01.0874 0x2a18  [ AEB8ECBE66CC46854066CB1F5623E179, 2F650A85A9DAE38887610C0B876621035616CEDB65D4BBBD7F1405616D218AAF ] Ndisuio         C:\WINDOWS\system32\drivers\ndisuio.sys
07:43:01.0888 0x2a18  Ndisuio - ok
07:43:01.0891 0x2a18  [ 7340104C2BF2F126714F7CDE85E63610, 45B64EC6F3A4C43F7D74806789067658C6EF0D44D36B841F4D26E1EBC95AF66C ] NdisVirtualBus  C:\WINDOWS\System32\drivers\NdisVirtualBus.sys
07:43:01.0903 0x2a18  NdisVirtualBus - ok
07:43:01.0909 0x2a18  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] NdisWan         C:\WINDOWS\System32\drivers\ndiswan.sys
07:43:01.0931 0x2a18  NdisWan - ok
07:43:01.0937 0x2a18  [ 07ADC1F8DCBEB8104D75129B11584B8C, CB51A294D9FD4E210DBEEF05A1E60A96CE52D6D138EF62A54E1F608F90FED300 ] ndiswanlegacy   C:\WINDOWS\system32\DRIVERS\ndiswan.sys
07:43:01.0956 0x2a18  ndiswanlegacy - ok
07:43:01.0961 0x2a18  [ 78A12E3DF035B5D054986949B19BE43C, AD9B34F89B9F27D473BD5FCE6694A40FCCB808B61ABEDD6F70F1AF6C7E73ABF8 ] ndproxy         C:\WINDOWS\system32\DRIVERS\NDProxy.sys
07:43:01.0977 0x2a18  ndproxy - ok
07:43:01.0982 0x2a18  [ 04C8859355C1DC9C0FA198D1894D71C2, E7C67E73009341B5D402470C686781B3C7BBE2531CE26665E08E711B990B1A77 ] Ndu             C:\WINDOWS\system32\drivers\Ndu.sys
07:43:01.0997 0x2a18  Ndu - ok
07:43:02.0001 0x2a18  [ 6C76780A01FC2B885BD6E957B5C36B02, DB7834F03A765F65C773E772D8051AFADB22CA4B5074180AA397857A0C47A068 ] NetAdapterCx    C:\WINDOWS\system32\drivers\NetAdapterCx.sys
07:43:02.0015 0x2a18  NetAdapterCx - ok
07:43:02.0019 0x2a18  [ 5D1513BD6430307C9DB86C6E351372ED, D2AB709CF7CFA5B857B084AFC821914A975B7DDDCE154229981F19448973BD6D ] NetBIOS         C:\WINDOWS\system32\drivers\netbios.sys
07:43:02.0028 0x2a18  NetBIOS - ok
07:43:02.0036 0x2a18  [ 6FEBB0A847FFD5F057B9AC8889F1B9A7, 558BCC64C59079E6569F61CCE1219A124B3313FC4E6CB5CBCC94124D202FF19D ] NetBT           C:\WINDOWS\system32\DRIVERS\netbt.sys
07:43:02.0053 0x2a18  NetBT - ok
07:43:02.0059 0x2a18  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] Netlogon        C:\WINDOWS\system32\lsass.exe
07:43:02.0067 0x2a18  Netlogon - ok
07:43:02.0073 0x2a18  [ D3BF2DA9216A4CF22A97820A50A67EFF, D00CBE0A7ECFB449D9B48967A01EE56141404EBE229893D5A1710781AD5F2551 ] Netman          C:\WINDOWS\System32\netman.dll
07:43:02.0091 0x2a18  Netman - ok
07:43:02.0104 0x2a18  [ F2645D51DD8AABC8BC72358409410437, 8CB97628923D6CEA6EFAD7E666BE92C154060BD108C28D46287A520A14B18ADA ] netprofm        C:\WINDOWS\System32\netprofmsvc.dll
07:43:02.0127 0x2a18  netprofm - ok
07:43:02.0135 0x2a18  [ D65F295A049473E6A39EA9A0EA76CA32, 274FC0BA044EB2D14093AB0E561F7FACEE06A3F433C81343C8B926FA2F9BD251 ] NetSetupSvc     C:\WINDOWS\System32\NetSetupSvc.dll
07:43:02.0156 0x2a18  NetSetupSvc - ok
07:43:02.0162 0x2a18  [ EFA857E2B0CC7C9DFEF48A2187B910F7, 424475568CD70237F056838388A5F7BDCD1B09349085498644C75940B12E8EAF ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:43:02.0174 0x2a18  NetTcpPortSharing - ok
07:43:02.0184 0x2a18  [ B996DE26A2E16053C9485F5905B05320, 30EB2CEB466A4F05A44F7CBFCDFD8CC3C27B5FCF1269C1B9410C48AB362D2A75 ] NgcCtnrSvc      C:\WINDOWS\System32\NgcCtnrSvc.dll
07:43:02.0203 0x2a18  NgcCtnrSvc - ok
07:43:02.0221 0x2a18  [ 54C31C2B815E2E26BB8158022F837C9C, CED660D1A58F635C6452F82FCB2EF8ACEEB7785E31617B2ADFD9EE69A2BDF2B8 ] NgcSvc          C:\WINDOWS\system32\ngcsvc.dll
07:43:02.0266 0x2a18  NgcSvc - ok
07:43:02.0277 0x2a18  [ 9B9F520C72EE33EAEC857124BB800243, DFA9386B272F4D86F3E4BE861A2FC4617261E1AA40576DDA610FC24AB4961A63 ] NlaSvc          C:\WINDOWS\System32\nlasvc.dll
07:43:02.0295 0x2a18  NlaSvc - ok
07:43:02.0300 0x2a18  [ 001CBD7A2CD45C4EB39C01C3C677EF73, F4AAF4D60DB1232921C7811A62287B55C7C098B7A1FF9A40D88AF58A5ABECBA2 ] Npfs            C:\WINDOWS\system32\drivers\Npfs.sys
07:43:02.0310 0x2a18  Npfs - ok
07:43:02.0313 0x2a18  [ 90F5DC9802AAA00CD0B6E2AD9E7FFADC, 71C0777829299DECA6ACD42F38802DBE3C29A42CFBD8A396F39DFA44D1F55B6C ] npsvctrig       C:\WINDOWS\System32\drivers\npsvctrig.sys
07:43:02.0324 0x2a18  npsvctrig - ok
07:43:02.0328 0x2a18  [ 1993C85962692EF7024501E7FE92D466, F5BCAA8308495EBF8BB061C2015E07C202A779668D171364D7E312975BC18B10 ] nsi             C:\WINDOWS\system32\nsisvc.dll
07:43:02.0339 0x2a18  nsi - ok
07:43:02.0342 0x2a18  [ 0C6218321A09A7B51BA7FFAFBA4CCB21, 330B3FA793A78410B28DFC8250BBF24442E3BB80434A7938BB96F02337614E0D ] nsiproxy        C:\WINDOWS\system32\drivers\nsiproxy.sys
07:43:02.0351 0x2a18  nsiproxy - ok
07:43:02.0391 0x2a18  [ DB69C6DA8B3DDFDC547D455CA23A8250, AE495CEB18924C8B21F7F150FF17CD00880F2E222D7B5155661798E0535D63C4 ] NTFS            C:\WINDOWS\system32\drivers\NTFS.sys
07:43:02.0478 0x2a18  NTFS - ok
07:43:02.0484 0x2a18  [ 6E6DD6F9DD2A034CF85E94047DBDB992, 63D0A0756F551B7668D1CBAB24B29FD462C706E8A81690BC248D6C92061FE215 ] Null            C:\WINDOWS\system32\drivers\Null.sys
07:43:02.0494 0x2a18  Null - ok
07:43:02.0504 0x2a18  [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerLocalSystem C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
07:43:02.0517 0x2a18  NvContainerLocalSystem - ok
07:43:02.0527 0x2a18  [ 62D705A1C4F8FBDD2941CCD2E9DEC206, 2E1F6127737D764AE6A35655C54ADE554333C3156CAA322C0FE5704A693A1BD7 ] NvContainerNetworkService C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
07:43:02.0539 0x2a18  NvContainerNetworkService - ok
07:43:02.0542 0x2a18  NVIDIA Wireless Controller Service - ok
07:43:02.0820 0x2a18  [ 9337A5F17702A0FFE1E6C6978619B872, 8D4505BA62977BFE8C01F1ABD027AFBAEAA0D3EA6336865E46C28818471B196E ] nvlddmkm        C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys
07:43:03.0083 0x2a18  nvlddmkm - ok
07:43:03.0104 0x2a18  [ D261DF41F0840F734856A2B4F5E072C7, 2E703556D0C919375D0B7770513456844B13362190643D5524663EC8546E0FF5 ] nvraid          C:\WINDOWS\system32\drivers\nvraid.sys
07:43:03.0114 0x2a18  nvraid - ok
07:43:03.0119 0x2a18  [ 23B702B555EB0436B9DAA0BC63DA65CE, D454F80D9657CFEC852F022C12D7B2C1A2D7D247ECC591EDB07B9369DFD8C99E ] nvstor          C:\WINDOWS\system32\drivers\nvstor.sys
07:43:03.0130 0x2a18  nvstor - ok
07:43:03.0135 0x2a18  [ 6C672A80B4FBF160E2814EAE0AB3020B, FD5BDE067D29AA9FC20D7C571607D3AC351BFD65EF6E0C75374A2D9C0B17FED3 ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
07:43:03.0140 0x2a18  NvStreamKms - ok
07:43:03.0150 0x2a18  [ 282423AA3B0648082647103A5C42B66C, 5C8DBE5A95C1232E7D0F84E6A8749550C0026F2139D136E94347C2FB2E772950 ] NvTelemetryContainer C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
07:43:03.0162 0x2a18  NvTelemetryContainer - ok
07:43:03.0168 0x2a18  [ 54ABC4EA39DDE92977DCE644D325213A, D754E5D0418B3C48AD9988D1A2705975C78C8B87990E211651C388A76FB17E51 ] nvvad_WaveExtensible C:\WINDOWS\system32\drivers\nvvad64v.sys
07:43:03.0174 0x2a18  nvvad_WaveExtensible - ok
07:43:03.0178 0x2a18  [ 61BD2E2560FD1C5E0A8B8738816A0B93, 1057A6C4F7D04E81BFFD5B806295B3A5D12DE4D13F66E8542426D83D97E68C97 ] nvvhci          C:\WINDOWS\System32\drivers\nvvhci.sys
07:43:03.0184 0x2a18  nvvhci - ok
07:43:03.0192 0x2a18  [ 17997DC2441F7E29CDFC6458E0392764, 636CCE2DA1EF8195B33F8D6D5C8CC151D58EBF08DC9AD8ACCCE7ABD41A69639F ] OneSyncSvc      C:\WINDOWS\System32\APHostService.dll
07:43:03.0212 0x2a18  OneSyncSvc - ok
07:43:03.0265 0x2a18  [ AD851D818F399DD946A9C17AB2156F22, 4A541E7A3A3164581BFB9080DE0976E18F6DD00E39458EBBCBD3B2445708BEB5 ] Origin Client Service C:\games\Origin\OriginClientService.exe
07:43:03.0368 0x2a18  Origin Client Service - ok
07:43:03.0429 0x2a18  [ 788363C87EBD90AC1EAD2DC5A9A40759, B565663B459414C5C9F81451D9A127D62CDF605BC2A9E686F74A2E4FD44A9B43 ] Origin Web Helper Service C:\games\Origin\OriginWebHelperService.exe
07:43:03.0478 0x2a18  Origin Web Helper Service - ok
07:43:03.0487 0x2a18  [ AC0F1B7B71D9D435EC33456F7EDF6FF1, 8FEFF5F99F1AFF21CF9415D4BF26936EF3A7347DA06F30ADD1DD1B14916F2585 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:43:03.0497 0x2a18  ose - ok
07:43:03.0507 0x2a18  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] p2pimsvc        C:\WINDOWS\system32\pnrpsvc.dll
07:43:03.0529 0x2a18  p2pimsvc - ok
07:43:03.0540 0x2a18  [ 2BBCED66D7AFC968BDBB0E4D8524DF0A, 762D916390F9DE69B3EA1D31244224F910645F8E5CEF4C505B76B215BFDFCD9A ] p2psvc          C:\WINDOWS\system32\p2psvc.dll
07:43:03.0561 0x2a18  p2psvc - ok
07:43:03.0567 0x2a18  [ 6B81BF7853D161DB8AC62CD8B9C2DE6B, B2DC06D135FD2501217DDA7349556EB873309E02188D4C3901807BA24FAB30C7 ] Parport         C:\WINDOWS\System32\drivers\parport.sys
07:43:03.0580 0x2a18  Parport - ok
07:43:03.0584 0x2a18  [ CDBD029BAEC8D09F6FBD404632D9AF28, 71F4401150CD4C9C6BBF2DA854CF07EA2F8C9BBE900833858F49134DDAF14414 ] partmgr         C:\WINDOWS\system32\drivers\partmgr.sys
07:43:03.0595 0x2a18  partmgr - ok
07:43:03.0606 0x2a18  [ CDD8EDF4C35BE6D6137112F5CC7A70DA, 80EECA6BC2E668E5652A5CA9B119CCCE2A2E421F0EED1FD0EAC20C42E77C02ED ] PcaSvc          C:\WINDOWS\System32\pcasvc.dll
07:43:03.0624 0x2a18  PcaSvc - ok
07:43:03.0633 0x2a18  [ 29AF16726F4DD84376ECA85AB6AFF2C6, BEF9EA10637065365ED343C4EBA51191B9BEADD8F1F3362D3EFE75F40BE9A027 ] pci             C:\WINDOWS\system32\drivers\pci.sys
07:43:03.0647 0x2a18  pci - ok
07:43:03.0651 0x2a18  [ 214DCC87E3898F738075D1341252A552, E721FBBC3510DDB848A8CAEA3B6031EE988F42252DBC3BF7BDB6ABD9A0D9FABD ] pciide          C:\WINDOWS\system32\drivers\pciide.sys
07:43:03.0658 0x2a18  pciide - ok
07:43:03.0663 0x2a18  [ AED76A3333B3A31536E430020E0226FC, EC255B79B0908E3C142D92E35B79D90A3F2594BA012CA2B1B04A6A8745153430 ] pcmcia          C:\WINDOWS\system32\drivers\pcmcia.sys
07:43:03.0673 0x2a18  pcmcia - ok
07:43:03.0676 0x2a18  [ E63FB38B6E75B39467492FBAD2CD512A, DB406C92BA2460C833A49B98EB5BD58348E868F643A0123B0C9B5315FFC6A124 ] pcw             C:\WINDOWS\system32\drivers\pcw.sys
07:43:03.0684 0x2a18  pcw - ok
07:43:03.0689 0x2a18  [ 9EA203A07EFA6D74F07F32EF0DAB5CA6, D851F1CC748B4CD0E263931668FFF2FE20D5778267F4FF2237D565CFC171B5AF ] pdc             C:\WINDOWS\system32\drivers\pdc.sys
07:43:03.0698 0x2a18  pdc - ok
07:43:03.0713 0x2a18  [ 1509A77F840AA9E72CF8247D0CF2FBDE, 2D47AD4D8F5C2D871E603FB6D72D25EFD0E63FA3A542DAADAB9D82ED074C0E0B ] PEAUTH          C:\WINDOWS\system32\drivers\peauth.sys
07:43:03.0745 0x2a18  PEAUTH - ok
07:43:03.0751 0x2a18  [ 540116170E2135FCD5DDE77702166B67, CBEC51C2D47532F1781B3255040F303263420B204C2F8BB2B5D1EC342F57B285 ] percsas2i       C:\WINDOWS\system32\drivers\percsas2i.sys
07:43:03.0759 0x2a18  percsas2i - ok
07:43:03.0766 0x2a18  [ 8356F87553BF49C703CF382033815898, 245EB941566D848F134629690BF271B1CBEAB6440771D3D8D7AED3756835354E ] percsas3i       C:\WINDOWS\system32\drivers\percsas3i.sys
07:43:03.0775 0x2a18  percsas3i - ok
07:43:03.0788 0x2a18  [ CB5343FF52A702A9ACFAAE6BE972FE09, EAA5362D91D05D382DF4EBBAA3FD575456F23CAD531CC6F1270F8254892DBF02 ] PerfHost        C:\WINDOWS\SysWow64\perfhost.exe
07:43:03.0802 0x2a18  PerfHost - ok
07:43:03.0813 0x2a18  [ F592A0A7F467B06660C69D102B726382, BA5ABA47B04C37E36B3557D434D68867CBEF861E1DB0047377E379D0B6F3E428 ] pfmfs_180       C:\WINDOWS\system32\Drivers\pfmfs_180.sys
07:43:03.0837 0x2a18  pfmfs_180 - ok
07:43:03.0854 0x2a18  [ D0D57322ABC7473E54472D8374169CC5, BD14A13D6908C8669E56EF9401FD8A3D7C618E8B6556B36E634864E733BCA4B2 ] PhoneSvc        C:\WINDOWS\System32\PhoneService.dll
07:43:03.0885 0x2a18  PhoneSvc - ok
07:43:03.0894 0x2a18  [ B4AB2C0177715FFAED88A1223212043A, 1920792ADC78DD51EF98B6A9634D686EAED0848FB7EF74A0DCD3AEBA5AF41EC6 ] PimIndexMaintenanceSvc C:\WINDOWS\System32\PimIndexMaintenance.dll
07:43:03.0912 0x2a18  PimIndexMaintenanceSvc - ok
07:43:03.0948 0x2a18  [ F931F21E4287FE3ECCF09B54A232BBA2, CEB7AB3236E5F30214027092B7B695ED35F7A1E007DF4046797D1E4DFEF49EC8 ] pla             C:\WINDOWS\system32\pla.dll
07:43:04.0000 0x2a18  pla - ok
07:43:04.0007 0x2a18  [ FEA494AC3A1BAE63C1F2AF267D49F1DB, 0722FEA2481740B53EF26B1CA59166C63C157A5C708AC93DF3FBB74A27266C9C ] PlugPlay        C:\WINDOWS\system32\umpnpmgr.dll
07:43:04.0024 0x2a18  PlugPlay - ok
07:43:04.0028 0x2a18  [ 56D7A89423325121C4A9BD5C326414F3, 649048C23D1973C3504E26B35362AC99DFE9BF31FFE73F45B43306A212AEA34C ] PNRPAutoReg     C:\WINDOWS\system32\pnrpauto.dll
07:43:04.0039 0x2a18  PNRPAutoReg - ok
07:43:04.0048 0x2a18  [ 4578ECA1FCEF4E7C787D84F78625143B, F5FE84D6D7412A4C037772593C434253D590E476B0B7498987A1697BED86A510 ] PNRPsvc         C:\WINDOWS\system32\pnrpsvc.dll
07:43:04.0065 0x2a18  PNRPsvc - ok
07:43:04.0076 0x2a18  [ F70CAC34B455D05EAA04B2F8FB58E1CB, 295BFFB3DA03C5CE5462C11D3240024B68AC06E8DEA9062A739BE2CCEE19EB5D ] PolicyAgent     C:\WINDOWS\System32\ipsecsvc.dll
07:43:04.0096 0x2a18  PolicyAgent - ok
07:43:04.0104 0x2a18  [ 60C8376B48BA96F07AEA536527433D44, EB988C119C3E71169B91ED2A744C71933DD35447DC4A8249E80EC24E9E7077D4 ] Power           C:\WINDOWS\system32\umpo.dll
07:43:04.0119 0x2a18  Power - ok
07:43:04.0123 0x2a18  [ 5645B9D9788CCA2C88B9534996ED2D6D, 4988942DF163DB5B9B1A08CE6B628D2C47C2E2EAA30AEAE4EFE21C8CF4C8DC5D ] PptpMiniport    C:\WINDOWS\System32\drivers\raspptp.sys
07:43:04.0139 0x2a18  PptpMiniport - ok
07:43:04.0197 0x2a18  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify     C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
07:43:04.0302 0x2a18  PrintNotify - ok
07:43:04.0311 0x2a18  [ 372913E12677A8CBBBABDD8311894F9D, A5233D95A0D22D2A9DB214E7CB79A99D389B67189FF6A87D0AD4610A333A637F ] Processor       C:\WINDOWS\System32\drivers\processr.sys
07:43:04.0325 0x2a18  Processor - ok
07:43:04.0330 0x2a18  [ AAA31951B1D669EF912E42744095D6AD, 71F39A1582A23761DE64E1E9B400AC2B17582CD0681446EE442C755F6C7B4784 ] Product Registration C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
07:43:04.0335 0x2a18  Product Registration - ok
07:43:04.0344 0x2a18  [ 1F115AF75EFBAC28479B4F94A3F8D4A3, BE8D8C50D985F6AF9DDC0F13BDBE2D55D600E1F5E344982536538B14EC484AA6 ] ProfSvc         C:\WINDOWS\system32\profsvc.dll
07:43:04.0365 0x2a18  ProfSvc - ok
07:43:04.0371 0x2a18  [ FC98407B85A31161851FDE245517574F, 2CCD706CF243934FCDA32B24CE0C385EA2E67F206E0306FA584496F583A20CD1 ] Psched          C:\WINDOWS\system32\drivers\pacer.sys
07:43:04.0381 0x2a18  Psched - ok
07:43:04.0387 0x2a18  [ B1339478235245E632C327F2C3BA0A43, C4D872B816F75F65863911BB4393F1A1724765E3BFB0863C69EE5E49DB54CAE4 ] PTPFilter       C:\WINDOWS\System32\drivers\PTPFilter.sys
07:43:04.0397 0x2a18  PTPFilter - ok
07:43:04.0402 0x2a18  [ CCF9C9277BDD7696647BE79F4A3F532E, AEBAAE7E63C4C51C668BC91B1A68CCE582F0091E0F64EABEF24AB79CB03EABE2 ] ptsysexec       C:\WINDOWS\ptsysexec.exe
07:43:04.0491 0x2a18  ptsysexec - ok
07:43:04.0498 0x2a18  [ C8C181E917B78475A52C1C47E3C33830, F7DA22736D606A981B1DF783205A3EA684526E16970B214FFA637E9060EE577C ] ptun0901        C:\WINDOWS\System32\drivers\ptun0901.sys
07:43:04.0539 0x2a18  ptun0901 - ok
07:43:04.0545 0x2a18  [ 07D57B890DD5693A6AB660CBAE8F91B4, 934895A41C116056E22FE3298418332A9F4280F96E96EEE06C977A4925395674 ] PxHlpa64        C:\WINDOWS\system32\Drivers\PxHlpa64.sys
07:43:04.0557 0x2a18  PxHlpa64 - ok
07:43:04.0582 0x2a18  [ 7A68710BAC9B6809314B86C0CB1CBC4A, C02D97993D1F6FE6EFBA5B1366B3A4FE8CE1136A95F3A2DA07BA59554C163501 ] QWAVE           C:\WINDOWS\system32\qwave.dll
07:43:04.0641 0x2a18  QWAVE - ok
07:43:04.0652 0x2a18  [ 819602BBBFDB0BD46DEA3715BF0DD452, D4007FF1E5296316B53436CA3598D6B1CF4F60AB77D5B02F3E595081EDD5D879 ] QWAVEdrv        C:\WINDOWS\system32\drivers\qwavedrv.sys
07:43:04.0682 0x2a18  QWAVEdrv - ok
07:43:04.0691 0x2a18  [ CDF47037A0939F56D11F699629C276AD, A63F2A3FE80FB8084E3870E907505694B79EE1D9E56E292C01D481FEFD2534B0 ] RasAcd          C:\WINDOWS\system32\DRIVERS\rasacd.sys
07:43:04.0720 0x2a18  RasAcd - ok
07:43:04.0732 0x2a18  [ 28C2EA278070EE12701D0EDF8CB0EC36, F10288C1C6835840026DB30285345EF892DE989F43C948E7F4760B8895FF675F ] RasAgileVpn     C:\WINDOWS\System32\drivers\AgileVpn.sys
07:43:04.0777 0x2a18  RasAgileVpn - ok
07:43:04.0790 0x2a18  [ 7B82197BF35CC3BE59AEF8B706AB8A16, AB0216164A548A48CD21F5F035E57E867584A96890B9887EC08F8DABDD89F990 ] RasAuto         C:\WINDOWS\System32\rasauto.dll
07:43:04.0831 0x2a18  RasAuto - ok
07:43:04.0843 0x2a18  [ 17E565710172ED71B8531D8822E1C5D1, 0CA39ABD9E544DDAD9D9D7D1FC50444274C31E18F9BF73069051D9F62833698F ] Rasl2tp         C:\WINDOWS\System32\drivers\rasl2tp.sys
07:43:04.0891 0x2a18  Rasl2tp - ok
07:43:04.0916 0x2a18  [ F79BFB5588B777C71734C1D1EC129D07, 9B9D70EC8978AAC19B2B94694EE1B9957C13DFDDFCBE8AA82C5F0D0EA04CDBDF ] RasMan          C:\WINDOWS\System32\rasmans.dll
07:43:04.0986 0x2a18  RasMan - ok
07:43:04.0995 0x2a18  [ 9387DF155233D45D4E010F4F2FB52A57, CABC25DA4E512809AED0085767BDD94BF3C1DA792BFF8A009B5465D9110E7060 ] RasPppoe        C:\WINDOWS\system32\DRIVERS\raspppoe.sys
07:43:05.0017 0x2a18  RasPppoe - ok
07:43:05.0024 0x2a18  [ F0F4EEDEEBEE7A4244FAFB96A16B5712, F64717E601BD5EB674003009507B8CDD6F69F00E8670D6895EC64786166A0E8D ] RasSstp         C:\WINDOWS\System32\drivers\rassstp.sys
07:43:05.0054 0x2a18  RasSstp - ok
07:43:05.0072 0x2a18  [ AF6963414B820B7C45578ED3300438A7, C00F60FD72608E6983D32642768AECE891DD816FADFA7B872BA88091C16B95D7 ] rdbss           C:\WINDOWS\system32\DRIVERS\rdbss.sys
07:43:05.0101 0x2a18  rdbss - ok
07:43:05.0108 0x2a18  [ 79A415E6FA915EFC00297DAB16EC2635, 47BB49F6D756214193D38A4AB182B541AAC180381C3111FF7F9B0AD4C44D8733 ] rdpbus          C:\WINDOWS\System32\drivers\rdpbus.sys
07:43:05.0122 0x2a18  rdpbus - ok
07:43:05.0128 0x2a18  [ 7135785C21CA79D270D11037C43D3F19, 654A3C65CF891ED8C82A740D10CF607FC7D709185E664DE03288CEB5B25F03A6 ] RDPDR           C:\WINDOWS\system32\drivers\rdpdr.sys
07:43:05.0145 0x2a18  RDPDR - ok
07:43:05.0152 0x2a18  [ 97A61A3CB2B5CB4FC32B3224EF333448, E4F2E8BCEE3639BE57BBC8A8E67FDE42C3A5158F1204684B0ECD216F4AA044A3 ] RdpVideoMiniport C:\WINDOWS\system32\drivers\rdpvideominiport.sys
07:43:05.0162 0x2a18  RdpVideoMiniport - ok
07:43:05.0171 0x2a18  [ 69BB204AE07EE84ECFAB1BF13C4BD04B, 1CA832CBF4AE4821EEA2A19F9519C2D1D00406B8CCE2A86FE3B33A5F293DB218 ] rdyboost        C:\WINDOWS\system32\drivers\rdyboost.sys
07:43:05.0186 0x2a18  rdyboost - ok
07:43:05.0208 0x2a18  [ 940D6F5A2B0A61EE4170DF84F6C95C20, F8EE846DC8015EDFE7CB5BEEDC977EAA9C586BAC2216DE69D8ECCBDBC7408649 ] ReFSv1          C:\WINDOWS\system32\drivers\ReFSv1.sys
07:43:05.0242 0x2a18  ReFSv1 - ok
07:43:05.0256 0x2a18  [ 13F6B64235C60167052364BF7D99E4CA, BC12EE00775F7456FB922FBD684BF3F0CFABA5BEBB6E162C23B41DED5C20A978 ] RemoteAccess    C:\WINDOWS\System32\mprdim.dll
07:43:05.0282 0x2a18  RemoteAccess - ok
07:43:05.0288 0x2a18  [ 3183B161B1F05333F6C325577FEF3596, D6A89B2A021377B6F371E5B9EFC36FF018822B28F0ED41F8CD2F00C5C8605707 ] RemoteRegistry  C:\WINDOWS\system32\regsvc.dll
07:43:05.0306 0x2a18  RemoteRegistry - ok
07:43:05.0320 0x2a18  [ 0660F4A14F9D2A2F59B26B1D74F1A6D0, A9443B6B7ED1ECA22AC960A2C6A2BE18C0BA58CD7BCF60E7AA617CD3662D122D ] RetailDemo      C:\WINDOWS\system32\RDXService.dll
07:43:05.0351 0x2a18  RetailDemo - ok
07:43:05.0357 0x2a18  [ 5DAA644F17780FC4E3F4820A46D38FEC, 32C27FFA0A4608B164F4E709CD0D998AB73CA9713BE3E47F9DBC7B3D1B6C7453 ] RmSvc           C:\WINDOWS\System32\RMapi.dll
07:43:05.0370 0x2a18  RmSvc - ok
07:43:05.0375 0x2a18  [ 672724C8B21B7DC56646045DE4D5B860, 79986E80A92C949C543959F1E35647A9788DAB2892AC20B6DEA5C0BBC0CEDE9E ] RpcEptMapper    C:\WINDOWS\System32\RpcEpMap.dll
07:43:05.0386 0x2a18  RpcEptMapper - ok
07:43:05.0390 0x2a18  [ 109C1D609951E886D3643B15C1EDD1C2, 347D8E7C50EC7F96217C7421D9BC8A42C9DF50B94169CB58DCF857A63C33C2EA ] RpcLocator      C:\WINDOWS\system32\locator.exe
07:43:05.0399 0x2a18  RpcLocator - ok
07:43:05.0416 0x2a18  [ 7BD259FC59CF9C2AE1B979564B374CC6, 299832FCE304A85080C80ABFE820A6093AC15A7C1E7C89D8C946708E955A2909 ] RpcSs           C:\WINDOWS\system32\rpcss.dll
07:43:05.0478 0x2a18  RpcSs - ok
07:43:05.0494 0x2a18  [ 5FF28F097C9699097B473F8FC7C1AA7D, 695560F1DBD85073F3D6CB1FF16F16504CA044EA62E940E463A16BBA8B86E2FA ] rspndr          C:\WINDOWS\system32\drivers\rspndr.sys
07:43:05.0524 0x2a18  rspndr - ok
07:43:05.0543 0x2a18  [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
07:43:05.0566 0x2a18  RTSUER - ok
07:43:05.0573 0x2a18  [ B5DAEE69BACA64D2BB004568E22D8756, C0072CF6B438ED756435A182D55AC55F3AD356ACBD483DE06A94893D3CA8CCC5 ] s3cap           C:\WINDOWS\System32\drivers\vms3cap.sys
07:43:05.0592 0x2a18  s3cap - ok
07:43:05.0598 0x2a18  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] SamSs           C:\WINDOWS\system32\lsass.exe
07:43:05.0613 0x2a18  SamSs - ok
07:43:05.0619 0x2a18  [ 5E73FB63E2DBC75FE0C17DEB0010CE0E, 9DAC47486262397D03BC01F7438CAB62CF33BD7B5283F5B9548C770A3D6D0ADC ] sbp2port        C:\WINDOWS\system32\drivers\sbp2port.sys
07:43:05.0632 0x2a18  sbp2port - ok
07:43:05.0642 0x2a18  [ 3CD0130FFDEAEACF0905B482F3934EA3, 1EC355B63135FD2563093EBB206741C0C4CCE0551A662F6DC86C875146A88B06 ] SCardSvr        C:\WINDOWS\System32\SCardSvr.dll
07:43:05.0665 0x2a18  SCardSvr - ok
07:43:05.0673 0x2a18  [ 5E8ECCE130A72107B6DFDBE26185A7FB, 811E2CE485BC14161FF629069BCCF53B2B8C6F8B1E1A6B3A3C86DBE4F85A5577 ] ScDeviceEnum    C:\WINDOWS\System32\ScDeviceEnum.dll
07:43:05.0693 0x2a18  ScDeviceEnum - ok
07:43:05.0698 0x2a18  [ 3D9A82B03C92D1FEC42CB171D6F57778, DC027F02F5EB5F1D10DB6F405FB0C15D4D5C922445F5F3C916624113278AF072 ] scfilter        C:\WINDOWS\system32\DRIVERS\scfilter.sys
07:43:05.0711 0x2a18  scfilter - ok
07:43:05.0737 0x2a18  [ D4DB6B318A0A0C74A90260725A228C0B, 57BA2EF9D880488C785C806ABF9EE753A48E589129442D72F815CD6EFFA07B22 ] Schedule        C:\WINDOWS\system32\schedsvc.dll
07:43:05.0790 0x2a18  Schedule - ok
07:43:05.0795 0x2a18  [ 9055ADDFBA4C8B914C914CE693B55C0A, DB213AC36E14D856B81D2AFE46815402537A2ABEEA15032A9FF436F953129441 ] scmbus          C:\WINDOWS\system32\drivers\scmbus.sys
07:43:05.0804 0x2a18  scmbus - ok
07:43:05.0809 0x2a18  [ B6F2363584E62960846F7C3F00124A4F, 252189FF9D623CF69BF415FF7C7FE74B0BBF756B632420578BFAFF6595616CF7 ] scmdisk0101     C:\WINDOWS\System32\drivers\scmdisk0101.sys
07:43:05.0824 0x2a18  scmdisk0101 - ok
07:43:05.0829 0x2a18  [ C1B5EE58E759C53F9939581709DC70BB, 85095ABC9459A766832373BC3839E573E9A73C967F8427D6B7CAB972551C3191 ] SCPolicySvc     C:\WINDOWS\System32\certprop.dll
07:43:05.0842 0x2a18  SCPolicySvc - ok
07:43:05.0850 0x2a18  [ 7C3D10BEC8B0DBA00A78C78EB10B3AE2, A671C9CB97977613576D70607E106C7A29B9EA9E875C7C5AF293EE5903D7AD0A ] sdbus           C:\WINDOWS\System32\drivers\sdbus.sys
07:43:05.0863 0x2a18  sdbus - ok
07:43:05.0870 0x2a18  [ F3714DBAA42C15F78FFCDFE4273214EB, 2D018970B92C5F0744FAE10A2FC298F3DCEA5C2EDEB760F4F0651337B9878ABF ] SDRSVC          C:\WINDOWS\System32\SDRSVC.dll
07:43:05.0885 0x2a18  SDRSVC - ok
07:43:05.0890 0x2a18  [ 120DFCB71D6C502613A9E2D50E16850C, 2C294010AD1C9C380CD5221A37720544178B7358C8C8553AF44055E4CEE5DAF5 ] sdstor          C:\WINDOWS\System32\drivers\sdstor.sys
07:43:05.0900 0x2a18  sdstor - ok
07:43:05.0903 0x2a18  [ EFD644DD091E1D94555FC3BBC95EA66D, FBDDA6680BEC378CCF12A32D9186020E884DA15A1E789D1531B1E687FC7B54B1 ] seclogon        C:\WINDOWS\system32\seclogon.dll
07:43:05.0916 0x2a18  seclogon - ok
07:43:05.0920 0x2a18  [ 07F83829E7429E60298440CD1E601A6A, 9F1229CD8DD9092C27A01F5D56E3C0D59C2BB9F0139ABF042E56F343637FDA33 ] semav6msr64     C:\WINDOWS\system32\drivers\semav6msr64.sys
07:43:05.0926 0x2a18  semav6msr64 - ok
07:43:05.0931 0x2a18  [ F48535714BED7DD784853889B4594B26, 9B4AB7E7293E79A8F6CC46C84F23E62AD3BD6E958FCE078CDBB125A69FAC7E50 ] SENS            C:\WINDOWS\System32\sens.dll
07:43:05.0950 0x2a18  SENS - ok
07:43:05.0973 0x2a18  [ 2B4E090D06C60853C5C00CF255F9E02A, 4D4DBA7B04519622612BD4A4F28318CA2F5646C84CAFF8C5ACC9BF4C6031894E ] SensorDataService C:\WINDOWS\System32\SensorDataService.exe
07:43:06.0042 0x2a18  SensorDataService - ok
07:43:06.0063 0x2a18  [ C09A42163878A082C3F0D0A3DFE95714, 8033DC38D0EDED3758DA6BF8C1955BE5FFE48863C079C589660B37D0E461300F ] SensorService   C:\WINDOWS\system32\SensorService.dll
07:43:06.0119 0x2a18  SensorService - ok
07:43:06.0130 0x2a18  [ E6F00415DADCEEC860E7AB42BFD19A65, 274CAF22F93D43B6DB6953730E3DF8DA94776B24EEE74B80AB4CD780BC1366A9 ] SensrSvc        C:\WINDOWS\system32\sensrsvc.dll
07:43:06.0159 0x2a18  SensrSvc - ok
07:43:06.0167 0x2a18  [ 401D706DDC0A7AF18C3DD228ADF74551, 27C0B38D7C2E3F6FF06201124E63483931F6071954B2B99EC0143C464238C0B7 ] SerCx           C:\WINDOWS\system32\drivers\SerCx.sys
07:43:06.0182 0x2a18  SerCx - ok
07:43:06.0189 0x2a18  [ 7084D11083F0CDCA8B5C76F9846ABF5D, F639920882B0E784D8CFAF0D4C0F0C411937B6831E5DD99B0ABFBFE06BA4742F ] SerCx2          C:\WINDOWS\system32\drivers\SerCx2.sys
07:43:06.0202 0x2a18  SerCx2 - ok
07:43:06.0206 0x2a18  [ 3FF478A8ED32A83C36581425F6282B6C, 787646A17098EA7CF36064D0A950C1D470D4A280C8C5AC40023D566E53860EAE ] Serenum         C:\WINDOWS\System32\drivers\serenum.sys
07:43:06.0218 0x2a18  Serenum - ok
07:43:06.0224 0x2a18  [ 92509187AA171A80521528B36F753E1D, FE0DA272B8A155ECC161E99586C4AE7EE17B1C84BC330DA1566C83B8E03FA825 ] Serial          C:\WINDOWS\System32\drivers\serial.sys
07:43:06.0237 0x2a18  Serial - ok
07:43:06.0240 0x2a18  [ 433D38FF6D08B993847EA2A10EB8CB52, 29BA75DB6D1AC761BBDFB5AC8874FC7D763E1CD10D290E369063B34CE951270F ] sermouse        C:\WINDOWS\System32\drivers\sermouse.sys
07:43:06.0253 0x2a18  sermouse - ok
07:43:06.0269 0x2a18  [ 82CF273F0E8F243789683DEB40757569, 5433D93A41C4BF04494E6158931C6AC3154888F7CD3A417253EC02FF7EA6D00E ] SessionEnv      C:\WINDOWS\system32\sessenv.dll
07:43:06.0299 0x2a18  SessionEnv - ok
07:43:06.0306 0x2a18  [ 697D3EE0740AEAB62B66ABCA1C83D13B, FCF54A0071ED04AD3FC8551C67FE5FD49089DC0510F753052CAC5972A65C9E3D ] sfloppy         C:\WINDOWS\System32\drivers\sfloppy.sys
07:43:06.0324 0x2a18  sfloppy - ok
07:43:06.0338 0x2a18  [ 832E933AA8DB9FD4733B96D8B6484D3F, 3A8E3D7ECA192EEE154CB568073B7211FDA06078EFC3BC7E961563A1BFDD0CAA ] SharedAccess    C:\WINDOWS\System32\ipnathlp.dll
07:43:06.0369 0x2a18  SharedAccess - ok
07:43:06.0388 0x2a18  [ 482E6BE8A07832E824080D352075ACA1, 4123A76C8E805AF4FE229C53E9C174095C0937913BA81A63FE9B45C44AA5B15F ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
07:43:06.0428 0x2a18  ShellHWDetection - ok
07:43:06.0436 0x2a18  [ CF3BDF9EAD8D3EF671E9339B44B185BA, C17EC6D5B00F49D9C8B5B6C262A85F34ED71C58450659F006B3632AA84F68E23 ] shpamsvc        C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll
07:43:06.0451 0x2a18  shpamsvc - ok
07:43:06.0455 0x2a18  [ A34CE1830E45DA98932295FDE4B7908A, FC553ECF4D64B4B10B7FDE5352707785517A18D487A80665BAFC7261E3F35CDC ] SiSRaid2        C:\WINDOWS\system32\drivers\SiSRaid2.sys
07:43:06.0464 0x2a18  SiSRaid2 - ok
07:43:06.0468 0x2a18  [ A7B5C670770E908DA5FEF5BF1136E933, 8D3BB6FF65E631C34BE8EA766481B2FDB2E1E916A4FD67F86705A8975A136E6C ] SiSRaid4        C:\WINDOWS\system32\drivers\sisraid4.sys
07:43:06.0477 0x2a18  SiSRaid4 - ok
07:43:06.0481 0x2a18  [ D233EAE2A9D48485321816486ED635EF, 03AB49BE9CF15EB7EDC50C400E673B4DF0E5BFDA9A7811E157F2AF2F3CF38D49 ] smphost         C:\WINDOWS\System32\smphost.dll
07:43:06.0498 0x2a18  smphost - ok
07:43:06.0511 0x2a18  [ 0B217141AC1283655402CDB356577735, 6EFA4CA46CFC8B7156CE7E5CA89B7F7073E16D66C2FC13F4DB95FEB78CCF698F ] SmsRouter       C:\WINDOWS\system32\SmsRouterSvc.dll
07:43:06.0542 0x2a18  SmsRouter - ok
07:43:06.0549 0x2a18  [ 6F4CE07D420FB657B5936F71101ABD41, CEC52984C56E578E0FFE12BE1B8148335F788B7D1751F2D0E79B944A41113C20 ] SNMPTRAP        C:\WINDOWS\System32\snmptrap.exe
07:43:06.0561 0x2a18  SNMPTRAP - ok
07:43:06.0573 0x2a18  [ C994DF90427103CCB80F893FFD2B1CE8, 7E4B08095C77E68D337A3425EEA38F8FEC4D103CA7661E34FD96BF518DFB4BCB ] spaceport       C:\WINDOWS\system32\drivers\spaceport.sys
07:43:06.0592 0x2a18  spaceport - ok
07:43:06.0597 0x2a18  [ E03264C4C25B568F92ED1656AD541E64, D42942BFFBC7213D204FAF84F4FE015FC23A6ACB29B5E752834EDBC17A3AC20D ] SpbCx           C:\WINDOWS\system32\drivers\SpbCx.sys
07:43:06.0606 0x2a18  SpbCx - ok
07:43:06.0622 0x2a18  [ 79DCE27E8C4CF6701BFE49EC2446BBF6, F51CBB7A45C3C878F41653FD5FBDC93CC302712B7725DAAB4D3475A1F4771E3D ] Spooler         C:\WINDOWS\System32\spoolsv.exe
07:43:06.0658 0x2a18  Spooler - ok
07:43:06.0743 0x2a18  [ 23529A00195CE71252FEBF647E56E27D, 8ADF7A1C96DAE005E9A974D90BE8954F88D49B6848252B88513C49E0A3BD9774 ] sppsvc          C:\WINDOWS\system32\sppsvc.exe
07:43:06.0911 0x2a18  sppsvc - ok
07:43:06.0927 0x2a18  [ E83830BB74AE8CBECEA0ECD94DE436F9, 4A34569A34260324EBD629039E1BF45A3527FC75B22D9A3DB6360A6EB365483A ] srv             C:\WINDOWS\system32\DRIVERS\srv.sys
07:43:06.0945 0x2a18  srv - ok
07:43:06.0959 0x2a18  [ 55CA5329D1ADEB8F8034045930147AE4, D4F31BC82700D166564C7F9CDCEA3ABAB4A37B55137C34572768DF46FDA9320A ] srv2            C:\WINDOWS\system32\DRIVERS\srv2.sys
07:43:06.0989 0x2a18  srv2 - ok
07:43:06.0996 0x2a18  [ F13EE0DB1FB1D6946AC3228D7EFCFC8F, 109A809F0338FAB0F4045FA5EE33C6F0A994A9F586B2FBD8920A6AABA0E0EF66 ] srvnet          C:\WINDOWS\system32\DRIVERS\srvnet.sys
07:43:07.0011 0x2a18  srvnet - ok
07:43:07.0017 0x2a18  [ 44758105AB3EA34E815D4B6CA1153311, 7F223A20D2538C123BAC6F75BE0E126876A116F09502FD980C05B8916E26E1B7 ] SSDPSRV         C:\WINDOWS\System32\ssdpsrv.dll
07:43:07.0033 0x2a18  SSDPSRV - ok
07:43:07.0039 0x2a18  [ B97C7EC07218A8002323718202BF5E77, 39D3254383E3F49FD3E2DFF8212F4B5744D8D5E0A6BB320516C5EE525AD211EB ] SstpSvc         C:\WINDOWS\system32\sstpsvc.dll
07:43:07.0055 0x2a18  SstpSvc - ok
07:43:07.0144 0x2a18  [ 4E330AD1EED4A5D582EE415FD55953A2, 2C02E1F45F74D250110BA5117AA942495CB2EBAC7F2CCECC284B4FB8F47B13E1 ] StateRepository C:\WINDOWS\system32\windows.staterepository.dll
07:43:07.0302 0x2a18  StateRepository - ok
07:43:07.0340 0x2a18  [ 596DC69BB40A96FCA4B19D9D1E221E34, 3469D3B2E9A88E39C14AE2E3DD5EC3D91FBB88CA568D794555B397B50E64AB15 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
07:43:07.0406 0x2a18  Steam Client Service - ok
07:43:07.0412 0x2a18  [ 29D26E1347AE1BBD4201014E19880B2C, 9E2153AD96CE4F189EEE43BB02515532C619FB1CA02D8F6DEF517AC3347AAA14 ] stexstor        C:\WINDOWS\system32\drivers\stexstor.sys
07:43:07.0422 0x2a18  stexstor - ok
07:43:07.0438 0x2a18  [ 91CB95B35481155BFE29C217CD237F27, CA66957DF1441D991453BEF02D768D44E5D9A484BC23C8874E8A7AC20904CB06 ] stisvc          C:\WINDOWS\System32\wiaservc.dll
07:43:07.0474 0x2a18  stisvc - ok
07:43:07.0480 0x2a18  [ 53EB8CE34B55A1EE63424C8DB7388BFC, 5AB59117BA8A2844EB8693CCC19B217AE039B28C87519F96E1C845FE9BF456C2 ] storahci        C:\WINDOWS\system32\drivers\storahci.sys
07:43:07.0492 0x2a18  storahci - ok
07:43:07.0496 0x2a18  [ C5E0ACE4771F5575D9D5B457ABF3AD03, 365880BC5AC313F25C313EFB7758301F98D9B2BF4C5FC9499F98C2B7F8407D96 ] storflt         C:\WINDOWS\system32\drivers\vmstorfl.sys
07:43:07.0505 0x2a18  storflt - ok
07:43:07.0508 0x2a18  [ B66D8C75C9BC59D637177AB3B1C569A6, 76252A631F03EEBF5FDC7693F6B0A5E73838CDBE3157114CC96B8BBE88B476BF ] stornvme        C:\WINDOWS\system32\drivers\stornvme.sys
07:43:07.0517 0x2a18  stornvme - ok
07:43:07.0522 0x2a18  [ BEBF85EB4D90E6996047DA027D0ED26E, DF109CF0F07CDD1B9B702C2A076D4DD5366DAAD971CC9359AF0358E79981706F ] storqosflt      C:\WINDOWS\system32\drivers\storqosflt.sys
07:43:07.0534 0x2a18  storqosflt - ok
07:43:07.0543 0x2a18  [ B91FBE7CB4633FEB32AFBD0B48576396, 9EFDD92E8096CE5555F8DC3C870864E5515469603C2373B99B3607234633CA66 ] StorSvc         C:\WINDOWS\system32\storsvc.dll
07:43:07.0566 0x2a18  StorSvc - ok
07:43:07.0571 0x2a18  [ 8E73037A6F8938475692FFCC26EBF385, F78C5CD1A3CD17AA831EEC82426B14006B4DDBC9085A4814E04E8C37FD6B05F7 ] storufs         C:\WINDOWS\system32\drivers\storufs.sys
07:43:07.0579 0x2a18  storufs - ok
07:43:07.0583 0x2a18  [ 9D9DED47DA10E845EFF2DD57C94C809B, 520D0CE7A867051B80C8141E351FE5A5BCE3C99776093F234DB77D3407B1F104 ] storvsc         C:\WINDOWS\system32\drivers\storvsc.sys
07:43:07.0593 0x2a18  storvsc - ok
07:43:07.0596 0x2a18  [ 4BBD324372664F7EC73E93553A92CD2C, 43DE2A7C3A8B64535E104E4FB8AB32AD93EFC10F2EAE3BF287A06A89C5998124 ] SupportAssistAgent C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
07:43:07.0600 0x2a18  SupportAssistAgent - ok
07:43:07.0604 0x2a18  [ 224C92E442B1B8C20C274332F1ACF00D, CDE5DCFB7A21089464A6E2ABB29BBE08B184C3433C218756AA5902A8F67C0B2C ] svsvc           C:\WINDOWS\system32\svsvc.dll
07:43:07.0617 0x2a18  svsvc - ok
07:43:07.0620 0x2a18  [ 505E0C40B5D0ADDCBB414640F59BD2E0, DF4B5E65FE6FF2224F298A2A2FAC9B648C082DFF8463148633647580A9FAD34D ] swenum          C:\WINDOWS\System32\drivers\swenum.sys

jomei · 22.02.2017, 01:51

Part 2

Code:

ATTFilter

07:43:07.0628 0x2a18  swenum - ok
07:43:07.0638 0x2a18  [ 2EE27411B5904C63D723BEA391819F58, C88C11D460E90398E16011B8A2CED5EE5626084F24790EA6115532F8F70060C6 ] swprv           C:\WINDOWS\System32\swprv.dll
07:43:07.0663 0x2a18  swprv - ok
07:43:07.0668 0x2a18  [ 32F46FB0F290D16DAA452B289C985795, 73F88AAAA6026DB4C27F1D054145216DCC3F1960946FB2A7A90518DD1D5737CB ] Synth3dVsc      C:\WINDOWS\System32\drivers\Synth3dVsc.sys
07:43:07.0677 0x2a18  Synth3dVsc - ok
07:43:07.0699 0x2a18  [ FED48B19D6F55D7A3AB498D85729D1BA, FA5E0E02BC2E2DE108C55991E3B063CC947072228B53539F42F922661510DE7C ] SysMain         C:\WINDOWS\system32\sysmain.dll
07:43:07.0740 0x2a18  SysMain - ok
07:43:07.0750 0x2a18  [ D9FEA79BF6AF136F8E656AE045C2FEC8, E6F08A93348E035185F0F1C6B6277E636F4F25D1136E3ACCA63488DAEEC7114B ] SystemEventsBroker C:\WINDOWS\System32\SystemEventsBrokerServer.dll
07:43:07.0769 0x2a18  SystemEventsBroker - ok
07:43:07.0774 0x2a18  [ 48D2B8AA8C2F1C3360EC33554EC4E6D2, 0F66A9CBED9E70DA3CED6E009795000D41259AD345E3BD3C2EA2F2969588BB04 ] SystemUsageReportSvc_QUEENCREEK C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
07:43:07.0782 0x2a18  SystemUsageReportSvc_QUEENCREEK - ok
07:43:07.0787 0x2a18  [ 86E7FD5C8DBEC1EB51C4368561402B75, 86EE61414CD5854E39E33F67BF5DA4377B569B3ED4D18882C470BC6784891DA1 ] TabletInputService C:\WINDOWS\System32\TabSvc.dll
07:43:07.0803 0x2a18  TabletInputService - ok
07:43:07.0806 0x2a18  [ 134B275751051C5D03F9ACCDC4F8CAAB, D50F96485AF6F26EA9A5A3A2ADEACC2DFD3B2ABCDAB88195B75CC72EAC543BE2 ] tap0901         C:\WINDOWS\System32\drivers\tap0901.sys
07:43:07.0826 0x2a18  tap0901 - ok
07:43:07.0829 0x2a18  [ E790E904BB06081F5A3DAFE87F20D06B, F09F574A134E87B9578B914ACD028AF49031CDC788989A073197774A49FFFD17 ] taphss6         C:\WINDOWS\System32\drivers\taphss6.sys
07:43:07.0834 0x2a18  taphss6 - ok
07:43:07.0842 0x2a18  [ 3929C8FC134AC672C4F3F85160956257, CD3195CA58BA6F55EA0DDA2BE6AB58280AD1CA488D7AAA1539DD05FB99374F36 ] TapiSrv         C:\WINDOWS\System32\tapisrv.dll
07:43:07.0861 0x2a18  TapiSrv - ok
07:43:07.0902 0x2a18  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip           C:\WINDOWS\system32\drivers\tcpip.sys
07:43:07.0957 0x2a18  Tcpip - ok
07:43:08.0000 0x2a18  [ 4F25E481124059CC593B4C68BC485640, 2814D2BA4E83D3B0F7569E6C6EE0C763D9801BC505D8ED84675D19C8573834DB ] Tcpip6          C:\WINDOWS\system32\drivers\tcpip.sys
07:43:08.0055 0x2a18  Tcpip6 - ok
07:43:08.0063 0x2a18  [ 8DBB1BE20C36E6D19BCC89EEA00B953C, 8B97A7E53E1D77363AFF6A5AAEAD89EBAE28DCB8D82753C804FD7CD5646500AF ] tcpipreg        C:\WINDOWS\system32\drivers\tcpipreg.sys
07:43:08.0074 0x2a18  tcpipreg - ok
07:43:08.0080 0x2a18  [ 9D2DD64A0B51C56285512DC9454340F6, ABB90CE6A55269F71AFB08E04969CF9A4EFD93F7A7189AF920EEE3E005214DDD ] tdx             C:\WINDOWS\system32\DRIVERS\tdx.sys
07:43:08.0090 0x2a18  tdx - ok
07:43:08.0235 0x2a18  [ F2F02E436BA56A96A06E4427C5787B6E, 1562FF264011A15AC69808CB74F387917C4E8ED3B91546B12933BE10B6E20B3A ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
07:43:08.0359 0x2a18  TeamViewer - ok
07:43:08.0373 0x2a18  [ 06130AFFECEB94525FC2352936576B70, 10EBE2C8FDC087D29E2FFB328F0F7905A5374AB8CC9FAE8699E7676DBC8CBF91 ] terminpt        C:\WINDOWS\System32\drivers\terminpt.sys
07:43:08.0383 0x2a18  terminpt - ok
07:43:08.0402 0x2a18  [ FB68E5F02316C42BE7282DA492351C6F, AC31D841FEA58B776127E138DB20F8D48E26FD8C00CE2FA9695EA14EBF159A0A ] TermService     C:\WINDOWS\System32\termsrv.dll
07:43:08.0438 0x2a18  TermService - ok
07:43:08.0443 0x2a18  [ 2AF438EC0D361A7BBB70E604A686602C, 4BE6A0461EB2CB94288614434A1CEC81C2ED46241721FD5BBD8ABE0680F7C804 ] Themes          C:\WINDOWS\system32\themeservice.dll
07:43:08.0459 0x2a18  Themes - ok
07:43:08.0488 0x2a18  [ 5835A845C5991E502C10F92D23EA08AB, 7EB166A43AD748544852C2E2673A6E7F6D883302FD4EF3F7F45414CB848FF767 ] ThunderboltService C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
07:43:08.0635 0x2a18  ThunderboltService - ok
07:43:08.0645 0x2a18  [ 1482B8ED5CACA87992A882B853B83CEE, 613247F0E362A109090E8563D977DECC50C64D45D6962905FA84A2D59329045C ] TieringEngineService C:\WINDOWS\system32\TieringEngineService.exe
07:43:08.0666 0x2a18  TieringEngineService - ok
07:43:08.0680 0x2a18  [ 3B3C607C3C62DFBEF61938DA2CAB94DF, E5EEA7F45A7BBFDF6F0003CD77E39958C451DD1B4B401876B5619A3C20F5C370 ] tiledatamodelsvc C:\WINDOWS\system32\tileobjserver.dll
07:43:08.0707 0x2a18  tiledatamodelsvc - ok
07:43:08.0713 0x2a18  [ C1F8CBE2D4843E0CCC3EFEA2EC60D4AB, 9D07527D982066922318C77AECE99280DE55034C375ACE145E827A6BEB5C3B70 ] TimeBrokerSvc   C:\WINDOWS\System32\TimeBrokerServer.dll
07:43:08.0727 0x2a18  TimeBrokerSvc - ok
07:43:08.0734 0x2a18  [ 46171262D0E806779DEEDFCAB2F830CC, 7F4A4658B8BA217D99E5B5C0E01600C20DC96ECBCA32A5BA7FBE17D2A7B8BFD8 ] TPM             C:\WINDOWS\System32\drivers\tpm.sys
07:43:08.0746 0x2a18  TPM - ok
07:43:08.0751 0x2a18  [ 3B91F35089240F6187AD681A5EC28BDE, 3D035CB73BC8E7831DCD0FB7D9DAD91CE51D3D0F9D9C8B866A0009BD508B6702 ] TrkWks          C:\WINDOWS\System32\trkwks.dll
07:43:08.0765 0x2a18  TrkWks - ok
07:43:08.0769 0x2a18  [ 09440FA30C020B4443391FAFCF4876E3, 208C7725F70C75D8C96CCAF5B22F83B8B1C66D8C9FFF48465B1C9F4A77425569 ] TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe
07:43:08.0787 0x2a18  TrustedInstaller - ok
07:43:08.0793 0x2a18  [ A6F4025664C9D4BC2A9EDAB4092706D7, 89808A1679C0E716F86F06EE7701DCC289200894F0FA1F120DA2AC3A45FDB312 ] tsusbflt        C:\WINDOWS\system32\drivers\TsUsbFlt.sys
07:43:08.0806 0x2a18  tsusbflt - ok
07:43:08.0810 0x2a18  [ 37A96AD493E110C0BF1EE0AC0F9E7DBD, F2A6894A4AEE18DF2B92222CDB0801A13AEEB7212071F0431430788339B30E23 ] TsUsbGD         C:\WINDOWS\System32\drivers\TsUsbGD.sys
07:43:08.0820 0x2a18  TsUsbGD - ok
07:43:08.0829 0x2a18  [ 79E264287F17D56D768440B0270466DE, ABF9DC95C5E939B30BFD9BF9EDFDB3BD78A9DFCB055B945965303B6A60E6D7A7 ] tunnel          C:\WINDOWS\System32\drivers\tunnel.sys
07:43:08.0844 0x2a18  tunnel - ok
07:43:08.0849 0x2a18  [ F723552F65D44FE693DB1A383825B3A8, EF8C343C4EB5EEA4EC830378EF576CCD6CD4EEDEDD486C0F29697044E8C71F45 ] tzautoupdate    C:\WINDOWS\system32\tzautoupdate.dll
07:43:08.0866 0x2a18  tzautoupdate - ok
07:43:08.0873 0x2a18  [ AA65954F512BA097DD190790876DD991, C1BB2B8F54F064D01190327B5E7949EBBDA21D6FC6F94D9FCD20F685C2F855FA ] UASPStor        C:\WINDOWS\System32\drivers\uaspstor.sys
07:43:08.0881 0x2a18  UASPStor - ok
07:43:08.0885 0x2a18  [ AB6268022C3A5B529075A39C33904DA6, 2717F1704640201F2681711543EA39A74C3E89C7DB232EC5DD89FD8AA6F07846 ] UcmCx0101       C:\WINDOWS\system32\Drivers\UcmCx.sys
07:43:08.0900 0x2a18  UcmCx0101 - ok
07:43:08.0904 0x2a18  [ 7ED2EDA43D21C7A5F589A7960E265C52, 7DB8A595236FBB8A264D7AB155201357212855050ABB5B1036EF32F1223FDCC2 ] UcmTcpciCx0101  C:\WINDOWS\system32\Drivers\UcmTcpciCx.sys
07:43:08.0915 0x2a18  UcmTcpciCx0101 - ok
07:43:08.0923 0x2a18  [ 169351463039B45F5CDED9768879F712, 990C8C4AEF9ED7FF6BCEAE67F7BDAA037777B142B8D96A74F8715C941A5C63C6 ] UcmUcsi         C:\WINDOWS\System32\drivers\UcmUcsi.sys
07:43:08.0935 0x2a18  UcmUcsi - ok
07:43:08.0942 0x2a18  [ 08A9E3AD29B215484FBB68CDC175DF3A, 3EFFF99C3BC4A1454E3D2B5177AE587ED3041AB4CE2A95BA7E28A2124E38E1E5 ] Ucx01000        C:\WINDOWS\system32\drivers\ucx01000.sys
07:43:08.0954 0x2a18  Ucx01000 - ok
07:43:08.0958 0x2a18  [ DA70AEE267491AA56BC63AA0C0C96CA2, 0A0AADB27607F9292BB3CE000CFDDB19BD4CA09EAAD926C4925CB43B17817AD9 ] UdeCx           C:\WINDOWS\system32\drivers\udecx.sys
07:43:08.0970 0x2a18  UdeCx - ok
07:43:08.0978 0x2a18  [ FBC5ECF6D5A868D0B116C2DBB02B8168, 945AA76C60ABAD6075B5C8F9172C018F75BCF393A1CB8B329F5E68E664627775 ] udfs            C:\WINDOWS\system32\DRIVERS\udfs.sys
07:43:09.0002 0x2a18  udfs - ok
07:43:09.0006 0x2a18  [ B918E40FAA9CD118CCA4AD388B748C98, 4B539B7B656F02C5E5BAEE52A677757B05CC11C5500D619850A564C28FAB8115 ] UEFI            C:\WINDOWS\System32\drivers\UEFI.sys
07:43:09.0014 0x2a18  UEFI - ok
07:43:09.0021 0x2a18  [ 0FD75222C1AD2687AB365BEBEA400DD4, AD10DBCA59EB7D34FD8F963CE267F36774A9BC613F8D637903B12AC88C328E8A ] Ufx01000        C:\WINDOWS\system32\drivers\ufx01000.sys
07:43:09.0034 0x2a18  Ufx01000 - ok
07:43:09.0039 0x2a18  [ C1A78C53E01C641AE41BFA65797819F5, 0B9FE1BD724B3315199A1B1DA2F03255E4FE744DA3CE6CD0F77699A8E42E9359 ] UfxChipidea     C:\WINDOWS\System32\drivers\UfxChipidea.sys
07:43:09.0049 0x2a18  UfxChipidea - ok
07:43:09.0054 0x2a18  [ 767307212110EBEFB93EC9A5BE9E85B9, 368797400FE54802CE74F34B773CE2AF09EB8DEA6C035B55419A52F0B5A6FAD0 ] ufxsynopsys     C:\WINDOWS\System32\drivers\ufxsynopsys.sys
07:43:09.0064 0x2a18  ufxsynopsys - ok
07:43:09.0070 0x2a18  [ 8578F83EC5175920F2D8586FFF9DCE47, 049A16AC87F93E761150C8286633FFCA62EE85F5645DDE77D36BD0EB6481FF83 ] UI0Detect       C:\WINDOWS\system32\UI0Detect.exe
07:43:09.0084 0x2a18  UI0Detect - ok
07:43:09.0088 0x2a18  [ DC460AAA18CA2342FBBFB2DF9B044472, 14D45E059C596AE97506D26705F248CA1C2269160B31A60341060E8A93146CBD ] umbus           C:\WINDOWS\System32\drivers\umbus.sys
07:43:09.0100 0x2a18  umbus - ok
07:43:09.0104 0x2a18  [ C3CF0377917ECE6D65D7623E1E61568F, 4909695E04CBC86BFCFFBC15F332C367521054B7B4D3C141C7CA6B2E40E090B9 ] UmPass          C:\WINDOWS\System32\drivers\umpass.sys
07:43:09.0112 0x2a18  UmPass - ok
07:43:09.0120 0x2a18  [ 640CF093C1CF16D5FD317616CA348F31, BEC34D1AACA83BF5A84CE01F6A668E3CA5A33C56A446DC42EFFF7C43D22E1AE6 ] UmRdpService    C:\WINDOWS\System32\umrdp.dll
07:43:09.0137 0x2a18  UmRdpService - ok
07:43:09.0173 0x2a18  [ B8272BB8D4982C496FDC704809C38E02, F93855D932FB1DBBCC86E82C0FE0DC9ECF93BBD629D2CA9D0BE7E075E114B7FF ] UnistoreSvc     C:\WINDOWS\System32\unistore.dll
07:43:09.0225 0x2a18  UnistoreSvc - ok
07:43:09.0240 0x2a18  [ 6CDA3536F6BAB7896A57EAB7DC07F379, 8FBE6457ECD1ABB518D9800EBA8A017774FFAA8EABD2EDC0825181A12FE9AEF6 ] upnphost        C:\WINDOWS\System32\upnphost.dll
07:43:09.0265 0x2a18  upnphost - ok
07:43:09.0269 0x2a18  [ 6B46FC140C9AF68E6E7697D66D59CB4D, F018B4784D65F1A8140A6EA69C35D6A7ECE01738694052FD54AFD2B81A8F2FF8 ] UrsChipidea     C:\WINDOWS\System32\drivers\urschipidea.sys
07:43:09.0278 0x2a18  UrsChipidea - ok
07:43:09.0282 0x2a18  [ B4402E7F0923F660270442CE76877ABE, 1C2DD26EAB71F75EA576E8DAABAF71FD7DC3DF807CF025617C774CEF33C0B718 ] UrsCx01000      C:\WINDOWS\system32\drivers\urscx01000.sys
07:43:09.0291 0x2a18  UrsCx01000 - ok
07:43:09.0294 0x2a18  [ 9DD431F1B94789CFB527E5D19261F124, 8F5A249A97C5B14B282E3147DD21951D2AD34B651E762814C12F4C26D74EC70C ] UrsSynopsys     C:\WINDOWS\System32\drivers\urssynopsys.sys
07:43:09.0302 0x2a18  UrsSynopsys - ok
07:43:09.0308 0x2a18  [ 93F169DE94DBAC5DAF4755AFF10193DD, 381E6751EB97426B9BF30929E4B82A665D1ED985DA60BE18D3C17CF2BB41F848 ] usbaudio        C:\WINDOWS\system32\drivers\usbaudio.sys
07:43:09.0321 0x2a18  usbaudio - ok
07:43:09.0327 0x2a18  [ C87E32B90F085970D9637FBAD45EF6FE, C180EACD2EE479277DA5DBF39E43B428BD7945141B2451CB3946B0C1E495E76F ] usbccgp         C:\WINDOWS\System32\drivers\usbccgp.sys
07:43:09.0337 0x2a18  usbccgp - ok
07:43:09.0342 0x2a18  [ 0B663856474AC41924D9E9112203858F, 9E09F2A6279B48CAC09F8C7AA1F1BE02864D540C2ED1460CBA9FABCF0A546A1E ] usbcir          C:\WINDOWS\System32\drivers\usbcir.sys
07:43:09.0353 0x2a18  usbcir - ok
07:43:09.0358 0x2a18  [ F83D2250256203AC5DA5E8601C1AFDD7, AC0D90E2DB3051798B9D287CF3D0E92FED4000822E65A82775A29CF896B76F04 ] usbehci         C:\WINDOWS\System32\drivers\usbehci.sys
07:43:09.0367 0x2a18  usbehci - ok
07:43:09.0379 0x2a18  [ 7FFD26742321919590ED77FCA556D65F, F7FAB63C36F8519F5A7B9091C507F3CB580C390322FAF9155CCE7F66C965B968 ] usbhub          C:\WINDOWS\System32\drivers\usbhub.sys
07:43:09.0398 0x2a18  usbhub - ok
07:43:09.0410 0x2a18  [ 7A749B2863B5561BE34B39E8E249AD8F, E5B67DFAF5407007FD0CC408D6B4BA19DF59584819FC715E9F9E0FBF3EA00AAB ] USBHUB3         C:\WINDOWS\System32\drivers\UsbHub3.sys
07:43:09.0429 0x2a18  USBHUB3 - ok
07:43:09.0432 0x2a18  [ D2109F1F4FEBF1DAC415CDC5DE876479, C8A871EBD0E5EF004BA622A73DAC36C03608CD317FDCD0A6A98608DF4CC10D55 ] usbohci         C:\WINDOWS\System32\drivers\usbohci.sys
07:43:09.0442 0x2a18  usbohci - ok
07:43:09.0445 0x2a18  [ 29C9572F2D061CFC3C0BD48A3163E343, 2527DCC9E6D421F5DC40051C787A5270EB077746785465C9AA2A2AEEF47307D5 ] usbprint        C:\WINDOWS\System32\drivers\usbprint.sys
07:43:09.0455 0x2a18  usbprint - ok
07:43:09.0459 0x2a18  [ 429477D6DEF3321FF7D3EF23CAAADA00, BB7D2AFE99736AAFFA8B0B2DABF7D6A6D5CB9563B1DE6A7E86CE7DC9D27F31C0 ] usbser          C:\WINDOWS\System32\drivers\usbser.sys
07:43:09.0469 0x2a18  usbser - ok
07:43:09.0474 0x2a18  [ 0CC16F7B91C57AE9A4E44425A295FDAA, 7CEE11955E5742DA390601F565412C14A7481B8747C495CCD246696C56B426DC ] USBSTOR         C:\WINDOWS\System32\drivers\USBSTOR.SYS
07:43:09.0483 0x2a18  USBSTOR - ok
07:43:09.0487 0x2a18  [ C917D09064CDBD18F75ADC9B2C48F847, A7F6223346CCD7E84186CD0C0715014F8E3A4398298925A43290224678620D23 ] usbuhci         C:\WINDOWS\System32\drivers\usbuhci.sys
07:43:09.0496 0x2a18  usbuhci - ok
07:43:09.0505 0x2a18  [ 95BCCEFBC40D06484CF16144FE79B8A5, 8ABA73C5FFEDD319FB96B807AD08716698E557522478DF1A2C5D662675636AE0 ] USBXHCI         C:\WINDOWS\System32\drivers\USBXHCI.SYS
07:43:09.0520 0x2a18  USBXHCI - ok
07:43:09.0557 0x2a18  [ 4CC81AB9D380A6264FF4C0C1512CF965, 76C33053D1C9155B0F3F8392FF982AD4EABEE2BBBEE89EA41DBFE8E436973EB0 ] UserDataSvc     C:\WINDOWS\System32\userdataservice.dll
07:43:09.0650 0x2a18  UserDataSvc - ok
07:43:09.0677 0x2a18  [ AA24C61D88E36BA1144072227922173D, 2EBBC827E740F72EA2E75745E585378189BC0DEE91CACD7FA31BDBC5EFCF8733 ] UserManager     C:\WINDOWS\System32\usermgr.dll
07:43:09.0725 0x2a18  UserManager - ok
07:43:09.0745 0x2a18  [ 8842ED1E87D7662F249B5B63501E693B, A6D71351C2F32295926664875369C0BF93C59541B023884BDAC684E1EA94487A ] USER_ESRV_SVC_QUEENCREEK C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
07:43:09.0770 0x2a18  USER_ESRV_SVC_QUEENCREEK - ok
07:43:09.0796 0x2a18  [ EBF9E40845362DBE2AD0DB3077269488, A6363006350D097F95B03A2F44E1D3FBD3BC40048BE57C715CD7CBC22D1EE70B ] UsoSvc          C:\WINDOWS\system32\usocore.dll
07:43:09.0853 0x2a18  UsoSvc - ok
07:43:09.0860 0x2a18  [ 6F8E95716C1A27FF2FE96D30B147F1C1, 9403E9FE8B13EE294CFBBD96649BBD54CF723CF5872E3E03DA4380379D677983 ] VaultSvc        C:\WINDOWS\system32\lsass.exe
07:43:09.0876 0x2a18  VaultSvc - ok
07:43:09.0908 0x2a18  [ 778326796B64809765151DB97A7494A1, E6104C3AB34CB88F0DF19C697DDD53E3785CD2FD42042B1BC655064A617B3F4E ] VBoxDrv         C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
07:43:09.0951 0x2a18  VBoxDrv - ok
07:43:09.0960 0x2a18  [ EA1E84950229EF42D4C1B0E9CB54CDA2, 63B4A5A4EF3A04ED415B11CDB66661A1E4FFF2E459EF4469EECD3008AA9A1CE9 ] VBoxNetAdp      C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys
07:43:09.0968 0x2a18  VBoxNetAdp - ok
07:43:09.0975 0x2a18  [ 37A0640F1B21E870DF6F4D634DFF6EF0, 9B200FC803E1C56172FF228DF9B508572349FEEBE9125995807F5937CF7B7145 ] VBoxNetLwf      C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys
07:43:09.0985 0x2a18  VBoxNetLwf - ok
07:43:09.0991 0x2a18  [ 28C4EB89F3ABD3147A31FA25AFA48791, 89ECF76A30DE8718AED39C8FA2D442128C8C4D1F43816D167836421B7064B11E ] VBoxUSBMon      C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
07:43:09.0998 0x2a18  VBoxUSBMon - ok
07:43:10.0002 0x2a18  [ 0CBDE344FB48E42D78E29469F202ADBC, A1C3FBA5409DD3BBEAF1D3CE2583D6C8A621C0E4F534155EC540AFD67BC9E8CA ] vdrvroot        C:\WINDOWS\system32\drivers\vdrvroot.sys
07:43:10.0011 0x2a18  vdrvroot - ok
07:43:10.0024 0x2a18  [ 0783EDE1FA94649ED7F3CEF6A734041A, 1A13A613EF6B67459031C7994FFC6F32F73E02E0F123A171618E4F011C635684 ] vds             C:\WINDOWS\System32\vds.exe
07:43:10.0054 0x2a18  vds - ok
07:43:10.0061 0x2a18  [ 723195568C8755CAD57F7933C5F2C5C2, 5C403799F67223605F825BC16D217C1EF5E1A0DDF00AC6380FE8976339B67D9B ] VerifierExt     C:\WINDOWS\system32\drivers\VerifierExt.sys
07:43:10.0073 0x2a18  VerifierExt - ok
07:43:10.0078 0x2a18  [ E4DA1D85CCCB610DFF0C0E116900E17F, 874EB88B9E2743654094F04AB04C254BBDFBCDECBB200514E73F696098B847F3 ] vflt            C:\WINDOWS\system32\DRIVERS\vfilter.sys
07:43:10.0083 0x2a18  vflt - detected UnsignedFile.Multi.Generic ( 1 )
07:43:10.0342 0x2a18  Detect skipped due to KSN trusted
07:43:10.0342 0x2a18  vflt - ok
07:43:10.0387 0x2a18  [ 3BB8D153A9A514EC9FFCB586251A1925, 5E4B46511F9791699826DC63B35528544347166BDE9981FB93F1F7F2A09599C7 ] vhdmp           C:\WINDOWS\System32\drivers\vhdmp.sys
07:43:10.0451 0x2a18  vhdmp - ok
07:43:10.0458 0x2a18  [ 7929228F0E8B0C2FA0495A17A4FC27F6, 1F1667B10A96B1D85ED165F62A5C0EF28C37F828B8280EA08BFCC1BAC03F2C90 ] vhf             C:\WINDOWS\System32\drivers\vhf.sys
07:43:10.0474 0x2a18  vhf - ok
07:43:10.0479 0x2a18  [ AEE432ED868831B1F068E373598F6D93, BAE91F47B0CB94B826CA010B490AD924D7B715911DF3FCE62F9165F3B571105C ] vmbus           C:\WINDOWS\system32\drivers\vmbus.sys
07:43:10.0491 0x2a18  vmbus - ok
07:43:10.0495 0x2a18  [ 9444B23FC694B5F90F21B0FC7F10D8DD, 86F92856F5C985DD8E5993B51E85E1F47EF8C9B2FB37468998C94266963BB4BD ] VMBusHID        C:\WINDOWS\System32\drivers\VMBusHID.sys
07:43:10.0507 0x2a18  VMBusHID - ok
07:43:10.0511 0x2a18  [ 4D0287F566B36536DD812A54C015FC4A, 01D6508CA59CF04A47902B1F7C202FD14A81240E0B447588D919DD1072B040CF ] vmgid           C:\WINDOWS\System32\drivers\vmgid.sys
07:43:10.0521 0x2a18  vmgid - ok
07:43:10.0531 0x2a18  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicguestinterface C:\WINDOWS\System32\icsvc.dll
07:43:10.0557 0x2a18  vmicguestinterface - ok
07:43:10.0567 0x2a18  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicheartbeat   C:\WINDOWS\System32\icsvc.dll
07:43:10.0587 0x2a18  vmicheartbeat - ok
07:43:10.0595 0x2a18  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmickvpexchange C:\WINDOWS\System32\icsvc.dll
07:43:10.0615 0x2a18  vmickvpexchange - ok
07:43:10.0624 0x2a18  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicrdv         C:\WINDOWS\System32\icsvcext.dll
07:43:10.0645 0x2a18  vmicrdv - ok
07:43:10.0653 0x2a18  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicshutdown    C:\WINDOWS\System32\icsvc.dll
07:43:10.0668 0x2a18  vmicshutdown - ok
07:43:10.0675 0x2a18  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmictimesync    C:\WINDOWS\System32\icsvc.dll
07:43:10.0690 0x2a18  vmictimesync - ok
07:43:10.0696 0x2a18  [ 704609D80666FCB1DAE91260CF2CBB20, 0764DA123DA3FE8543B9205DDF17B0621E6A0F0DF95E8C3D177FD3FAED516119 ] vmicvmsession   C:\WINDOWS\System32\icsvc.dll
07:43:10.0712 0x2a18  vmicvmsession - ok
07:43:10.0721 0x2a18  [ 0F621B52259D88A719AA20C6D04E3D72, 80B0528CCDE6E1B6F092787E1C0769C649698B196602859A5855134F0ECCBAE5 ] vmicvss         C:\WINDOWS\System32\icsvcext.dll
07:43:10.0738 0x2a18  vmicvss - ok
07:43:10.0742 0x2a18  [ A99CA064AD11266FE7067A79BF78BBB5, B5AFFBA1A9A6E51639A89B9F6C0678E70F73D2BF37D5F88F4AD45DFC6798597D ] vnet            C:\WINDOWS\System32\drivers\virtualnet.sys
07:43:10.0746 0x2a18  vnet - detected UnsignedFile.Multi.Generic ( 1 )
07:43:11.0002 0x2a18  Detect skipped due to KSN trusted
07:43:11.0002 0x2a18  vnet - ok
07:43:11.0016 0x2a18  [ 29075915F9BDC3437F8BED71C067D399, 2C7718080C11DFDD4C9A2085537F78F5633369B4A27D9C64168F0249594A4AA2 ] volmgr          C:\WINDOWS\system32\drivers\volmgr.sys
07:43:11.0052 0x2a18  volmgr - ok
07:43:11.0080 0x2a18  [ 6BDB6CE6D2D9E3D3F28F1C97E12B62E2, 5E77D7AF858D7B90FF395F39B86D6F96413D1DDEA28BC9FB40C5524A4DF6DAD0 ] volmgrx         C:\WINDOWS\system32\drivers\volmgrx.sys
07:43:11.0127 0x2a18  volmgrx - ok
07:43:11.0144 0x2a18  [ BF2546583BB75F01DDA60A7921DFB230, 579BD0BC55F4F03CD8D1FCDAC3975A1649C688820F2F7FC1AD354132D9E3BEE9 ] volsnap         C:\WINDOWS\system32\drivers\volsnap.sys
07:43:11.0173 0x2a18  volsnap - ok
07:43:11.0180 0x2a18  [ AC2E20A74D09D24485BE8396CE04F07B, 23FCE8BEE01B89E5CDCA536D75DBA6DCE3E92E13178A66836CEB7829310A89D1 ] volume          C:\WINDOWS\system32\drivers\volume.sys
07:43:11.0194 0x2a18  volume - ok
07:43:11.0203 0x2a18  [ 92F6E3E6D3F1795263EB34B37F74AEF7, 33AB1ECCA1216AF1995E1DB4F11E48156FF62391D7C176C8A4CC1037B9CB3A27 ] vpci            C:\WINDOWS\System32\drivers\vpci.sys
07:43:11.0219 0x2a18  vpci - ok
07:43:11.0223 0x2a18  [ 57A9E69BF96F7A22D7256C3E6295A8DB, EC54CA7C2D8AF80EBD5D6FF05C6A8D217D0FCD800F32E84EA128C64621DB0765 ] VPNManager      C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
07:43:11.0228 0x2a18  VPNManager - detected UnsignedFile.Multi.Generic ( 1 )
07:43:11.0603 0x2a18  VPNManager ( UnsignedFile.Multi.Generic ) - warning
07:43:11.0993 0x2a18  [ FD9BCB8920973CEAD4D49DC7A6D8A618, 34AB4A485FB40DF737600006D8323BE927FB0BDA2BC170F4C123BE775EAE7CC8 ] vsmraid         C:\WINDOWS\system32\drivers\vsmraid.sys
07:43:12.0027 0x2a18  vsmraid - ok
07:43:12.0075 0x2a18  [ 01FFD5AF533F2CFDF26DDDC9313731C1, BFF0F2E57CD2358AC8F519F6F5692A46D97EC4E9B763D47101CEF31712FD4738 ] VSS             C:\WINDOWS\system32\vssvc.exe
07:43:12.0136 0x2a18  VSS - ok
07:43:12.0145 0x2a18  [ 0C111F220798CCE80484026E06822379, B98A5E44D3ABA67E6DE99E18BF3C2C606923E6269E262665C721F672ACBBED2A ] VSTXRAID        C:\WINDOWS\system32\drivers\vstxraid.sys
07:43:12.0158 0x2a18  VSTXRAID - ok
07:43:12.0161 0x2a18  [ 607639716E9DB1CEF4E18B5B229293B4, 1D997177093F907EFE8A04AD10443BB9C355C0D7657DBD449E7EE7FCABC3ECBC ] vwifibus        C:\WINDOWS\System32\drivers\vwifibus.sys
07:43:12.0170 0x2a18  vwifibus - ok
07:43:12.0174 0x2a18  [ B1ED64E628763148BF84FBE23F2AD711, 6182A39675E6049BC3DD353694720795A8E3D0331509AA8ABA4883D5C569AD5E ] vwififlt        C:\WINDOWS\system32\drivers\vwififlt.sys
07:43:12.0183 0x2a18  vwififlt - ok
07:43:12.0187 0x2a18  [ 59920894C38A827091A06AF559834E47, 8B40FE0B1BA3B2A79BFF70803D039DB921F85C978724722E5E5AFF188FA75471 ] vwifimp         C:\WINDOWS\System32\drivers\vwifimp.sys
07:43:12.0196 0x2a18  vwifimp - ok
07:43:12.0207 0x2a18  [ 76C1CC611352499326001F25A3ED15F8, 228BFA8A01BB1B3868576D509A2EA6F3D37FEDC8F12D4DC4E0A84CE926C6D1B1 ] W32Time         C:\WINDOWS\system32\w32time.dll
07:43:12.0233 0x2a18  W32Time - ok
07:43:12.0237 0x2a18  [ 55D00B785A7587F4263D125817871283, B92400B229099C1E243F2B149881A1423A2E9C8CA2D77D868B9B923BFDEC7FF2 ] WacomPen        C:\WINDOWS\System32\drivers\wacompen.sys
07:43:12.0248 0x2a18  WacomPen - ok
07:43:12.0258 0x2a18  [ 1483BE4D0135C378CB61D3CD73AB3E03, B7309C9E4F370860C507BF52D17234CDF4A7FAE95D2D822714E07EF5DEC0249B ] WalletService   C:\WINDOWS\system32\WalletService.dll
07:43:12.0278 0x2a18  WalletService - ok
07:43:12.0283 0x2a18  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarp          C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:12.0297 0x2a18  wanarp - ok
07:43:12.0300 0x2a18  [ CEF3D306C09BEC1A800E9B4A06F859F6, 75D21F97E9F94FA97024F945AF512FEC94F88DD8073F3FAD92A6E0A9FDC586DB ] wanarpv6        C:\WINDOWS\system32\DRIVERS\wanarp.sys
07:43:12.0314 0x2a18  wanarpv6 - ok
07:43:12.0341 0x2a18  [ 30B8286F8FE1AE90A583100D45E02247, 3C86A4A5E21F9A1267EA231B20914E0A162BA4C25FE8917AD3AB6D504DA5BE0C ] wbengine        C:\WINDOWS\system32\wbengine.exe
07:43:12.0390 0x2a18  wbengine - ok
07:43:12.0409 0x2a18  [ 8C521D161445C3E1F38A494E7649E70D, F00990B2FE1FB52C74A2057E6480C5EBF2BDBC32955CC03C6B63360F20A49A18 ] WbioSrvc        C:\WINDOWS\System32\wbiosrvc.dll
07:43:12.0442 0x2a18  WbioSrvc - ok
07:43:12.0447 0x2a18  [ E330144B97D493AA886000DCAAA8DAF5, ED86F46F5A76FD8F06CA98BD61B174ADB9AD4B065394356872708DF8B614E4F9 ] wcifs           C:\WINDOWS\system32\drivers\wcifs.sys
07:43:12.0457 0x2a18  wcifs - ok
07:43:12.0470 0x2a18  [ 32960EA9CF836D7DD77767DCB68CE230, 679446A4FAB0331C181D2716CAEA225267C6164BB9867E360C5B3D6AB1083195 ] Wcmsvc          C:\WINDOWS\System32\wcmsvc.dll
07:43:12.0512 0x2a18  Wcmsvc - ok
07:43:12.0524 0x2a18  [ D50645235A507B0546B1B5CF7D0B8849, 19F5FE10C953B8EE8EEDA9A9F7F2E97AA193BB085E7FC364066686089ADD1C9F ] wcncsvc         C:\WINDOWS\System32\wcncsvc.dll
07:43:12.0545 0x2a18  wcncsvc - ok
07:43:12.0551 0x2a18  [ AEA1093B751339267D8C8C1EF3D669CF, 8F3325E7FB16BD856A0593C36F2E3E018909038C52CD5F92E116E0C1366F31CB ] wcnfs           C:\WINDOWS\system32\drivers\wcnfs.sys
07:43:12.0562 0x2a18  wcnfs - ok
07:43:12.0566 0x2a18  [ D520B1B849B6D4D707AB31722B952C2D, 149BABB7BD63C1F212ADD9306C84FFB2A5CE6DC435BD3213EAB787E9B222C61F ] WdBoot          C:\WINDOWS\system32\drivers\WdBoot.sys
07:43:12.0575 0x2a18  WdBoot - ok
07:43:12.0591 0x2a18  [ 5030C76047D756263093A47B82970868, E772F15973F6DE36851DD230F1F4190746CD81CA1E7284DC074711C4BF45CAF0 ] Wdf01000        C:\WINDOWS\system32\drivers\Wdf01000.sys
07:43:12.0616 0x2a18  Wdf01000 - ok
07:43:12.0625 0x2a18  [ 29FF9199EDEB4F5470BB134D1A2563D2, 94713F98A6EA6042203D5DD0DE6758F5F0F331F7D4BB05E91EF20CEEEBD6780F ] WdFilter        C:\WINDOWS\system32\drivers\WdFilter.sys
07:43:12.0638 0x2a18  WdFilter - ok
07:43:12.0642 0x2a18  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiServiceHost  C:\WINDOWS\system32\wdi.dll
07:43:12.0657 0x2a18  WdiServiceHost - ok
07:43:12.0661 0x2a18  [ E7A7E8803E66B7CCED95D327A4DBC135, 401ECD953D4014A95C9022822D9ACEC1A68C917281DBA2365503A473FC6D9507 ] WdiSystemHost   C:\WINDOWS\system32\wdi.dll
07:43:12.0674 0x2a18  WdiSystemHost - ok
07:43:12.0689 0x2a18  [ 8CB606A3057355FD5A9DBDD1A0AC94EF, 6DD0B4A2270633086EBB569A00B87430EE6EF173525E341404B15845B57BE86D ] wdiwifi         C:\WINDOWS\system32\DRIVERS\wdiwifi.sys
07:43:12.0716 0x2a18  wdiwifi - ok
07:43:12.0722 0x2a18  [ 17CF416CFF408190F5A4CBD79AB12E55, E376C8865C7EA633AE20D2CF940E4C7584AC783BAAF7941780FB6C4C84802F33 ] WdNisDrv        C:\WINDOWS\system32\Drivers\WdNisDrv.sys
07:43:12.0731 0x2a18  WdNisDrv - ok
07:43:12.0733 0x2a18  WdNisSvc - ok
07:43:12.0740 0x2a18  [ 3570C4E14F85CE0B537D126727ACA91C, A474C9E6B6E4E5945C63367C1D3D24D4782C4A4FEB00FAE15DFED099D8283078 ] WebClient       C:\WINDOWS\System32\webclnt.dll
07:43:12.0758 0x2a18  WebClient - ok
07:43:12.0764 0x2a18  [ 1785F9C96A0BDEC1F6E0C79EF412F342, D6D4EDA69457BEDDA69C2F60FC4C2FAC97D46CD8E9C1804CCD68F169383583E3 ] Wecsvc          C:\WINDOWS\system32\wecsvc.dll
07:43:12.0782 0x2a18  Wecsvc - ok
07:43:12.0787 0x2a18  [ B9175D63527B05131F2FA504CF0265F2, 1E43A17788F1B6A29E2889C81E0BE100D64BD3A9DEE7C154D9581F01D2D7D05F ] WEPHOSTSVC      C:\WINDOWS\system32\wephostsvc.dll
07:43:12.0798 0x2a18  WEPHOSTSVC - ok
07:43:12.0803 0x2a18  [ 5C58EC0C9D4DE04DCDE56F6DCEA62080, 8ED386EDF4C39C339CE0BB2AC7E199C38705E5A6B3F56A4987B9A8ABD19BB59F ] wercplsupport   C:\WINDOWS\System32\wercplsupport.dll
07:43:12.0821 0x2a18  wercplsupport - ok
07:43:12.0828 0x2a18  [ F899B355CC95AF26AB36E84E8A0DD685, C400F2F80FFF6473FEF066943C4A2AFF0FFE988A4F755757A2E5005C2A10DAD8 ] WerSvc          C:\WINDOWS\System32\WerSvc.dll
07:43:12.0843 0x2a18  WerSvc - ok
07:43:12.0848 0x2a18  [ E1785942AC51FEE6826CDF02075C5AA9, 56FE7017684086F4F9C3A2C0D3AC00369BA0938BA3987EEBEE9A75B8E3CA0AE1 ] WFPLWFS         C:\WINDOWS\system32\drivers\wfplwfs.sys
07:43:12.0859 0x2a18  WFPLWFS - ok
07:43:12.0863 0x2a18  [ B154618505A6A9026EFA6AB8C4123BF1, 713648D71AA027B4472E7E75B942630DBE7383687984B02A5E99C9E4192C95EB ] WiaRpc          C:\WINDOWS\System32\wiarpc.dll
07:43:12.0874 0x2a18  WiaRpc - ok
07:43:12.0878 0x2a18  [ 0CF79A0EACFFBB75A50A469A27696D02, E112BF7B5A8D0B0AD2EA0E7B9FD4E8CFEC9371C8E94A60248292D688AFE715C4 ] WIMMount        C:\WINDOWS\system32\drivers\wimmount.sys
07:43:12.0886 0x2a18  WIMMount - ok
07:43:12.0888 0x2a18  WinDefend - ok
07:43:12.0897 0x2a18  [ 0DE131733317EB4BE67028366B0CAAC6, AC7DADBF03A3752B4D33CA19F03DBCEDD6F56893C2DA25C98B0AB07063D990E3 ] WindowsTrustedRT C:\WINDOWS\system32\drivers\WindowsTrustedRT.sys
07:43:12.0909 0x2a18  WindowsTrustedRT - ok
07:43:12.0913 0x2a18  [ 92EB5D38BDF10C790450F3E46BF93A0E, 0FC027398DBD43EDC1F7D703C0B6DB20294DF34E67C9288442039B1A5663CE1B ] WindowsTrustedRTProxy C:\WINDOWS\system32\drivers\WindowsTrustedRTProxy.sys
07:43:12.0921 0x2a18  WindowsTrustedRTProxy - ok
07:43:12.0938 0x2a18  [ C2A3B07F0118D61086C99BDCBAB6A6A3, 04D646BEF1C6F427503C594F0ECBB33140C3991A3A7AFB66B2C9581E358F9FD2 ] WinHttpAutoProxySvc C:\WINDOWS\system32\winhttp.dll
07:43:12.0970 0x2a18  WinHttpAutoProxySvc - ok
07:43:12.0975 0x2a18  [ F95DE20312ACCA7761446DE152BD1F7C, F6C5ACA500C2182437F4A7402BD81C3A2B77C0BBD78BA31FB574DC1997FCBFE6 ] WinMad          C:\WINDOWS\System32\drivers\winmad.sys
07:43:12.0983 0x2a18  WinMad - ok
07:43:12.0997 0x2a18  [ CD49CA8E3280ACEEC5ECF431A59F5EFD, 75F48EFC6DEE9E06B490703EE47602AFDEA51505285B02D2CF884601E71857CC ] Winmgmt         C:\WINDOWS\system32\wbem\WMIsvc.dll
07:43:13.0036 0x2a18  Winmgmt - ok
07:43:13.0132 0x2a18  [ B8C0D620219ECAA23A2AC841EAF454D1, FB527C4D36929D7FAE2A837727C557B7823A72069EBCAB7D16C49E8B21E8D952 ] WinRM           C:\WINDOWS\system32\WsmSvc.dll
07:43:13.0238 0x2a18  WinRM - ok
07:43:13.0250 0x2a18  [ 4EFB346BFDAEEB29316AA52BBB9852B1, 4BC5554F44BD9549D0A929D77BD410FA3EB502A7D0170303D369268672505494 ] WINUSB          C:\WINDOWS\System32\drivers\WinUSB.SYS
07:43:13.0262 0x2a18  WINUSB - ok
07:43:13.0266 0x2a18  [ 8B9AFF5F08E66A6F1F1063DEC9457FB6, 98F2AF6988D125521FD34CAA48B9652922F0C8ECFAE9B0C1DF4B3CE6B9CF500F ] WinVerbs        C:\WINDOWS\System32\drivers\winverbs.sys
07:43:13.0275 0x2a18  WinVerbs - ok
07:43:13.0288 0x2a18  [ ECD999D8412A3473C26B118F89DB9908, 5FB9B93E4B5482CCFF01D805DFA386FD8D3441BC81E7BD5DF89EE3078FD724F3 ] wisvc           C:\WINDOWS\system32\flightsettings.dll
07:43:13.0318 0x2a18  wisvc - ok
07:43:13.0372 0x2a18  [ 7671078AEF4C0203B053A9642C401FF7, BBFADA89CD31F20ADDBFAFAD2E492C72D82BF2F8B823BB6773F04D229B62534C ] WlanSvc         C:\WINDOWS\System32\wlansvc.dll
07:43:13.0455 0x2a18  WlanSvc - ok
07:43:13.0530 0x2a18  [ E15711970C5BE05E8D70B294D0AFF621, 30670CFC4DA57B4A3E0E895E4111100D847BB8041A258A303524CD96DC566482 ] wlidsvc         C:\WINDOWS\system32\wlidsvc.dll
07:43:13.0602 0x2a18  wlidsvc - ok
07:43:13.0609 0x2a18  [ 6F4F4F5A007D1710BD76FB311DA97C07, FC0FEA4364F6BA4E31DBC82735D09D429CA3BE9AFCFF5D5E1263D8B27FC2CE3E ] WmiAcpi         C:\WINDOWS\System32\drivers\wmiacpi.sys
07:43:13.0617 0x2a18  WmiAcpi - ok
07:43:13.0625 0x2a18  [ 3CDDFF6CAD962C5EF1C52FD667C358B6, F6F09145E9461EB17172988D26749FCF36920A1A683459334D04A6D072B31A92 ] wmiApSrv        C:\WINDOWS\system32\wbem\WmiApSrv.exe
07:43:13.0638 0x2a18  wmiApSrv - ok
07:43:13.0641 0x2a18  WMPNetworkSvc - ok
07:43:13.0647 0x2a18  [ 43C8D087B31C592163B33A4BDA540E40, 3A6C4E5E56931B29321DCC723585F2F0E804EF4DCDEAB2A8687F30FC3AE70E43 ] Wof             C:\WINDOWS\system32\drivers\Wof.sys
07:43:13.0659 0x2a18  Wof - ok
07:43:13.0692 0x2a18  [ 909CB4BBF7B08E78C363000E09E79A6F, 217205D1B5EE03274AFF9405AED6D2A5665CBA4C3876E84B53DA44920CDF9CB1 ] workfolderssvc  C:\WINDOWS\system32\workfolderssvc.dll
07:43:13.0749 0x2a18  workfolderssvc - ok
07:43:13.0756 0x2a18  [ F02930EB91596042F2221397D60AFCE5, 10E2AB0993B67CBAA9E11C68280608965064EC9F7E0C570F5B453FACADB8AB5D ] WPDBusEnum      C:\WINDOWS\system32\wpdbusenum.dll
07:43:13.0768 0x2a18  WPDBusEnum - ok
07:43:13.0772 0x2a18  [ 75A9284F01FE7CB1A7D5EAE5C1EB4F33, 390EF23AEA06D8711555F7979FF8BE0620B53C1A551638C4EC6FB7C6678965B3 ] WpdUpFltr       C:\WINDOWS\system32\drivers\WpdUpFltr.sys
07:43:13.0779 0x2a18  WpdUpFltr - ok
07:43:13.0786 0x2a18  [ 60E2EB3E7B7F15C25E02462159F90707, D8344B529EEC0D4922CAC3E6897CC9F191ACF1376017BE38ED6BF6019F1ED181 ] WpnService      C:\WINDOWS\system32\WpnService.dll
07:43:13.0803 0x2a18  WpnService - ok
07:43:13.0807 0x2a18  [ C7C91FB86A3C6CD7619725A88ED1884C, 132C43C518F37BF303D768BD5FB0AB835F693C43FE693937D804A34E940D770F ] WpnUserService  C:\WINDOWS\System32\WpnUserService.dll
07:43:13.0818 0x2a18  WpnUserService - ok
07:43:13.0824 0x2a18  [ 36D7B73ADC3E10607ED6EC874AFB5D1E, 1737B3E4D2CA76BB27903BF460E4960E6A0BC32D35069AC7C5E4B07F625F3282 ] ws2ifsl         C:\WINDOWS\system32\drivers\ws2ifsl.sys
07:43:13.0833 0x2a18  ws2ifsl - ok
07:43:13.0839 0x2a18  [ 9A0E0B836413EB0BC885532D2A5389D6, AFEE4A0578D5581E4D72999A33C0DEA6253BD891F611AFF9AFDE4160A60105F3 ] wscsvc          C:\WINDOWS\System32\wscsvc.dll
07:43:13.0858 0x2a18  wscsvc - ok
07:43:13.0862 0x2a18  [ 696EC2EAA2A42A137CCBB9A84D6917C0, 424089F4F373962AF8357C5D4D43F35948989BE3F58EAD3690F565F4C1BBC66F ] WSDPrintDevice  C:\WINDOWS\System32\drivers\WSDPrint.sys
07:43:13.0871 0x2a18  WSDPrintDevice - ok
07:43:13.0875 0x2a18  [ 46E4A69825A7554A5DB784A55F8AD203, 7F347054FCDD5DEF93083D420E56EBE5EEBBAE2BD2FED9B2E75E85149DE52780 ] WSDScan         C:\WINDOWS\system32\DRIVERS\WSDScan.sys
07:43:13.0883 0x2a18  WSDScan - ok
07:43:13.0887 0x2a18  WSearch - ok
07:43:13.0942 0x2a18  [ DDB7E452A99E0E5244105C6D2CF4BC9E, 1364B03AFFD20D339A2EBA303575BCCBC2D122D89810B1E3593CC55F93F9B79A ] wuauserv        C:\WINDOWS\system32\wuaueng.dll
07:43:14.0031 0x2a18  wuauserv - ok
07:43:14.0038 0x2a18  [ AED7FE551E8672B824A56324076183EB, FFE543AAEFDEFFE6B20C244DB141A9425BDA88ED36F4870F0B70FEC433BDF0C1 ] WudfPf          C:\WINDOWS\system32\drivers\WudfPf.sys
07:43:14.0050 0x2a18  WudfPf - ok
07:43:14.0057 0x2a18  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFRd          C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:43:14.0072 0x2a18  WUDFRd - ok
07:43:14.0077 0x2a18  [ 47F6450F28BAA32B2AB0D6BE00996249, C8A47D6ADF89AD613AB685C6224B9099DCEFDCD8ABCF703542AFDC356404116E ] wudfsvc         C:\WINDOWS\System32\WUDFSvc.dll
07:43:14.0091 0x2a18  wudfsvc - ok
07:43:14.0097 0x2a18  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdFs       C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:43:14.0111 0x2a18  WUDFWpdFs - ok
07:43:14.0117 0x2a18  [ CEFAB17FD7DFCFA515626C306262E89D, 9D2B728DDD478580987E2DB7AA4DA81D77F3362F536AC1CADED20EB6ECEBB55D ] WUDFWpdMtp      C:\WINDOWS\system32\DRIVERS\WUDFRd.sys
07:43:14.0131 0x2a18  WUDFWpdMtp - ok
07:43:14.0152 0x2a18  [ E231728BC515A4B85543AF74A1FEDFCB, 5D250D7D789B5BB56BFA2E7A109BCEB3686B7636C54D89F4E9804101D145C955 ] WwanSvc         C:\WINDOWS\System32\wwansvc.dll
07:43:14.0240 0x2a18  WwanSvc - ok
07:43:14.0264 0x2a18  [ F39D6915451D9226AC9A5E7AE70E2ABA, E05D678DC0423A4D0EB8B3BB5A942721BB4F3B0BED22748252DBD6053FE956F1 ] XblAuthManager  C:\WINDOWS\System32\XblAuthManager.dll
07:43:14.0308 0x2a18  XblAuthManager - ok
07:43:14.0334 0x2a18  [ 765FF96467A26C4C03281ECA426EC2D9, 2526B03C518D72F429C29BA4D4F11707AF277BF71520A1A92238A932950AE161 ] XblGameSave     C:\WINDOWS\System32\XblGameSave.dll
07:43:14.0383 0x2a18  XblGameSave - ok
07:43:14.0392 0x2a18  [ 9627BBAA50878F6833A6A7843EE3B1D9, 637566BB56501C4D11E3B6E6AC1C602D880C9D357CCE3DF1DF74EE672744F2B7 ] xboxgip         C:\WINDOWS\System32\drivers\xboxgip.sys
07:43:14.0424 0x2a18  xboxgip - ok
07:43:14.0444 0x2a18  [ 335E6F2BE58523B295945C840C185B00, 94ED7E2CB212A3D55B8A2CB90CD1D02A6AF92DC0DDD487CB5B7CAC9883343460 ] XboxNetApiSvc   C:\WINDOWS\system32\XboxNetApiSvc.dll
07:43:14.0483 0x2a18  XboxNetApiSvc - ok
07:43:14.0489 0x2a18  [ 63088A3361D9A308F328F11E9099DD87, E03FDB932FC57F199C8F8A8EADA338BDF7D2F9C6CB8FAB679A92B48B1E5AFE8A ] xinputhid       C:\WINDOWS\System32\drivers\xinputhid.sys
07:43:14.0507 0x2a18  xinputhid - ok
07:43:14.0512 0x2a18  [ 41B44BB3C8795E7B2E800BA812D91AA7, F798456DA72AEE77D0640A818A03FEB046428BD9AC21AF6E0B5D79C45F69CB7D ] XTU3SERVICE     C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
07:43:14.0519 0x2a18  XTU3SERVICE - ok
07:43:14.0536 0x2a18  ================ Scan global ===============================
07:43:14.0542 0x2a18  [ 0C710DB449712EE13ACE733695DB7780, BBC7875B38D318CE4E88979D083AC72E8993254A466A8A6882DDE9E0C3B687A3 ] C:\WINDOWS\system32\basesrv.dll
07:43:14.0549 0x2a18  [ 4C08BF958476A137C78B62B22B5F90A4, 11DDD033896C96F8F7F1A1EDD0F4E0F07AFBB3202DC8A2E5E3ADB51C4D0700D4 ] C:\WINDOWS\system32\winsrv.dll
07:43:14.0556 0x2a18  [ 1EE06E957B0B2CA52D26DA7861E160EF, 4B743A1C7010138F5F6684BBCF7CAD6FD05F49920BDD3FDB776347AA6B44AB94 ] C:\WINDOWS\system32\sxssrv.dll
07:43:14.0568 0x2a18  [ 3C69CC28665854F1AAB4B4005005FA31, 2750F5ECCD448C07E3402AA64EA625D27C6BC1D000A3FFE57C03D62428BB46C4 ] C:\WINDOWS\system32\services.exe
07:43:14.0575 0x2a18  [ Global ] - ok
07:43:14.0576 0x2a18  ================ Scan MBR ==================================
07:43:14.0578 0x2a18  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
07:43:14.0628 0x2a18  \Device\Harddisk0\DR0 - ok
07:43:14.0628 0x2a18  ================ Scan VBR ==================================
07:43:14.0629 0x2a18  [ 6DBC9C111D5E4473958A88B19C2BCE37 ] \Device\Harddisk0\DR0\Partition1
07:43:14.0630 0x2a18  \Device\Harddisk0\DR0\Partition1 - ok
07:43:14.0631 0x2a18  [ 2D524F05766D084E9BC1747B63390F77 ] \Device\Harddisk0\DR0\Partition2
07:43:14.0631 0x2a18  \Device\Harddisk0\DR0\Partition2 - ok
07:43:14.0634 0x2a18  [ 1D03FB51706492D56D9B8122F0C7F4F1 ] \Device\Harddisk0\DR0\Partition3
07:43:14.0635 0x2a18  \Device\Harddisk0\DR0\Partition3 - ok
07:43:14.0636 0x2a18  [ 74E36C83F7C7F59A2BC36A13CA10C585 ] \Device\Harddisk0\DR0\Partition4
07:43:14.0637 0x2a18  \Device\Harddisk0\DR0\Partition4 - ok
07:43:14.0640 0x2a18  [ E8F21394727A2212A12935B2EEE4A600 ] \Device\Harddisk0\DR0\Partition5
07:43:14.0643 0x2a18  \Device\Harddisk0\DR0\Partition5 - ok
07:43:14.0644 0x2a18  ================ Scan generic autorun ======================
07:43:14.0755 0x2a18  [ 0C5B1BCBB3BA51E400B9F22675B123D8, 97FF3A5F10609EE25C151F2357E60D543574432E8F360673CC84F0F5E6B0BE78 ] C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe
07:43:14.0854 0x2a18  PremierColor - ok
07:43:14.0906 0x2a18  [ 835A9D81B037F49CCCD09EADDCC2E20A, 471C1993ECBE80DD08BE9DD434FC37CC840067B868A9C69E796966307022DC60 ] C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
07:43:15.0001 0x2a18  Dell Unifying Software Launcher - ok
07:43:15.0008 0x2a18  [ C7645D43451C6D94D87F4D07BDE59C89, 495BBA47FC43EE23054FCD419F2F00457162D1C04296900C6AEA551102A810F3 ] C:\WINDOWS\system32\rundll32.exe
07:43:15.0027 0x2a18  ShadowPlay - ok
07:43:15.0028 0x2a18  WindowsDefender - ok
07:43:15.0040 0x2a18  [ 63B913AAB1244D8DED54CF0EFC8A56BD, 639830E9ECB004F09EA968EDF68C0037B5DFF7CCFF007DE5D11DEF2166707341 ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
07:43:15.0057 0x2a18  AdobeAAMUpdater-1.0 - ok
07:43:15.0062 0x2a18  [ 66F07417A2E9E5E3E358CD35EB994B1E, A689B3E93554504FC84A80D654A4178FFCBFEF88A9D75572A9B7382CD5BE87F2 ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
07:43:15.0098 0x2a18  IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
07:43:15.0862 0x2a18  Detect skipped due to KSN trusted
07:43:15.0862 0x2a18  IAStorIcon - ok
07:43:15.0881 0x2a18  [ ED13374E76D833772A687EA3594C1120, 3A2A0C41DED8555ACEB9CAAE7F9C0053B11CEE1877B06D993BDCA0E491DB6CE6 ] C:\Program Files (x86)\Drakonia Configurator\hid.exe
07:43:15.0908 0x2a18  GamingMouse - detected UnsignedFile.Multi.Generic ( 1 )
07:43:16.0181 0x2a18  GamingMouse ( UnsignedFile.Multi.Generic ) - warning
07:43:16.0567 0x2a18  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:43:16.0585 0x2a18  APSDaemon - ok
07:43:16.0786 0x2a18  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
07:43:16.0935 0x2a18  OneDriveSetup - ok
07:43:17.0107 0x2a18  [ 1496120E3867FD75AE5D4EAD6E618E7A, 8D8A2FD43D33A3F7A177783921BB7E50FECBAEF1E09CD42BCDC851375F3294D1 ] C:\Windows\SysWOW64\OneDriveSetup.exe
07:43:17.0251 0x2a18  OneDriveSetup - ok
07:43:17.0287 0x2a18  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\ezztr\AppData\Local\Microsoft\OneDrive\OneDrive.exe
07:43:17.0318 0x2a18  OneDrive - ok
07:43:17.0346 0x2a18  [ E11775E9CC132A91A0918E3C8A536343, 85FAB7BF6B69DA7992E216B230D62520F5F5F87EB003AC4B98394CD60AE369FC ] C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe
07:43:17.0387 0x2a18  Spotify Web Helper - ok
07:43:17.0550 0x2a18  [ D698C43D244DD4520BBABC381C0B8C21, A2F0173F60CD2B44C8665CD3C53847BD15A408CF598014291EC2B6A82D60346B ] C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe
07:43:17.0711 0x2a18  Spotify - ok
07:43:17.0731 0x2a18  [ FE9E6388A039441098EB09C070EA5049, 3888822AF992F3BE27E9F973E31EBEE5302901E4A8260A9A6CF6B2BB2A12D173 ] C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe
07:43:17.0747 0x2a18  Google Update - ok
07:43:17.0857 0x2a18  [ 325A61467166B0E2CF089BF4EA9DE18E, 3774B1DB0091BD5CED0F3BAA6BE50D2E8751E82E1A053C6B1B827770D4AEB1EF ] C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
07:43:18.0076 0x2a18  MusicManager - detected UnsignedFile.Multi.Generic ( 1 )
07:43:18.0343 0x2a18  Detect skipped due to KSN trusted
07:43:18.0343 0x2a18  MusicManager - ok
07:43:18.0353 0x2a18  [ 406E7DF08CE79BE3016CC6D15E2ED956, 9DA8D10AE642B9411A3EB253F97918A6F470F1772F0057964267497CE0BDA53A ] C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe
07:43:18.0369 0x2a18  Dxtory Update Checker 2.0 - detected UnsignedFile.Multi.Generic ( 1 )
07:43:19.0035 0x2a18  Detect skipped due to KSN trusted
07:43:19.0035 0x2a18  Dxtory Update Checker 2.0 - ok
07:43:19.0041 0x2a18  GoogleDriveSync - ok
07:43:19.0114 0x2a18  [ CD7DC286D2FDFACB965C3E10967B2199, 30FFB133E70D694BE6968E86E999C797EE7349DCC4E9ACFB338412C039374388 ] C:\Users\elsia\AppData\Local\Microsoft\OneDrive\OneDrive.exe
07:43:19.0188 0x2a18  OneDrive - ok
07:43:19.0191 0x2a18  Waiting for KSN requests completion. In queue: 260
07:43:20.0215 0x2a18  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x61100 ( enabled : updated )
07:43:20.0223 0x2a18  Win FW state via NFP2: enabled ( trusted )
07:43:20.0604 0x2a18  ============================================================
07:43:20.0604 0x2a18  Scan finished
07:43:20.0604 0x2a18  ============================================================
07:43:20.0618 0x1be8  Detected object count: 2
07:43:20.0618 0x1be8  Actual detected object count: 2
07:43:39.0349 0x1be8  VPNManager ( UnsignedFile.Multi.Generic ) - skipped by user
07:43:39.0349 0x1be8  VPNManager ( UnsignedFile.Multi.Generic ) - User select action: Skip 
07:43:39.0350 0x1be8  GamingMouse ( UnsignedFile.Multi.Generic ) - skipped by user
07:43:39.0350 0x1be8  GamingMouse ( UnsignedFile.Multi.Generic ) - User select action: Skip

M-K-D-B · 22.02.2017, 15:54

Servus,

du bekommst im SteamClient Werbung? Ist sowas nicht normal?

Ich kenne mich mit Steam nicht aus, aber du bist der erste hier auf TB, den ich betreue und der sich wegen Werbung im Steam beschwert.

Ich bezweifle stark, dass Adware der Grund dafür ist, aber wir kontrollieren alles.

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Scan.
FRST erstellt nun zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die Logdatei von JRT,
die beiden neuen Logdateien von FRST.

jomei · 23.02.2017, 02:33

Hallo,

genau das hatte ich im ersten Postig geschrieben

Ich wohne in Indonesien (Jakarta). Denn damals wurde ich das auch hier gefragt.

Aus dem Grund kommen meine Antworten ja auch "mitten in der Nacht", wenn man sich auf MEZ bezieht.
8.8.8.8 der DNS von Google, die anderen 2 sind die DNS vom Provider. Der Google DNS wird aber hier geblockt, den kann ich nur nutzen wenn ich mit VPN aktiv bin. Hier gibt es Internetzensur.
Aus dem Grund findest woh lauch VPN Software, in den Logfiles. Und nein, es wird nicht nur Porn geblockt

, sondern auch News, Spieleseiten, sogar Websites von Firmen, die hier (bei der Regierung) nicht gut ankommen.

M-K-D-B · 23.02.2017, 15:41

Servus,

das habe ich wohl zwichen den Logdateien deines 1. Posts übersehen, sorry.

wir entfernen die letzten Reste und kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
CloseProcesses:
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 4

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei von ESET,
die Logdatei von HitmanPro,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

jomei · 23.02.2017, 19:51

[CODE]

Code:

ATTFilter

HitmanPro 3.7.15.281
www.hitmanpro.com

   Computer name . . . . : DESKTOP-CSVQ63S
   Windows . . . . . . . : 10.0.0.14393.X64/8
   User name . . . . . . : DESKTOP-CSVQ63S\ezztr
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-02-24 01:41:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 1
   Traces  . . . . . . . : 3

   Objects scanned . . . : 2.316.780
   Files scanned . . . . : 71.940
   Remnants scanned  . . : 670.448 files / 1.574.392 keys

Suspicious files ____________________________________________________________

   C:\Users\ezztr\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.422.784 bytes
      Age  . . . . . . . : 2.5 days (2017-02-21 14:08:15)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 4BABBE3C12A4D22998144EF3C509555CD85876AD8929BEFCF3A3D4BD13E5FA61
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\ezztr\Desktop\FRST-OlderVersion\FRST64.exe
          2.1s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20170221.140817.144.1.etl

   C:\Users\ezztr\Desktop\FRST64.exe
      Size . . . . . . . : 2.423.296 bytes
      Age  . . . . . . . : 0.1 days (2017-02-23 23:34:46)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 40BA37F2A99866027E4368D31967378EAD28FA5DAC0B2156A906375415B06B40
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\ezztr\Desktop\FRST64.exe
          0.0s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\90\A5F9C92DF7383AC2.dat
          8.9s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\80\F1EBAB2720A710B8.dat
         19.6s C:\Users\ezztr\Desktop\Fixlog.txt
         20.6s C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\prefs.js
         21.1s C:\Windows\Prefetch\DLLHOST.EXE-C7F45418.pf
         21.2s C:\Windows\Prefetch\BITSADMIN.EXE-61856B04.pf
         21.2s C:\Windows\Prefetch\IPCONFIG.EXE-BFEC2AD0.pf
         24.0s C:\Windows\Prefetch\NETSH.EXE-A596235F.pf
         24.7s C:\ProgramData\NVIDIA\MessageBus_11168_0x1DAE6BE4690.log
         24.8s C:\ProgramData\NVIDIA\MessageBus_11168_0x1DAE6BF4AC0.log
         27.4s C:\ProgramData\NVIDIA\MessageBus_14820_0x65C6E60.log
         28.7s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\93\F2F5E96A73C632D1.dat
         30.0s C:\Windows\Prefetch\CVTRES.EXE-CB8485B0.pf
         30.1s C:\Windows\Prefetch\DASHOST.EXE-4B84F273.pf
         30.1s C:\Windows\Prefetch\CSC.EXE-F8803EEA.pf
         32.5s C:\Windows\Prefetch\RUNTIMEBROKER.EXE-4551A062.pf
         46.6s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\BEA94169A82CEC6B.dat
         56.7s C:\Windows\Prefetch\SC.EXE-F4E1A8F7.pf
         66.7s C:\Windows\Prefetch\SUPPORTASSISTAGENT.EXE-8317820E.pf

   C:\WINDOWS\system32\drivers\iqvw64e.sys
      Size . . . . . . . : 37.832 bytes
      Age  . . . . . . . : 74.7 days (2016-12-11 09:42:05)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : F877296E8506E6A1ACBDACDC5085B18C6842320A2775A329D286BAC796F08D54
      Product  . . . . . : Intel(R) iQVW64.SYS
      Publisher  . . . . : Intel Corporation 
      Description  . . . : Intel(R) Network Adapter Diagnostic Driver
      Version  . . . . . : 1.03.1.0
      Copyright  . . . . : Copyright (C) 2002-2015 Intel Corporation All Rights Reserved.
      LanguageID . . . . : 1033
      Fuzzy  . . . . . . : 42.0
         The file is hidden from Windows API. This is typical for malware.
         The file is completely hidden from view and most antivirus products. It may belong to a rootkit.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by ezztr (23-02-2017 23:35:06) Run:2
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CloseProcesses:
FF NewTab: Mozilla\Firefox\Profiles\w9newjxp.default -> about:newtab
FF Homepage: Mozilla\Firefox\Profiles\w9newjxp.default -> GtAtDtC0EtG0EtD0AtDtGyCtB0B0EtG0Fzy0AyCyC0F0BtCtA0EyEyD2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szz0FtD0A0B0CtAyBtGyC0DyDyBtGyEtDzzyEtG0AyBtCyDtGzzyD0C0AtAtD0B0D0CtCyE0A2QtN0A0LzuyE%26cr%3D1405159841%26a%3Dwncy_ir_16_26%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome
FF Keyword.URL: Mozilla\Firefox\Profiles\w9newjxp.default -> user_pref("keyword.URL", true);
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
end
*****************

Processes closed successfully.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully

========= dir "%ProgramFiles%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\Program Files

22.02.2017  22:39    <DIR>          .
22.02.2017  22:39    <DIR>          ..
29.05.2016  10:43    <DIR>          7-Zip
20.11.2016  23:04    <DIR>          Adobe
03.08.2016  12:52    <DIR>          Common Files
06.02.2017  20:52    <DIR>          Dell
01.10.2016  12:18    <DIR>          Dell Support Center
16.02.2017  09:21    <DIR>          FileZilla FTP Client
20.04.2016  14:30    <DIR>          GIMP 2
20.01.2017  23:21    <DIR>          Intel
31.12.2016  17:22    <DIR>          Intel Driver Update Utility
15.01.2017  18:01    <DIR>          Internet Explorer
22.02.2017  22:39    <DIR>          Malwarebytes
26.07.2016  13:47    <DIR>          MediaInfo
04.02.2017  10:30    <DIR>          Microsoft Office 15
30.12.2016  12:42    <DIR>          Microsoft SQL Server Compact Edition
30.12.2016  12:42    <DIR>          Microsoft Synchronization Services
28.08.2016  13:53    <DIR>          MPC-HC
04.08.2016  03:43    <DIR>          MSBuild
20.11.2016  17:55    <DIR>          Notepad++
27.01.2017  20:51    <DIR>          NVIDIA Corporation
01.01.2017  18:19    <DIR>          Oracle
21.07.2016  11:34    <DIR>          Pismo File Mount Audit Package
27.12.2015  02:16    <DIR>          Portrait Displays
03.08.2016  12:50    <DIR>          Realtek
04.08.2016  03:43    <DIR>          Reference Assemblies
03.08.2016  08:13    <DIR>          Shotcut
24.08.2016  22:14    <DIR>          ShrewSoft
31.05.2016  11:43    <DIR>          Sony
25.10.2016  13:36    <DIR>          Transmission
11.10.2016  19:53    <DIR>          utvideo
27.12.2015  02:17    <DIR>          WIDCOMM
16.09.2016  21:38    <DIR>          Windows Defender
13.10.2016  00:41    <DIR>          Windows Mail
29.10.2016  03:33    <DIR>          Windows Media Player
16.07.2016  18:47    <DIR>          Windows Multimedia Platform
16.07.2016  18:47    <DIR>          Windows NT
13.10.2016  00:41    <DIR>          Windows Photo Viewer
16.07.2016  18:47    <DIR>          Windows Portable Devices
16.07.2016  18:47    <DIR>          WindowsPowerShell
01.01.2017  19:44    <DIR>          WinRAR
               0 Datei(en),              0 Bytes
              41 Verzeichnis(se), 241.466.912.768 Bytes frei

========= End of CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\Program Files (x86)

22.02.2017  17:10    <DIR>          .
22.02.2017  17:10    <DIR>          ..
20.11.2016  19:45    <DIR>          Adobe
30.01.2017  00:01    <DIR>          Apple Software Update
22.05.2016  10:08    <DIR>          ASM104xUSB3
24.05.2016  10:32    <DIR>          Audacity
21.07.2016  11:34    <DIR>          AviSynth
27.01.2017  18:13    <DIR>          Battle.net
06.02.2017  10:26    <DIR>          Bitrix24
22.02.2017  17:09    <DIR>          Common Files
02.06.2016  12:06    <DIR>          DebugMode
13.04.2016  19:49    <DIR>          Dell
17.02.2017  00:05    <DIR>          Dell Customer Connect
27.12.2015  02:18    <DIR>          Dell Digital Delivery
13.01.2017  11:54    <DIR>          Dell Dock Update
16.06.2016  13:56    <DIR>          Dell Update
16.04.2016  19:02    <DIR>          Drakonia Configurator
15.04.2016  18:23    <DIR>          Dropbox
06.10.2016  23:55    <DIR>          ExKode
22.11.2016  15:27    <DIR>          Google
22.05.2016  23:34    <DIR>          HearthstoneTracker
30.12.2016  12:43    <DIR>          Intel
31.12.2016  17:23    <DIR>          Intel Driver Update Utility
15.01.2017  18:01    <DIR>          Internet Explorer
16.04.2016  19:18    <DIR>          JAM Software
22.02.2017  17:09    <DIR>          Java
21.01.2017  17:46    <DIR>          MagicYUV
18.11.2016  02:14    <DIR>           Malwarebytes Anti-Malware 
23.07.2016  14:35    <DIR>          Microsoft ASP.NET
06.02.2017  12:16    <DIR>          Microsoft Office
30.12.2016  12:42    <DIR>          Microsoft SQL Server Compact Edition
30.12.2016  12:42    <DIR>          Microsoft Synchronization Services
04.02.2017  10:44    <DIR>          Microsoft.NET
06.02.2017  20:47    <DIR>          Mozilla Firefox
06.02.2017  20:47    <DIR>          Mozilla Maintenance Service
04.08.2016  03:43    <DIR>          MSBuild
30.01.2017  09:12    <DIR>          MSI Afterburner
20.11.2016  23:04    <DIR>          My Company Name
25.01.2017  09:11    <DIR>          NVIDIA Corporation
20.04.2016  16:51    <DIR>          obs-studio
21.02.2017  17:27    <DIR>          OpenVPN Technologies
14.01.2017  18:07    <DIR>          Origin Games
19.11.2016  23:24    <DIR>          Perfect Privacy VPN Manager
21.01.2017  16:56    <DIR>          ProjectLibre
30.01.2017  00:02    <DIR>          QuickTime
27.11.2016  14:12    <DIR>          Realtek
04.08.2016  03:43    <DIR>          Reference Assemblies
20.02.2017  16:57    <DIR>          RivaTuner Statistics Server
02.01.2017  23:28    <DIR>          SagaraS Scriptmaker
31.05.2016  11:43    <DIR>          Sony
27.12.2015  02:15    <DIR>          ST Microelectronics
23.02.2017  16:29    <DIR>          Steam
28.12.2016  18:40    <DIR>          TeamViewer
25.07.2016  20:44    <DIR>          UMPlayer
20.06.2016  16:10    <DIR>          VideoLAN
17.02.2017  16:34    <DIR>          VulkanRT
16.09.2016  21:38    <DIR>          Windows Defender
16.09.2016  21:38    <DIR>          Windows Mail
29.10.2016  03:33    <DIR>          Windows Media Player
16.07.2016  18:47    <DIR>          Windows Multimedia Platform
16.07.2016  18:47    <DIR>          Windows NT
13.10.2016  00:41    <DIR>          Windows Photo Viewer
16.07.2016  18:47    <DIR>          Windows Portable Devices
16.07.2016  18:47    <DIR>          WindowsPowerShell
19.07.2016  10:05    <DIR>          x264vfw
22.02.2017  17:10    <DIR>          YouPloader
               0 Datei(en),              0 Bytes
              66 Verzeichnis(se), 241.466.912.768 Bytes frei

========= End of CMD: =========


========= dir "%ProgramData%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\ProgramData

30.04.2016  15:34    <DIR>          .mono
20.11.2016  19:45    <DIR>          Adobe
25.07.2016  13:07    <DIR>          Apple
30.01.2017  00:02    <DIR>          Apple Computer
13.04.2016  03:37    <DIR>          Battle.net
13.04.2016  03:38    <DIR>          Blizzard Entertainment
20.11.2016  19:43    <DIR>          boost_interprocess
16.07.2016  18:47    <DIR>          Comms
21.01.2017  10:42    <DIR>          Dell
27.12.2015  02:18    <DIR>          Dropbox
14.01.2017  18:07    <DIR>          Electronic Arts
08.07.2016  14:03    <DIR>          GlassWire
30.12.2016  15:39    <DIR>          Intel
08.05.2016  19:01    <DIR>          LogiShrd
22.02.2017  22:39    <DIR>          Malwarebytes
25.10.2016  14:51    <DIR>          Malwarebytes' Anti-Malware (portable)
10.04.2016  17:01    <DIR>          McAfee
03.08.2016  12:59    <DIR>          Microsoft OneDrive
22.05.2016  23:34                98 Microsoft.SqlServer.Compact.400.32.bc
23.02.2017  09:11    <DIR>          NVIDIA
17.02.2017  16:35    <DIR>          NVIDIA Corporation
09.01.2017  00:14            45.353 NvTelemetryContainer.log
30.12.2016  15:38            10.654 NvTelemetryContainer.log_backup1
22.02.2017  17:09    <DIR>          Oracle
14.01.2017  18:07    <DIR>          Origin
16.02.2017  14:00    <DIR>          Package Cache
01.10.2016  12:18    <DIR>          PC-Doctor for Windows
23.12.2016  18:05    <DIR>          PC-Doctor, Inc
20.01.2017  22:37    <DIR>          PCDr
20.11.2016  23:04    <DIR>          regid.1986-12.com.adobe
04.02.2017  10:45    <DIR>          regid.1991-06.com.microsoft
22.05.2016  01:46    <DIR>          Shrew Soft VPN
18.04.2016  22:33    <DIR>          Skype
16.07.2016  18:47    <DIR>          SoftwareDistribution
31.05.2016  11:43    <DIR>          Sony
04.10.2016  17:00    <DIR>          SupportAssistAgent
03.08.2016  12:57    <DIR>          USOPrivate
03.08.2016  12:57    <DIR>          USOShared
               3 Datei(en),         56.105 Bytes
              35 Verzeichnis(se), 241.466.908.672 Bytes frei

========= End of CMD: =========


========= dir "%Appdata%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\Users\ezztr\AppData\Roaming

22.02.2017  17:09    <DIR>          .
22.02.2017  17:09    <DIR>          ..
16.10.2016  21:51    <DIR>          .mono
06.06.2016  13:47    <DIR>          11bitstudios
20.11.2016  23:04    <DIR>          Adobe
25.07.2016  13:11    <DIR>          Apple Computer
09.01.2017  01:16    <DIR>          Audacity
03.08.2016  08:13    <DIR>          Battle.net
06.02.2017  10:26    <DIR>          Bitrix
16.10.2016  21:51    <DIR>          Blameless
16.04.2016  14:49    <DIR>          dekovir
10.04.2016  02:36    <DIR>          Dell
26.07.2016  21:06    <DIR>          deluge
10.04.2016  02:35    <DIR>          DropboxOEM
14.01.2017  15:21    <DIR>          Factorio
16.02.2017  15:43    <DIR>          FileZilla
21.10.2016  23:41    <DIR>          FiraxisLive
23.09.2016  11:00    <DIR>          HearthstoneDeckTracker
23.05.2016  01:53    <DIR>          InnkeeperUI
10.04.2016  02:37    <DIR>          Intel Corporation
16.04.2016  19:18    <DIR>          JAM Software
18.09.2016  00:21    <DIR>          Kalypso Media
30.04.2016  15:37    <DIR>          LibreOffice
10.04.2016  02:37    <DIR>          Macromedia
26.07.2016  13:47    <DIR>          MediaInfo
16.04.2016  19:02    <DIR>          MingGuan
09.07.2016  22:49    <DIR>          MMFApplications
25.06.2016  19:25    <DIR>          Mozilla
11.10.2016  19:24    <DIR>          MPC-HC
30.12.2016  11:11    <DIR>          Notepad++
14.01.2017  14:03    <DIR>          NVIDIA
17.02.2017  16:47    <DIR>          obs-studio
14.01.2017  18:07    <DIR>          Origin
13.04.2016  19:49    <DIR>          PCDr
28.10.2016  16:35    <DIR>          Pegasys Inc
10.04.2016  02:36    <DIR>          Portrait Displays
14.10.2016  01:29    <DIR>          ProMod
24.05.2016  10:58    <DIR>          Publish Providers
18.04.2016  22:32    <DIR>          Skype
30.01.2017  01:11    <DIR>          Sony
15.09.2016  14:19    <DIR>          Sony Creative Software Inc
15.10.2016  20:16    <DIR>          Spotify
21.10.2016  23:41    <DIR>          Steam
22.02.2017  17:09    <DIR>          Sun
13.12.2016  00:58    <DIR>          TeamViewer
21.02.2017  21:37    <DIR>          transmission
19.12.2016  20:16    <DIR>          Tropico 5
23.02.2017  08:14    <DIR>          vlc
24.05.2016  08:13    <DIR>          Wargaming.net
18.08.2016  01:47               153 WB.CFG
01.01.2017  19:45    <DIR>          WinRAR
09.07.2016  22:49    <DIR>          xsrs
03.08.2016  08:12    <DIR>          {A9A99F12-8CFB-F264-E7CD-D5B63B1F2888}
               1 Datei(en),            153 Bytes
              52 Verzeichnis(se), 241.466.904.576 Bytes frei

========= End of CMD: =========


========= dir "%LocalAppdata%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\Users\ezztr\AppData\Local

23.02.2017  14:07    <DIR>          .
23.02.2017  14:07    <DIR>          ..
16.10.2016  02:53    <DIR>          2K Games
21.04.2016  03:49    <DIR>          ActiveSync
23.02.2017  02:00    <DIR>          Adobe
25.07.2016  13:08    <DIR>          Apple
25.07.2016  13:36    <DIR>          Apple Computer
19.04.2016  13:10    <DIR>          Apps
24.05.2016  10:32    <DIR>          Audacity
27.01.2017  20:44    <DIR>          Battle.net
22.05.2016  23:50    <DIR>          Blizzard
13.04.2016  03:38    <DIR>          Blizzard Entertainment
10.04.2016  02:36    <DIR>          Broadcom
25.07.2016  13:12    <DIR>          bunkus.org
11.04.2016  23:09    <DIR>          CEF
10.04.2016  02:36    <DIR>          ChromaTune_Dell
03.08.2016  07:49    <DIR>          chromium
06.02.2017  16:22    <DIR>          Citrix
30.04.2016  15:34    <DIR>          Colossal Order
22.04.2016  20:14    <DIR>          Comms
04.08.2016  08:17    <DIR>          ConnectedDevicesPlatform
19.02.2017  16:56    <DIR>          CrashDumps
01.10.2016  15:34    <DIR>          CrashReportClient
23.08.2016  16:14    <DIR>          Deployment
20.01.2017  19:18    <DIR>          Diagnostics
10.04.2016  02:35    <DIR>          DropboxOEM
12.10.2016  02:47    <DIR>          Dxtory Software
01.02.2017  02:50    <DIR>          ElevatedDiagnostics
02.01.2017  13:36    <DIR>          FileZilla
20.04.2016  16:28    <DIR>          fontconfig
20.04.2016  18:55    <DIR>          Gameforge4d
20.04.2016  16:28    <DIR>          gegl-0.2
08.07.2016  14:04    <DIR>          GlassWire
22.11.2016  15:27    <DIR>          Google
22.02.2017  14:49    <DIR>          gtk-2.0
23.12.2016  02:48    <DIR>          HearthSim
13.01.2017  18:25    <DIR>          HearthstoneDeckTracker
22.05.2016  23:34    <DIR>          HearthstoneTracker
23.12.2016  01:07    <DIR>          Innkeeper
28.06.2016  17:04    <DIR>          Intel
30.04.2016  15:25    <DIR>          Introversion
24.08.2016  22:12    <DIR>          JDownloader v2.0
02.08.2016  14:30    <DIR>          Macromedia
28.07.2016  10:07    <DIR>          Meltytech
06.12.2016  17:04    <DIR>          Microsoft
10.04.2016  15:58    <DIR>          MicrosoftEdge
25.07.2016  13:37    <DIR>          MKVCleaver
25.06.2016  19:31    <DIR>          Mozilla
25.07.2016  18:57    <DIR>          MPlayer
16.10.2016  00:07    <DIR>          My Games
23.12.2016  18:00    <DIR>          NVIDIA
23.12.2016  17:59    <DIR>          NVIDIA Corporation
14.09.2016  23:20    <DIR>          Origin
22.02.2017  12:36    <DIR>          Packages
10.04.2016  15:54    <DIR>          PackageStaging
19.06.2016  19:49    <DIR>          Perfect_Privacy
10.04.2016  02:36    <DIR>          Portrait Displays
26.07.2016  01:28    <DIR>          Programs
10.04.2016  02:34    <DIR>          Publishers
13.10.2016  18:59    <DIR>          qBittorrent
23.02.2017  14:07            40.908 recently-used.xbel
30.12.2016  12:59             7.605 Resmon.ResmonCfg
22.05.2016  01:46    <DIR>          Shrew Soft VPN
28.10.2016  13:44    <DIR>          Sony
15.10.2016  20:16    <DIR>          Spotify
13.01.2017  18:25    <DIR>          SquirrelTemp
23.12.2016  01:55    <DIR>          Steam
23.02.2017  23:35    <DIR>          Temp
10.04.2016  02:34    <DIR>          TileDataLayer
29.05.2016  23:15    <DIR>          transmission
01.10.2016  15:34    <DIR>          UnrealEngine
20.04.2016  19:11    <DIR>          UWKProcess
08.06.2016  18:24    <DIR>          VirtualStore
               2 Datei(en),         48.513 Bytes
              71 Verzeichnis(se), 241.466.900.480 Bytes frei

========= End of CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\Program Files (x86)\Common Files

22.02.2017  17:09    <DIR>          .
22.02.2017  17:09    <DIR>          ..
20.11.2016  22:58    <DIR>          Adobe
30.01.2017  00:01    <DIR>          Apple
21.02.2017  16:14    <DIR>          BattlEye
04.02.2017  10:44    <DIR>          DESIGNER
03.08.2016  12:50    <DIR>          Intel
23.12.2016  18:09    <DIR>          Intel Corporation
22.02.2017  17:09    <DIR>          Java
10.04.2016  17:01    <DIR>          McAfee
04.02.2017  10:44    <DIR>          Microsoft Shared
23.12.2016  18:17    <DIR>          PostureAgent
20.11.2016  23:04    <DIR>          PX Storage Engine
16.07.2016  18:47    <DIR>          Services
20.11.2016  23:04    <DIR>          Sonic Shared
20.01.2017  22:56    <DIR>          Steam
04.08.2016  03:47    <DIR>          System
               0 Datei(en),              0 Bytes
              17 Verzeichnis(se), 241.466.896.384 Bytes frei

========= End of CMD: =========


========= dir "%CommonProgramW6432%" =========

 Datentr„ger in Laufwerk C: ist OS
 Volumeseriennummer: DA8B-899D

 Verzeichnis von C:\Program Files\Common Files

03.08.2016  12:52    <DIR>          .
03.08.2016  12:52    <DIR>          ..
20.11.2016  23:04    <DIR>          Adobe
08.05.2016  19:01    <DIR>          LogiShrd
04.02.2017  10:30    <DIR>          microsoft shared
16.07.2016  18:47    <DIR>          Services
04.08.2016  03:47    <DIR>          System
               0 Datei(en),              0 Bytes
               7 Verzeichnis(se), 241.466.900.480 Bytes frei

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 11942139 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 254701300 B
Java, Flash, Steam htmlcache => 689389234 B
Windows/system/drivers => 13738468 B
Edge => 94268064 B
Chrome => 809474520 B
Firefox => 374903994 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 436532 B
ezztr => 1721053910 B
elsia => 46368647 B

RecycleBin => 0 B
EmptyTemp: => 3.7 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:36:20 ====

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aadf56f9c32c5c4aae6be3e30431aede
# end=init
# utc_time=2017-02-23 04:43:29
# local_time=2017-02-23 11:43:29 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 32504
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=aadf56f9c32c5c4aae6be3e30431aede
# end=updated
# utc_time=2017-02-23 04:46:00
# local_time=2017-02-23 11:46:00 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=aadf56f9c32c5c4aae6be3e30431aede
# engine=32504
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-02-23 06:37:08
# local_time=2017-02-24 01:37:08 (+0700, Südostasiatische Normalzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 19205644 0 0
# scanned=424689
# found=0
# cleaned=0
# scan_time=6667

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (24-02-2017 01:46:46)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr & elsia (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\nacl64.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\mblctr.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell15.msn.com/?pc=DCTE
HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)

Edge: 
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]

FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-24]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-24]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-10]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 01:41 - 2017-02-24 01:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-23 23:46 - 2017-02-24 01:41 - 11581544 _____ (SurfRight B.V.) C:\Users\ezztr\Desktop\HitmanPro_x64.exe
2017-02-23 23:43 - 2017-02-23 23:43 - 00000000 ____D C:\Program Files (x86)\ESET
2017-02-23 23:41 - 2017-02-23 23:43 - 02870984 _____ (ESET) C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe
2017-02-23 23:37 - 2017-02-23 23:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000003-000000.txt
2017-02-23 23:35 - 2017-02-23 23:36 - 00019940 _____ C:\Users\ezztr\Desktop\Fixlog.txt
2017-02-23 16:03 - 2017-02-23 16:03 - 60676178 _____ (Inkscape Project) C:\Users\ezztr\Downloads\Inkscape-0.92.1-x64-1.exe
2017-02-23 14:07 - 2017-02-23 14:07 - 00040908 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-23 14:04 - 2017-02-23 14:06 - 02981506 _____ C:\Users\ezztr\Downloads\dejavu-sans.zip
2017-02-23 14:04 - 2017-02-23 14:04 - 00336374 _____ C:\Users\ezztr\Downloads\dejavu_sans1.zip
2017-02-23 11:44 - 2017-02-23 11:44 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-02-23 09:10 - 2017-02-23 09:10 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000002-000000.txt
2017-02-23 08:39 - 2017-02-23 08:40 - 77568952 _____ (The GIMP Team ) C:\Users\ezztr\Downloads\gimp-2.8.20-setup.exe
2017-02-22 22:50 - 2017-02-23 23:34 - 00000000 ____D C:\Users\ezztr\Desktop\FRST-OlderVersion
2017-02-22 22:50 - 2017-02-22 22:50 - 00000744 _____ C:\Users\ezztr\Desktop\JRT.txt
2017-02-22 22:45 - 2017-02-22 22:45 - 00001240 _____ C:\Users\ezztr\Desktop\mbam.txt
2017-02-22 22:40 - 2017-02-23 23:37 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 22:40 - 2017-02-23 23:37 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 22:40 - 2017-02-23 23:37 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 22:40 - 2017-02-23 23:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 22:39 - 2017-02-23 23:37 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 22:39 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 22:37 - 2017-02-22 22:37 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000001-000000.txt
2017-02-22 22:31 - 2017-02-22 22:47 - 01663040 _____ (Malwarebytes) C:\Users\ezztr\Downloads\JRT.exe
2017-02-22 22:31 - 2017-02-22 22:39 - 55566792 _____ (Malwarebytes ) C:\Users\ezztr\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-22 22:30 - 2017-02-22 22:33 - 04015056 _____ C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
2017-02-22 17:30 - 2017-02-22 17:30 - 00002426 _____ C:\WINDOWS\system32\default_error_stack-000000-000000.txt
2017-02-22 17:10 - 2017-02-22 17:10 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouPloader.lnk
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Users\ezztr\YouPloader
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Program Files (x86)\YouPloader
2017-02-22 17:09 - 2017-02-22 17:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 17:07 - 2017-02-22 17:07 - 00739392 _____ (Oracle Corporation) C:\Users\ezztr\Downloads\JavaSetup8u121.exe
2017-02-22 16:59 - 2017-02-22 17:07 - 15674444 _____ (BeCast ) C:\Users\ezztr\Downloads\YouPloader-setup-0.9.3.exe
2017-02-22 14:37 - 2017-02-22 14:37 - 00134008 _____ C:\Users\ezztr\Downloads\OnlineWebFonts_COM_0e81aad85bdcd8299ff6a632d00b823c.zip
2017-02-22 07:42 - 2017-02-22 07:52 - 00284296 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_07.42.10_log.txt
2017-02-22 07:41 - 2017-02-22 07:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ezztr\Downloads\tdsskiller.exe
2017-02-21 21:19 - 2017-02-21 21:37 - 638401510 _____ C:\Users\ezztr\Downloads\The.Walking.Dead.S07E10.HDTV.x264-SVA[eztv].mkv
2017-02-21 14:20 - 2017-02-24 01:46 - 00029576 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:20 - 2017-02-22 23:03 - 00057655 _____ C:\Users\ezztr\Desktop\Addition.txt
2017-02-21 14:08 - 2017-02-23 23:34 - 02423296 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-21 17:27 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 16:22 - 2017-02-22 17:30 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-22 17:30 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe
2017-01-25 10:22 - 2016-12-21 14:08 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2017-01-25 10:22 - 2016-12-21 11:44 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-24 01:46 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-24 01:19 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-24 00:00 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-23 23:41 - 2016-08-04 03:47 - 01907990 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-23 23:41 - 2016-08-04 03:47 - 00514584 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-23 23:41 - 2015-12-27 02:15 - 04336596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-23 23:37 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-23 23:37 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-23 23:37 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-23 23:37 - 2016-08-03 12:50 - 05016576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-23 23:37 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-23 23:37 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-23 23:37 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-23 23:36 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-23 23:36 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-23 16:36 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-23 15:07 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-23 14:10 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-23 10:47 - 2016-04-10 16:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 10:42 - 2016-04-10 16:09 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 09:22 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-23 08:14 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-23 03:28 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-23 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-22 22:39 - 2016-10-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 22:37 - 2016-10-25 17:14 - 00000000 ____D C:\AdwCleaner
2017-02-22 22:36 - 2016-07-04 09:47 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-22 17:28 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-22 17:25 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:09 - 2017-01-20 20:09 - 00000000 ____D C:\ProgramData\Oracle
2017-02-22 14:49 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-22 12:36 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-21 21:37 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 16:53 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-17 00:05 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-07 02:48 - 2016-07-16 18:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:48 - 2016-07-16 18:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-01-27 20:44 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-01-27 18:13 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-01-25 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\rescache
2017-01-25 09:12 - 2016-08-03 12:55 - 00003884 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-09-22 22:39 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2016-08-03 12:55 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-01-25 09:11 - 2015-12-27 02:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-23 14:07 - 2017-02-23 14:07 - 0040908 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-18 12:55

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

jomei · 24.02.2017, 11:16

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-02-2017
Ran by ezztr (24-02-2017 01:47:35)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version:  - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version:  - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version:  - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version:  - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version:  - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version:  - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version:  - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version:  - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
YouPloader Version 0.9.3 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.3 - BeCast)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe 
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe 
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe 
Task: {AC24C798-888C-43FA-9D8B-32F5D902E8DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:33 - 2017-02-22 12:34 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2016-04-04 14:54 - 2016-04-04 14:54 - 00575432 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-02-23 09:20 - 2017-02-23 09:22 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-23 09:20 - 2017-02-23 09:22 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2016-06-03 17:54 - 2016-06-03 17:57 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-23 09:20 - 2017-02-23 09:22 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-04-10 22:30 - 2016-04-10 22:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-02-02 00:05 - 2017-02-02 00:06 - 01097072 _____ () C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.16122.10291.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.Controls.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2017-02-23 23:37 - 2017-02-23 23:37 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32api.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pywintypes27.dll
2017-02-23 23:37 - 2017-02-23 23:37 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pythoncom27.dll
2017-02-23 23:37 - 2017-02-23 23:37 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32com.shell.shell.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_hashlib.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._core_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._gdi_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._windows_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._controls_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._misc_.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pysqlite2._sqlite.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_ctypes.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\unicodedata.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32file.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32security.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\hashobjs_ext.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\thumbnails_ext.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\usb_ext.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\common.time34.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32event.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32gui.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_socket.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_ssl.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_elementtree.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\pyexpat.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32inet.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_psutil_windows.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\windows._lib_cacheinvalidation.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32crypt.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._wizard.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._html2.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_multiprocessing.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\_yappi.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32process.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\wx._animate.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32pipe.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\select.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32pdh.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32profile.pyd
2017-02-23 23:37 - 2017-02-23 23:37 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI88922\win32ts.pyd
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-03-18 18:26 - 2016-03-18 18:26 - 00207872 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2016-03-18 17:19 - 2016-03-18 17:19 - 00107520 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3515307565-1161031247-3300353082-1002\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{35F5E33E-2EE3-40D9-8D05-4BBCAE2B7CC6}] => (Allow) %ProgramFiles%\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{AF368985-5F99-4ED9-96B4-2FC8C375A453}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{D6E94B12-5A4F-46E0-9931-81CE4872D96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E1217DC5-2210-4991-A414-D4DFD966FA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe

==================== Restore Points =========================

06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
21-02-2017 17:27:40 TMPGEnc Video Mastering Works 6 Testversion wird entfernt
22-02-2017 22:47:19 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2017 01:39:16 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/24/2017 01:39:02 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/24/2017 01:38:53 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\eset\eset online scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#

Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#

Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- [SOSINSTALLER] TRYMOUNT-DELLSUPPORT: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.PartitionHelper.DellSupportFinder.find()
   at DellUpdate.sosinstaller.try_mount_dellsupport() #StackInfo#

Error: (02/23/2017 11:59:20 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#

Error: (02/23/2017 11:44:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.


System errors:
=============
Error: (02/23/2017 11:45:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/23/2017 11:45:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys

Error: (02/23/2017 11:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/23/2017 11:45:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys

Error: (02/23/2017 11:45:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/23/2017 11:45:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys

Error: (02/23/2017 11:43:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/23/2017 11:43:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys

Error: (02/23/2017 11:43:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "eapihdrv" wurde aufgrund folgenden Fehlers nicht gestartet: 
Der Treiber konnte nicht geladen werden.

Error: (02/23/2017 11:43:50 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ezztr\AppData\Local\Temp\ehdrv.sys


CodeIntegrity:
===================================
  Date: 2017-02-23 23:37:02.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-23 14:26:54.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-23 09:10:29.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-22 22:37:35.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-22 20:03:30.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-22 17:29:53.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-08 20:01:07.700
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-07 22:40:22.555
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-07 21:00:35.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_fd06216336fcf4a2\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-06 20:47:49.537
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 37%
Total physical RAM: 16238.91 MB
Available physical RAM: 10148.66 MB
Total Virtual: 18670.91 MB
Available Virtual: 11666.2 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:227.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)

Partition: GPT.

==================== End of Addition.txt ============================

Ob es jetzt noch Probleme gibt, kann ich in eigen Stunden sagen. Ich gebe dann bescheid.

Edit.

Ist noch da. Gerade tauchte der Banner auch direkt unter der Fav-Leiste des Google Chrome auf. Auch wenn man keine setite aufgerufen hatte, nur den Browser aufgemacht hat.

Ich konnte einen Screenshot machen. Genau so sieht es dann auch in Chrome aus.
Ist ein Dropbox Link, zum Bild.

Edit. Nur als Link, nicht eingebunden, da ich einen 4K Monitor habe und das Bild hier etwas groß aussieht

https://dl.dropboxusercontent.com/u/16828681/Banner.PNG

Moin. Also, behoben ist es nicht. Es kamen weitere Probleme dazu.
Werbebanner nun im Chrome, auch auf Seiten wie zB Tagesschau.de

Gerade wollte ich mich in PayPal einloggen, Umleitung auf eine Website, PayPal.de und .com kann ich so nicht aufrufen.

Browser Chrome.

M-K-D-B · 24.02.2017, 20:52

Servus,

Bitte setze deine Brower wie folgt zurück:

IE :::
Setze folgendermassen den Internet Explorer zurück:

Öffne den Internet Explorer und gehe zu Extras -> Internetoptionen.
Klicke in der Registerkarte Erweitert unter "Internet Explorer-Einstellungen zurücksetzen" auf Zurücksetzen...
Klicke im Dialogfeld "Internet Explorer-Einstellungen zurücksetzen" zum Bestätigen auf Zurücksetzen.

(Hier findest du die bebilderte Anleitung.)

EDGE :::
Edge zurücksetzen

FF :::
setze bitte Firefox wie folgt zurück:
Firefox zurücksetzen

CHR:::
Setze Google Chrome nach dieser Anleitung zurück.

wie sieht es jetzt aus?

jomei · 25.02.2017, 16:14

Hallo,

habe ich mit allen Browser gemacht. Da die Banner nicht immer da sind, arbeite ich nun einige Stunden mit dem Laptop und poste dann hier die Info dazu.

M-K-D-B · 25.02.2017, 16:37

Zitat:

Zitat von jomei

Hallo,

habe ich mit allen Browser gemacht. Da die Banner nicht immer da sind, arbeite ich nun einige Stunden mit dem Laptop und poste dann hier die Info dazu.

gut. Und dann bitte nochmal FRST:

Starte die FRST.exe erneut. Setze einen Haken vor Addition.txt und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

jomei · 25.02.2017, 17:58

Ist noch da. Was sich nun geändert hat. Der Banner, wenn er im Bild erscheint, dann verschwindet er sofort auch wieder. Bleibt also nicht im Bild. Taucht auf und verschwindet wieder.

Der Banner wird dabei ins Bild geschoben. Je nach Website mal von unten oder oben. Im Steamclient ist der Banner immer oben, über dem Menu wenn er auftaucht.

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2017
Ran by ezztr (25-02-2017 23:55:05)
Running from C:\Users\ezztr\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-03 05:57:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3515307565-1161031247-3300353082-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3515307565-1161031247-3300353082-503 - Limited - Disabled)
elsia (S-1-5-21-3515307565-1161031247-3300353082-1002 - Limited - Enabled) => C:\Users\elsia
ezztr (S-1-5-21-3515307565-1161031247-3300353082-1001 - Administrator - Enabled) => C:\Users\ezztr
Guest (S-1-5-21-3515307565-1161031247-3300353082-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

. . . (Version: 2.1.28.3 - Intel) Hidden
. . . (x32 Version: 2.6.2.4 - Intel) Hidden
7-Zip 16.00 (x64) (HKLM\...\7-Zip) (Version: 16.00 - Igor Pavlov)
Adobe Audition CC 2015 (HKLM-x32\...\{839A3566-AED6-4787-A849-5CBE2B1DC6AE}) (Version: 8.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Ansel (Version: 378.66 - NVIDIA Corporation) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.41.3 - Asmedia Technology)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AviSynth 2.6 (HKLM-x32\...\AviSynth) (Version: 2.6.0.6 - GPL Public release.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bitrix24 for Windows (HKLM-x32\...\Bitrix24) (Version: 4.1.76.36 - Bitrix, Inc)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Citrix Online Launcher (HKLM-x32\...\{48947098-A67C-46D4-90C5-9F2F6F0F96FE}) (Version: 1.0.449 - Citrix)
Conan Exiles (HKLM\...\Steam App 440900) (Version:  - Funcom)
Craft The World (HKLM\...\Steam App 248390) (Version:  - Dekovir Entertainment)
Darkest Dungeon (HKLM\...\Steam App 262060) (Version:  - Red Hook Studios)
DebugMode FrameServer (HKLM-x32\...\DebugMode FrameServer) (Version:  - )
Dell App Launcher for Unifying Software (HKLM\...\Unifying Software Launcher) (Version: 1.00.44 - Logitech)
Dell Customer Connect (HKLM-x32\...\{4FA72FF9-DD64-43A8-8704-6380A11F11D5}) (Version: 1.4.15.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Dock Update (HKLM-x32\...\{6C4547B7-084A-4992-BFBF-9F6C6E2DC3EA}) (Version: 1.0.115.0 - Dell Inc.)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F173834}) (Version: 3.4.16100.0 - Dell Inc.)
Dell PremierColor (HKLM\...\{5CA2B02F-FC89-4F42-A3DA-7649B8EFF194}) (Version: 2.0.140 - Portrait Displays, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.72 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\58d94f3ce2c27db0) (Version: 7.6.0.17 - Dell)
Dell Update - SupportAssist Update Plugin (HKLM\...\{92F651D9-4431-469E-9B11-299D007AF656}) (Version: 2.0.2.1835 - Dell Inc.)
Dell Update (HKLM-x32\...\{FE901F1A-B3D5-4BCE-AAFB-694DC51DC522}) (Version: 1.9.5.0 - Dell Inc.)
Drakonia Configurator (HKLM-x32\...\{2EAD3327-2F92-455F-A675-E5CC4980B67A}}_is1) (Version:  - )
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
DW WLAN Card (HKLM\...\DW WLAN Card) (Version: 1.566.0.0 - Dell Inc.)
Dxtory version 2.0.139 (HKLM-x32\...\Dxtory2.0_is1) (Version: 2.0.139 - ExKode Co. Ltd.)
Factorio (HKLM\...\Steam App 427520) (Version:  - Wube Software LTD.)
Faeria (HKLM\...\Steam App 397060) (Version:  - Abrakam SA)
FileZilla Client 3.24.0 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\FileZilla Client) (Version: 3.24.0 - Tim Kosse)
Gameforge Live 2.0.12 (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 2.0.12 - Gameforge)
GIMP 2.8.18 (HKLM\...\GIMP-2_is1) (Version: 2.8.18 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Drive (HKLM-x32\...\{07A12123-B717-496B-B471-48AF6407B433}) (Version: 1.32.4066.7445 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 8.0.0.6441 (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\GoToMeeting) (Version: 8.0.0.6441 - CitrixOnline)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Hearthstone Deck Tracker (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\HearthstoneDeckTracker) (Version: 1.1.6 - HearthSim)
HearthstoneTracker (HKLM-x32\...\HearthstoneTracker) (Version: 1.9.23.39449 - HearthstoneTracker.com)
Innkeeper (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Innkeeper) (Version: 0.3.4 - Curse Inc.)
Intel Extreme Tuning Utility (HKLM-x32\...\{281badd0-7e11-494b-bdf7-34d6a2615c3c}) (Version: 6.2.0.19 - Intel Corporation)
Intel Extreme Tuning Utility (x32 Version: 6.2.0.19 - Intel Corporation) Hidden
Intel(R) Chipset Device Software (x32 Version: 10.1.1.13 - Intel(R) Corporation) Hidden
Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.2.10900.330 - Intel Corporation)
Intel(R) HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.310 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.5.0.1020 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 15.2.2.1030 - Intel Corporation)
Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1633.3 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{66307462-7d19-4f1a-af82-aa04b6017f05}) (Version: 2.6.2.4 - Intel)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Keebles (HKLM\...\Steam App 347040) (Version:  - Burnt Fuse)
Lagarith Lossless Codec (1.3.27) (HKLM-x32\...\{F59AC46C-10C3-4023-882C-4212A92283B3}_is1) (Version:  - )
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech)
MagicYUV Lossless Video Codec - Standard version 2.0.0rc1 (HKLM-x32\...\{90410593-E0EB-4F9B-B984-65BEA8F07B91}_is1) (Version: 2.0.0rc1 - INNOMAGIC Bt.)
Malwarebytes Version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MediaInfo 0.7.87 (HKLM\...\MediaInfo) (Version: 0.7.87 - MediaArea.net)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mini Metro (HKLM\...\Steam App 287980) (Version:  - Dinosaur Polo Club)
Mozilla Firefox 51.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 de)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 51.0.1.6234 - Mozilla)
MPC-HC 1.7.10 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.10 - MPC-HC Team)
MSI Afterburner 4.3.0 (HKLM-x32\...\Afterburner) (Version: 4.3.0 - MSI Co., LTD)
Music Manager (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\MusicManager) (Version:  - Google, Inc.)
Notepad++ (64-bit x64) (HKLM\...\Notepad++) (Version: 7.2.2 - Notepad++ Team)
NVIDIA 3D Vision Treiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 378.66 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.3.0.95 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.3.0.95 - NVIDIA Corporation)
NVIDIA Grafiktreiber 378.66 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.66 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NvNodejs (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 17.0.2 - OBS Project)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Oracle VM VirtualBox 5.1.12 (HKLM\...\{C212962C-71C4-4D9F-B8E0-D2CD00C8B8FE}) (Version: 5.1.12 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 10.3.3.1921 - Electronic Arts, Inc.)
Oxygen Not Included (HKLM\...\Steam App 457140) (Version:  - Klei Entertainment)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Pismo File Mount Audit Package (HKLM\...\PismoFileMountAuditPackage) (Version:  - )
Poedit (HKLM-x32\...\{68EB2C37-083A-4303-B5D8-41FA67E50B8F}_is1) (Version: 1.8.12 - Vaclav Slavik)
ProjectLibre (HKLM-x32\...\{4E352A24-AE3C-482F-9409-3E1C2B7ABED8}) (Version: 1.7.0.0 - ProjectLibre)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Realtek USB Audio (HKLM-x32\...\{0A46A65D-89AC-464C-8026-3CD44960BD04}) (Version: 6.3.9600.44 - Realtek Semiconductor Corp.)
Registrierung eines Dell Produkts (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Registrierung eines Produkts (Version: 3.0.123.0 - Dell Inc.) Hidden
RimWorld (HKLM\...\Steam App 294100) (Version:  - Ludeon Studios)
RivaTuner Statistics Server 6.6.0 (HKLM-x32\...\RTSS) (Version: 6.6.0 - Unwinder)
SagaraS Scriptmaker v6.1 (HKLM-x32\...\SagaraS Scriptmaker_is1) (Version:  - )
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.3.0.95 - NVIDIA Corporation) Hidden
Spotify (HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Spotify) (Version: 1.0.31.56.g526cfefe - Spotify AB)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0067 - ST Microelectronics)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tavern Tycoon (HKLM\...\Steam App 439340) (Version:  - Terapoly)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.66695 - TeamViewer)
The Universim version 1.0 (HKLM-x32\...\{77E2F6D6-85F9-4A73-8FC6-5A6CB3C816C1}_is1) (Version: 1.0 - Crytivo Games)
This War of Mine (HKLM\...\Steam App 282070) (Version:  - 11 bit studios)
Thunderbolt(TM) Software (HKLM-x32\...\{B0E8A8CA-5A40-49C3-BE5E-9076664DB9AA}) (Version: 15.3.39.250 - Intel Corporation)
Transmission-Qt (HKLM\...\Transmission-Qt) (Version: 2.84.9 - Transmission)
Transport Fever (HKLM\...\Steam App 446800) (Version:  - Urban Games)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
Ut Video Codec Suite (HKLM\...\utvideo_is1) (Version: 17.0.0 - UMEZAWA Takeshi)
Vegas Pro 13.0 (64-bit) (HKLM\...\{1F8D8040-0BC8-11E5-85C5-F04DA23A5C58}) (Version: 13.0.453 - Sony)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VPN Manager 1.8.10.0 (HKLM-x32\...\VPN Manager) (Version: 1.8.10.0 - Perfect-Privacy)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.1.730 - Broadcom Corporation)
WinRAR 5.40 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
x264vfw - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\x264vfw) (Version:  - )
YouPloader Version 0.9.3 (HKLM-x32\...\{DC552D9B-15C9-4F51-B0B2-D8AB7791DBFF}_is1) (Version: 0.9.3 - BeCast)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6291\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3515307565-1161031247-3300353082-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {04CB2EF6-C5EE-46A5-80FE-E0E2140C4D1B} - System32\Tasks\USER_ESRV_SVC_QUEENCREEK => Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\task.vbs"
Task: {0D55ABF1-CE90-436D-AEC9-21E996067D93} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2016-03-17] (Intel Corporation)
Task: {163E6DF7-9A42-4E71-B7CB-A7FC00FC613B} - System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {1A48F5F1-A4FA-448D-8F88-774F9DF2371A} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {207D147E-E73E-44B4-88E1-B9559DF26B1A} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application when hardware is detected => Thunderbolt.exe 
Task: {29CF4F40-5921-43C7-B8DC-B282ED50165D} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {2E5F1938-4478-4009-9A8C-8CF974952D7B} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {33E7D8B0-1D68-4EDD-B7D0-92E87A4F3C09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {4D23204F-0E2E-4838-8154-9CE740A0241A} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-01-21] (NVIDIA Corporation)
Task: {50DA9037-6E4B-4CD0-BA09-BAAAD604AAF2} - System32\Tasks\Intel PTT EK Recertification => C:\Program Files\Intel\iCLS Client\IntelPTTEKRecertification.exe [2016-06-14] (Intel(R) Corporation)
Task: {5A30115F-FF80-4AA1-9E90-E33417862FD6} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service when hardware is detected => sc.exe start ThunderboltService
Task: {5AF67BBA-EAEC-46AF-827B-314EB7D6A46C} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-01-21] (NVIDIA Corporation)
Task: {5B109A0B-823B-48E0-8DE2-E2DAB8E52FA6} - System32\Tasks\Adobe Uninstaller => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 
Task: {60B633A5-BC32-4179-84FB-9FF44A397776} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {6488574D-F798-462F-88D7-C0457AE6A5BC} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe [2015-11-20] (Intel Corporation)
Task: {652DF692-C7F7-459F-BDF5-F55E4A777E78} - System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001 => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe [2017-02-18] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {65D9B6CA-FACA-4EDA-98B7-4904A5253B48} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-01-21] (NVIDIA Corporation)
Task: {86472F58-B053-402E-9BAA-663541F0AA59} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt application on login if service is up => Thunderbolt.exe 
Task: {9791F492-8F48-4F99-8CD6-F9CB6B50BEF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {9B95B377-96BA-41DB-AD06-B0954F989609} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {9EA39A14-9FB0-418C-AC71-EDEE85799B18} - System32\Tasks\CreateExplorerShellUnelevatedTask => C:\WINDOWS\explorer.exe /NOUACCHECK
Task: {AB031289-0E5D-4509-8F19-A8B1322905C8} - System32\Tasks\Intel\Thunderbolt\Start Thunderbolt service on boot if driver is up => tbtsvc.exe 
Task: {AC24C798-888C-43FA-9D8B-32F5D902E8DB} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {B4776765-14D6-4572-B8DE-B6EDD52B4990} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe 
Task: {C33EBE27-3732-4579-B29F-79D01F362757} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-10] (Google Inc.)
Task: {CAA1D9C6-1233-4DC7-879F-EC161AE71991} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe 
Task: {D220BA68-269C-41EB-8A54-13A110A70A70} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA1d25f0055f52a8c => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D2D43FD7-AA72-433B-9313-037A3C38A991} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {D6A9151A-612D-4C84-88AF-370ECA981488} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core1d25f0055f0e153 => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe [2016-07-26] (Google Inc.)
Task: {D84FABA7-EA17-4A74-807C-81C7620DB5A7} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {DCF517FB-4549-4BB6-A95A-EE96C2716380} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-ezztro@yahoo.de => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-08-05] (Adobe Systems Incorporated)
Task: {E5E09893-C0AF-4AA9-B662-4B583E3CDFA6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2017-02-17] (PC-Doctor, Inc.)
Task: {EC5937FE-8585-4CE3-8694-02DDC49EE896} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-02-04] (Microsoft Corporation)
Task: {F35D6EB5-3FEE-49C9-8EE2-CFAB94043E72} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-17] (Dropbox, Inc.)
Task: {F43A5D40-7ED4-4E59-8B77-352C08D88260} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-01-21] (NVIDIA Corporation)
Task: {FC38FDB1-3888-400F-AB12-D2D387A163F4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job => C:\Users\ezztr\AppData\Local\Citrix\GoToMeeting\6441\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001Core.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3515307565-1161031247-3300353082-1001UA.job => C:\Users\ezztr\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Google Play Musik.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=fahmaaghhglfmonjliepjlchgpgfmobi

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-01-09 00:13 - 2017-02-10 05:57 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-21 08:47 - 2015-08-21 08:47 - 00049408 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2017-01-10 14:59 - 2017-01-10 14:59 - 00125808 _____ () C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
2016-12-31 17:22 - 2016-11-17 22:16 - 00805632 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
2016-12-31 17:22 - 2016-11-17 22:18 - 01981184 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_modeler.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00247552 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\acpi_battery_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00212736 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\wifi_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00174848 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\devices_use_input.dll
2016-12-31 17:22 - 2016-11-17 22:10 - 00203520 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_system_power_state_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00206592 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_disktrace_input.dll
2016-12-31 17:22 - 2016-11-17 22:09 - 00336640 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_process_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00147712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_winstat_input.dll
2016-12-31 17:22 - 2016-11-17 22:11 - 00213248 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\sema_thermal_input.dll
2016-12-31 17:22 - 2016-11-17 22:07 - 00229120 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_quality_and_reliability_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00224000 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_sampler_input.dll
2016-12-31 17:22 - 2016-11-17 22:06 - 00211712 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_stress_odometer_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00219904 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_turbo_input.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-11-17 22:05 - 2016-11-17 22:05 - 00156928 _____ () C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
2016-12-20 20:18 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-14 02:10 - 2017-01-14 02:10 - 00052400 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2016-09-16 18:25 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-14 11:17 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 12:33 - 2017-02-22 12:34 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 12:33 - 2017-02-22 12:34 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-07 16:50 - 2017-02-07 16:50 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-16 19:02 - 2013-10-29 18:43 - 00248832 _____ () C:\Program Files (x86)\Drakonia Configurator\hid.exe
2016-04-04 14:54 - 2016-04-04 14:54 - 00575432 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-12-31 17:22 - 2016-11-17 22:14 - 00730880 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
2016-12-31 17:22 - 2016-11-17 22:12 - 00237824 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\foreground_window_input.dll
2016-12-31 17:22 - 2016-11-17 22:08 - 00217344 _____ () C:\Program Files\Intel\SUR\QUEENCREEK\intel_user_waiting_input.dll
2016-10-25 13:36 - 2015-11-25 02:33 - 01034368 _____ () C:\Program Files\Transmission\dbus-daemon.exe
2016-12-22 23:27 - 2016-12-22 23:27 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
2017-02-16 00:05 - 2017-02-16 00:05 - 03865088 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-04-16 19:02 - 2012-12-11 16:14 - 00240640 _____ () C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
2017-01-14 11:17 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-14 11:17 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-14 11:17 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-09-12 22:57 - 2017-01-09 19:08 - 02493440 _____ () C:\games\Origin\libGLESv2.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2016-07-03 16:54 - 2017-01-21 01:39 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2016-07-03 16:55 - 2017-01-21 01:38 - 64245184 _____ () C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\libcef.dll
2016-07-22 01:42 - 2017-01-20 20:36 - 00338488 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00254008 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-07-22 01:42 - 2017-01-20 20:36 - 02808888 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00384568 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00537656 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node
2016-07-22 01:42 - 2017-01-20 20:36 - 00468024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-08-29 22:56 - 2017-01-20 20:36 - 01066552 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvCameraAPINode.node
2016-12-23 17:59 - 2017-01-20 20:36 - 01014840 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSDKAPINode.node
2017-02-24 15:47 - 2017-02-24 15:47 - 00098816 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32api.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00110080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pywintypes27.dll
2017-02-24 15:47 - 2017-02-24 15:47 - 00364544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pythoncom27.dll
2017-02-24 15:47 - 2017-02-24 15:47 - 00320512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32com.shell.shell.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00914432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_hashlib.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 01176576 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._core_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00806400 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._gdi_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00816128 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._windows_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 01067008 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._controls_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00733184 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._misc_.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00682496 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pysqlite2._sqlite.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_ctypes.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00686080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\unicodedata.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00119808 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32file.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00108544 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32security.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00007168 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\hashobjs_ext.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00017920 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\thumbnails_ext.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00088064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\usb_ext.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00012800 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\common.time34.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00018432 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32event.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00167936 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32gui.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00046080 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_socket.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 01303552 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_ssl.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00128512 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_elementtree.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00127488 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\pyexpat.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00038912 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32inet.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00036864 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_psutil_windows.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00524248 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\windows._lib_cacheinvalidation.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00011264 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32crypt.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00123392 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._wizard.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00077312 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._html2.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00027648 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_multiprocessing.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00020480 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\_yappi.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00035840 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32process.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00078848 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\wx._animate.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00024064 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32pipe.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00010240 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\select.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00025600 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32pdh.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00017408 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32profile.pyd
2017-02-24 15:47 - 2017-02-24 15:47 - 00022528 ____R () C:\Users\ezztr\AppData\Local\Temp\_MEI112522\win32ts.pyd
2016-04-16 19:02 - 2013-01-15 22:06 - 00061952 _____ () C:\Program Files (x86)\Drakonia Configurator\HidDevice.dll
2016-03-18 18:26 - 2016-03-18 18:26 - 00207872 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2016-03-18 17:19 - 2016-03-18 17:19 - 00107520 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2016-12-21 10:24 - 2016-12-21 10:24 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-24 07:26 - 2015-06-24 07:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-05-13 14:10 - 2016-05-13 14:10 - 00134144 _____ () C:\Program Files (x86)\Dell Update\ServiceTagPlusPlus.dll
2016-07-18 15:14 - 2016-07-18 15:14 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2016-04-11 23:08 - 2016-12-24 01:28 - 00657184 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 04969248 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 02327840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-11 23:07 - 2016-01-27 14:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01563936 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-11 23:08 - 2016-09-01 08:02 - 01195296 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-11 23:07 - 2017-01-19 08:30 - 00838432 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-11 23:07 - 2016-07-05 05:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-12-21 12:18 - 2017-01-05 10:12 - 68813088 _____ () C:\Program Files (x86)\Steam\bin\cef\cef.win7\libcef.dll
2016-04-11 23:08 - 2017-01-19 08:30 - 00383776 _____ () C:\Program Files (x86)\Steam\steam.dll
2016-04-11 23:07 - 2015-09-25 06:52 - 00119208 _____ () C:\Program Files (x86)\Steam\winh264.dll
2016-12-22 23:27 - 2016-12-22 23:27 - 12163072 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
2016-12-20 20:05 - 2016-12-20 20:06 - 00958464 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
2016-07-16 21:31 - 2016-07-16 21:31 - 00645120 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
2016-08-24 09:13 - 2016-08-24 09:14 - 03312024 _____ () C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
2016-04-16 19:02 - 2011-11-22 19:18 - 00249856 _____ () C:\Program Files (x86)\Drakonia Configurator\language.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 21:49 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 18:04 - 2016-11-20 23:07 - 00001025 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 118.98.44.10
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "PremierColor"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\StartupApproved\Run: => "MusicManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C17F5659-1505-42DE-BB05-2C756F24B829}] => (Allow) C:\games\GameforgeLive\gfl_client.exe
FirewallRules: [{7D93B344-EB13-4E7A-BD61-0863CBF13D34}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC4F5E12-EC9F-4AE8-8BF6-6A514710F95C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{D45226D3-5DCE-42F4-AF3B-76C8FA1D5F26}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{F8D0FD33-645D-4886-83F4-F10F91E60F23}C:\users\ezztr\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ezztr\appdata\roaming\spotify\spotify.exe
FirewallRules: [{277B7182-EF76-4E43-829A-DB3743D4FAC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{B805154D-E775-4E97-9110-F33FB0C6EB51}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{3E397DCD-0DD7-4044-A1A0-149701EB7C32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{64BCF33C-B757-440E-A2CC-FDC496463331}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{A16F6B7B-70F3-4576-BBA2-9E1E3119F4AE}] => (Block) %ProgramFiles%\Sony\Vegas Pro 13.0\vegas130.exe
FirewallRules: [UDP Query User{C0B1816F-734A-411A-8D6B-5A9ECC77EBD0}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [TCP Query User{4A8B2546-03FA-4EB8-85AE-EEE23DCA4046}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{7E700728-1A46-474F-A9DF-5D1B31DC547F}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{58091464-702B-4BA8-9722-9DD3019824F8}] => (Allow) C:\Games\World_of_Tanks\worldoftanks.exe
FirewallRules: [{08E43E94-6562-4C54-9538-7F4D3376D598}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [{A402605C-2125-4DB3-8463-845F1AE0558B}] => (Allow) C:\Games\World_of_Tanks\WoTLauncher.exe
FirewallRules: [UDP Query User{278854EE-DCAC-4D46-8EC7-65836AB565F4}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [TCP Query User{E61457E3-0841-4B8B-94B0-053B3D1F6B38}C:\games\hearthstone\hearthstone.exe] => (Allow) C:\games\hearthstone\hearthstone.exe
FirewallRules: [{3BC96CDD-1BE2-4378-8C34-7A5046B8C829}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{E77BCB3B-19C5-4D11-9163-2CA9772CC215}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\MiniMetro\MiniMetro.exe
FirewallRules: [{EF88B2AE-1A5B-412C-9EA7-F3ED89932447}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{60C82DF7-A1E1-4BB3-A84C-B52A3E7614A5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{C3E3F344-96BD-4E3A-888F-14A4B964F289}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{5346CA20-8F67-4AAA-B93F-438A67350DF6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{9215639A-8497-44BD-BDEE-EE065DA52BB3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{759CA9DD-D5CA-46F1-8E91-207742295A67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Faeria\Faeria.exe
FirewallRules: [{E064189B-3782-4E35-96D9-BDFF9F499639}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{4EDFA684-A6F6-4A6F-861F-7E2E4B482CD4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\CraftTheWorld\CraftWorld.exe
FirewallRules: [{6D6E6B78-D454-4C1E-A5F6-CE16D2B53576}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [{548CD056-BF5E-46D5-BC7E-F178EB7A5529}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\RimWorld\RimWorldWin.exe
FirewallRules: [TCP Query User{37DE9295-1AE0-44E7-B1FD-6BFA0CCEFC64}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [UDP Query User{C7C3E257-C7A8-48E3-B179-5AF3FFD5E209}C:\tmp\avencolony\binaries\win64\avencolony.exe] => (Allow) C:\tmp\avencolony\binaries\win64\avencolony.exe
FirewallRules: [{5F381414-7E4A-4DAC-94AE-B7A20CA69DA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{0AB262A1-F86A-4AFF-83CB-8B3A3529E830}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Transport Fever\TransportFever.exe
FirewallRules: [{35F5E33E-2EE3-40D9-8D05-4BBCAE2B7CC6}] => (Allow) %ProgramFiles%\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{AF368985-5F99-4ED9-96B4-2FC8C375A453}] => (Block) %ProgramFiles%\Adobe\Adobe Audition CC 2015\Adobe Audition CC.exe
FirewallRules: [{2CBFE8D9-02EE-41FB-9141-A88122B77815}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06A7C478-0B02-49CC-92AA-B7AC95D45EE4}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{143E3176-9C1F-4EEE-884B-2B2E43C93E9D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{C3BA8D08-41A0-4F93-93AA-7C230B171825}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{296F8C72-669A-49B9-8773-F2AC39257571}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{EC9DBA8F-965B-4AB6-B13E-271A19A65802}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{3434F424-1A3C-4AD5-B67D-C23403F1BBD8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{6E7C318E-CC99-461A-B692-E86AB2D4BF26}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5BBDDEC7-BD03-4FB6-8599-F39D2F0E8EA6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3D6782B4-E800-471A-8B72-1DB780B0BAC4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{39F896B1-29FE-421F-A4A8-80F8D572DA07}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{FE4F29E9-EA06-412B-BD0C-1B870D1786C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{D7DA5ABD-DA9B-4E12-BA51-E6BF0F9A8B93}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{AC18BE33-A7F2-4DB0-BDDC-E2116D8FDDF4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [{9096EF1A-E968-4508-BACA-60833687AB10}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Keebles\Keebles.exe
FirewallRules: [TCP Query User{D451319D-13B5-473B-801E-92390E465CD5}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [UDP Query User{A6AED956-641B-4A06-BBAA-7977D3B1941F}C:\games\the universim\the universim.exe] => (Allow) C:\games\the universim\the universim.exe
FirewallRules: [{6B46C0AA-404C-4F8A-B269-84321A873B0A}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{591828EE-75B0-416D-AFAA-62FE66304C38}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{D5D7ECAA-0C2C-4298-80FC-2AD8E3625F5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{70EC9924-39A9-4327-8E29-3CD9B1362085}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox_BE.exe
FirewallRules: [{B00BFF46-3023-40B2-9937-81068549DE27}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{E4AA0E3E-2558-4129-B7D5-1408B426A7FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Conan Exiles\ConanSandbox\Binaries\Win64\ConanSandbox.exe
FirewallRules: [{111ADE00-A556-4F6E-A162-7F624AA421B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{16B5D7C8-1CB3-4968-98F2-525DC7767CE2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Factorio\bin\x64\factorio.exe
FirewallRules: [{AA4AAE9D-EDF8-43EE-8366-32E1596BE4E0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{32B7101D-B91C-4BB3-A713-F192C26BDCD8}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [UDP Query User{FA4A5112-CD38-43C8-8F26-C8BC71256DD9}C:\program files\transmission\transmission-qt.exe] => (Allow) C:\program files\transmission\transmission-qt.exe
FirewallRules: [{80F768F5-5B72-4F0B-9BB8-B88918DD446F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{40F29920-31F6-4CCF-B886-D83E03E8E8A0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{C143464E-F3C5-4B1E-AE6C-388C4C2FA335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{41D652DD-FA31-4F36-AFAD-6083D1AA8D2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tavern Tycoon\TavernTycoon.exe
FirewallRules: [{D6E94B12-5A4F-46E0-9931-81CE4872D96C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{E1217DC5-2210-4991-A414-D4DFD966FA83}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DarkestDungeon\_windows\Darkest.exe
FirewallRules: [{A2091538-196A-4ACC-821A-1D8FEE92E88D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe
FirewallRules: [{C465A602-10DB-4B2A-B047-266815A93382}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OxygenNotIncluded\OxygenNotIncluded.exe

==================== Restore Points =========================

06-02-2017 14:41:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210
14-02-2017 18:10:57 Removed LibreOffice 5.0.5.2
16-02-2017 14:00:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212
21-02-2017 17:27:40 TMPGEnc Video Mastering Works 6 Testversion wird entfernt
22-02-2017 22:47:19 JRT Pre-Junkware Removal
24-02-2017 11:47:12 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212

==================== Faulty Device Manager Devices =============

Name: Intel High Definition DSP
Description: Intel High Definition DSP
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/24/2017 07:33:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- Exception on mounting SOS: mk_dellsupport_lnk can't find DSP! errno=0 #StackInfo#

Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#

Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:Image, Partition:PartitionPos {disk:0, part:5}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- FindPartObjects() Lable not matched! Target:DELLSUPPORT, Current:WINRETOOLS, Partition:PartitionPos {disk:0, part:4}, curGptTypeStr:{de94bba4-06d1-4d40-a16a-bfd50179d6ac} #StackInfo#

Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- [SOSINSTALLER] TRYMOUNT-DELLSUPPORT: mk_dellsupport_lnk can't find DSP! errno=0
   at utilities.SymlnkBroker.mk_dellsupport_lnk(String mountpoint, String targetFileRelativePath, Boolean isDirectory, List`1 targetKeyFiles)
   at utilities.PartitionHelper.DellSupportFinder.find()
   at DellUpdate.sosinstaller.try_mount_dellsupport() #StackInfo#

Error: (02/24/2017 04:08:11 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [5] ERROR- mk_dellsupport_lnk() can't find DSP! Threw exception! #StackInfo#

Error: (02/24/2017 03:49:04 PM) (Source: DellUpService.exe) (EventID: 0) (User: )
Description: [4] ERROR- DoUpdateCheck manifestsSuccessful is invalid, stop updating! #StackInfo#

Error: (02/24/2017 03:46:14 PM) (Source: CertEnroll) (EventID: 86) (User: NT AUTHORITY)
Description: Fehler bei der Initialisierung der SCEP-Zertifikatregistrierung für WORKGROUP\DESKTOP-CSVQ63S$ über https://NTC-NameId-bcd3c503d39e51b0c50489e9228e984a7e63e303.microsoftaik.azure.net/templates/Aik/scep:

GetCACaps

Methode: GET(141ms)
Phase: GetCACaps
The server name or address could not be resolved 0x80072ee7 (WinHttp: 12007 ERROR_WINHTTP_NAME_NOT_RESOLVED)

Error: (02/24/2017 11:47:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (02/25/2017 03:02:01 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/25/2017 11:48:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/25/2017 11:17:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 und der APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 im Anwendungscontainer "Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe" (SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/25/2017 11:17:46 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{9E175B6D-F52A-11D8-B9A5-505054503030}
 und der APPID 
{9E175B9C-F52A-11D8-B9A5-505054503030}
 im Anwendungscontainer "Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe" (SID: S-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/25/2017 05:08:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/25/2017 02:29:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/24/2017 03:47:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/24/2017 03:47:59 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-CSVQ63S)
Description: Durch die Berechtigungseinstellungen für "machine-default" wird dem Benutzer "DESKTOP-CSVQ63S\ezztr" (SID: S-1-5-21-3515307565-1161031247-3300353082-1001) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{C2F03A33-21F5-47FA-B4BB-156362A2F239}
 und der APPID 
{316CDED5-E4AE-4B15-9113-7055D84DCC97}
 im Anwendungscontainer "Microsoft.Windows.Cortana_1.7.0.14393_neutral_neutral_cw5n1h2txyewy" (SID: S-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/24/2017 03:47:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (02/24/2017 03:46:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "USER_ESRV_SVC_QUEENCREEK" wurde mit folgendem Fehler beendet: 
%%497


CodeIntegrity:
===================================
  Date: 2017-02-25 11:17:46.401
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\WIDCOMM\Bluetooth Software\BTNCopy.dll that did not meet the Store signing level requirements.

  Date: 2017-02-25 11:17:46.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\FileZilla FTP Client\fzshellext_64.dll that did not meet the Store signing level requirements.

  Date: 2017-02-24 20:45:49.160
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-24 15:45:58.508
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-23 23:37:02.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-23 14:26:54.213
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-23 09:10:29.592
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-22 22:37:35.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-02-22 20:03:30.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvinitx.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-22 17:29:53.650
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\vfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 32%
Total physical RAM: 16238.91 MB
Available physical RAM: 10975.98 MB
Total Virtual: 18670.91 MB
Available Virtual: 11874.22 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:461.56 GB) (Free:186.21 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: A4A7D5DC)

Partition: GPT.

==================== End of Addition.txt ============================

jomei · 25.02.2017, 17:59

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-02-2017
Ran by ezztr (administrator) on DESKTOP-CSVQ63S (25-02-2017 23:54:19)
Running from C:\Users\ezztr\Desktop
Loaded Profiles: ezztr (Available Profiles: ezztr & elsia)
Platform: Windows 10 Home Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
() C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Intel Corporation) C:\Windows\System32\Intel\DPTF\esif_uf.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Electronic Arts) C:\games\Origin\OriginWebHelperService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Perfect Privacy) C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Logitech, Inc.) C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Drakonia Configurator\hid.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
() C:\Program Files\Intel\SUR\QUEENCREEK\esrv.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Intel(R) Corporation) C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
() C:\Program Files\Transmission\dbus-daemon.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.BingWeather_4.18.37.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1702.312.0_x64__8wekyb3d8bbwe\Calculator.exe
() C:\Program Files (x86)\Drakonia Configurator\trayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [PremierColor] => C:\Program Files\Portrait Displays\Dell PremierColor\PremierColor.exe [3828464 2015-09-03] (Portrait Displays, Inc.)
HKLM\...\Run: [Dell Unifying Software Launcher] => C:\Program Files\Dell\UnifyingSoftwareLauncher\DellLaunchUnifyingApp.exe [3209608 2012-12-22] (Logitech, Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [320584 2016-10-31] (Intel Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [GamingMouse] => C:\Program Files (x86)\Drakonia Configurator\hid.exe [248832 2013-10-29] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-12-12] (Oracle Corporation)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify Web Helper] => C:\Users\ezztr\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1552496 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Spotify] => C:\Users\ezztr\AppData\Roaming\Spotify\Spotify.exe [6916208 2016-06-18] (Spotify Ltd)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Google Update] => C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-26] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [MusicManager] => C:\Users\ezztr\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2016-02-02] (Google Inc.)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Dxtory Update Checker 2.0] => C:\Program Files (x86)\ExKode\Dxtory2.0\UpdateChecker.exe [93696 2010-10-17] (Dxtory Software)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google)
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\...\Run: [Bitrix24 Desktop] => [X]
ShellIconOverlayIdentifiers: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\64\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506B} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_C] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506E} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_E] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506D} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_L] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506F} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
ShellIconOverlayIdentifiers-x32: [  00BitrixShellExt_S] -> {A11A1EE5-F9F8-4BE0-907F-D74A49CC506C} => C:\Program Files (x86)\Bitrix24\32\BitrixShellExt.dll [2016-11-15] (Bitrix Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-12-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74
Tcpip\..\Interfaces\{dd7fa2b5-9e4d-461b-b755-8204e8510d0f}: [DhcpNameServer] 8.8.8.8 118.98.44.10 203.130.193.74

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-02-04] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-02-04] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-22] (Oracle Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-02-04] (Microsoft Corporation)

Edge: 
======
Edge Extension: (LastPass: Free Password Manager) -> hdokiejnpimakedhajhdlcegeplioahd_LastPassLastPassFreePasswordManager_qq0fmhteeht3j => C:\Program Files\WindowsApps\LastPass.LastPassFreePasswordManager_4.1.29.0_neutral__qq0fmhteeht3j [2017-02-12]

FireFox:
========
FF DefaultProfile: w9newjxp.default
FF ProfilePath: C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default [2017-02-25]
FF Extension: (SHA-1 deprecation staged rollout) - C:\Users\ezztr\AppData\Roaming\Mozilla\Firefox\Profiles\w9newjxp.default\features\{11a112ca-fffe-4f49-9a25-8dbc77ff71b5}\disableSHA1rollout@mozilla.org.xpi [2017-02-19]
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-02-04] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-02-10] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @citrixonline.com/appdetectorplugin -> C:\Users\ezztr\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-02-06] (Citrix Online)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=3 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)
FF Plugin HKU\S-1-5-21-3515307565-1161031247-3300353082-1001: @tools.google.com/Google Update;version=9 -> C:\Users\ezztr\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-26] (Google Inc.)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "hxxp://www.giga.de/","hxxp://www.google.com"
CHR Profile: C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default [2017-02-25]
CHR Extension: (Google*Übersetzer) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-04-10]
CHR Extension: (Flash Video Downloader) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc [2017-02-23]
CHR Extension: (Google Drive) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-10]
CHR Extension: (YouTube) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-10]
CHR Extension: (uBlock Origin) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-02-07]
CHR Extension: (Google Play Musik) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2017-02-22]
CHR Extension: (Google Docs Offline) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-10]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-25]
CHR Extension: (CanvasFingerprintBlock) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipmjngkmngdcdpmgmiebdmfbkcecdndc [2016-04-10]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-11-22]
CHR Extension: (dict-cc) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nknonnojlmhnmjhpeokdbeineeajcemh [2017-02-22]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-19]
CHR Extension: (Google Mail) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\ezztr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKU\S-1-5-21-3515307565-1161031247-3300353082-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-01-19] (Adobe Systems, Incorporated)
R2 BcmBtRSupport; C:\WINDOWS\system32\BtwRSupportService.exe [2288384 2015-12-27] (Broadcom Corporation.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1467912 2017-02-06] ()
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3020992 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [431088 2016-10-12] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [130936 2016-12-21] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2017-01-11] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellDockUpdate; C:\Program Files (x86)\Dell Dock Update\DUWrapperService.exe [125808 2017-01-10] ()
S3 DellPremierColorService; C:\Program Files\Portrait Displays\Dell PremierColor\PremierColorService.exe [175344 2015-09-03] (Portrait Displays, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [229376 2016-05-13] (Dell Inc.)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [392480 2017-01-13] (EasyAntiCheat Ltd)
R2 esifsvc; C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe [1585784 2016-06-03] (Intel Corporation)
R2 ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [17992 2016-10-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [356336 2016-10-12] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [987432 2016-06-14] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [215328 2016-07-18] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-01-21] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-10] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-01-21] (NVIDIA Corporation)
S3 Origin Client Service; C:\games\Origin\OriginClientService.exe [2119688 2017-01-09] (Electronic Arts)
R2 Origin Web Helper Service; C:\games\Origin\OriginWebHelperService.exe [2180624 2017-01-09] (Electronic Arts)
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
S3 ptsysexec; C:\WINDOWS\ptsysexec.exe [238856 2015-12-03] (Pismo Technic Inc.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 SystemUsageReportSvc_QUEENCREEK; C:\Program Files\Intel Driver Update Utility\SUR\SurSvc.exe [156928 2016-11-17] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
S3 ThunderboltService; C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe [1831064 2015-11-04] (Intel Corporation)
S2 USER_ESRV_SVC_QUEENCREEK; C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe [805632 2016-11-17] ()
R2 VPNManager; C:\Program Files (x86)\Perfect Privacy VPN Manager\VPNManagerService.exe [19968 2016-09-03] (Perfect Privacy) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 XTU3SERVICE; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe [18232 2016-11-09] (Intel(R) Corporation)
S2 NVIDIA Wireless Controller Service; "C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\WINDOWS\system32\drivers\bcbtums.sys [208192 2015-12-27] (Broadcom Corporation.)
R3 BCMPCIEDHD63; C:\WINDOWS\system32\DRIVERS\bcmpciedhd63.sys [1063736 2016-03-03] (Broadcom Corp)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-06] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-06] (Dell Computer Corporation)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [70208 2016-05-19] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [65088 2016-05-19] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [343608 2016-05-19] (Intel Corporation)
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [43512 2015-06-10] (Intel Corporation)
R3 iaLPSS2_I2C; C:\WINDOWS\System32\drivers\iaLPSS2_I2C.sys [184632 2016-08-29] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [225872 2016-08-08] (Intel(R) Corporation)
R2 iocbios2; C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [37064 2016-08-24] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvdmi.inf_amd64_0f03095bd41aae95\nvlddmkm.sys [14516664 2017-02-11] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-01-21] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [47672 2017-01-06] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-01-21] (NVIDIA Corporation)
S3 pfmfs_180; C:\WINDOWS\System32\Drivers\pfmfs_180.sys [258248 2015-12-15] (Pismo Technic Inc.)
R3 PTPFilter; C:\WINDOWS\System32\drivers\PTPFilter.sys [51032 2016-08-29] (Samsung)
S3 ptun0901; C:\WINDOWS\System32\drivers\ptun0901.sys [27136 2016-06-15] (The OpenVPN Project)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [402136 2015-06-25] (Realsil Semiconductor Corporation)
R3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
S3 taphss6; C:\WINDOWS\System32\drivers\taphss6.sys [42064 2016-05-27] (Anchorfree Inc.)
R1 VBoxNetAdp; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\WINDOWS\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S1 vflt; C:\WINDOWS\system32\DRIVERS\vfilter.sys [24064 2013-07-01] (Shrew Soft Inc) [File not signed]
S3 vnet; C:\WINDOWS\System32\drivers\virtualnet.sys [17408 2013-07-01] (Shrew Soft Inc) [File not signed]
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 11:28 - 2017-02-25 11:28 - 00001453 _____ C:\Users\ezztr\Desktop\Poedit.exe - Verknüpfung.lnk
2017-02-25 01:12 - 2017-02-25 01:12 - 00087565 _____ C:\Users\ezztr\Downloads\Oxygen_Not_Included_German-master (1).zip
2017-02-24 19:33 - 2017-02-24 20:28 - 00000000 ____D C:\Users\ezztr\Downloads\Poedit Pro v1.8.8 Setup + Crack
2017-02-24 19:30 - 2017-02-24 19:30 - 00013327 _____ C:\Users\ezztr\Downloads\58CE5E41142D5C807DEC601120F1F9F6164542D5.torrent
2017-02-24 17:57 - 2017-02-24 17:57 - 00000000 ____D C:\Users\ezztr\Documents\Klei
2017-02-24 17:53 - 2017-02-24 17:53 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Poedit
2017-02-24 17:49 - 2017-02-25 11:29 - 00000000 ____D C:\Program Files (x86)\Poedit
2017-02-24 17:49 - 2017-02-24 17:49 - 13952280 _____ (Vaclav Slavik ) C:\Users\ezztr\Downloads\Poedit-1.8.12-setup.exe
2017-02-24 17:49 - 2017-02-24 17:49 - 00001108 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Poedit.lnk
2017-02-24 17:45 - 2017-02-24 17:45 - 00000222 _____ C:\Users\ezztr\Desktop\Oxygen Not Included.url
2017-02-24 17:40 - 2017-02-24 17:40 - 00084150 _____ C:\Users\ezztr\Downloads\Oxygen_Not_Included_German-master.zip
2017-02-24 17:07 - 2017-02-24 18:24 - 938098688 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 348577.crdownload
2017-02-24 15:55 - 2017-02-24 15:55 - 00165883 _____ C:\Users\ezztr\Desktop\Analytics Alle Websitedaten Default Dashboard MNP 20170217-20170223.pdf
2017-02-24 15:36 - 2017-02-24 15:36 - 00004136 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2017-02-24 15:36 - 2017-02-24 15:36 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2017-02-24 15:36 - 2017-02-24 15:36 - 00000000 ____D C:\Program Files\Dell Support Center
2017-02-24 01:41 - 2017-02-24 01:45 - 00000000 ____D C:\ProgramData\HitmanPro
2017-02-23 23:46 - 2017-02-24 01:41 - 11581544 _____ (SurfRight B.V.) C:\Users\ezztr\Desktop\HitmanPro_x64.exe
2017-02-23 23:41 - 2017-02-23 23:43 - 02870984 _____ (ESET) C:\Users\ezztr\Downloads\esetsmartinstaller_deu.exe
2017-02-23 23:35 - 2017-02-23 23:36 - 00019940 _____ C:\Users\ezztr\Desktop\Fixlog.txt
2017-02-23 16:03 - 2017-02-23 16:03 - 60676178 _____ (Inkscape Project) C:\Users\ezztr\Downloads\Inkscape-0.92.1-x64-1.exe
2017-02-23 14:07 - 2017-02-23 14:07 - 00040908 _____ C:\Users\ezztr\AppData\Local\recently-used.xbel
2017-02-23 14:04 - 2017-02-23 14:06 - 02981506 _____ C:\Users\ezztr\Downloads\dejavu-sans.zip
2017-02-23 14:04 - 2017-02-23 14:04 - 00336374 _____ C:\Users\ezztr\Downloads\dejavu_sans1.zip
2017-02-23 11:44 - 2017-02-23 11:44 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2017-02-23 08:39 - 2017-02-23 08:40 - 77568952 _____ (The GIMP Team ) C:\Users\ezztr\Downloads\gimp-2.8.20-setup.exe
2017-02-22 22:50 - 2017-02-25 23:53 - 00000000 ____D C:\Users\ezztr\Desktop\FRST-OlderVersion
2017-02-22 22:50 - 2017-02-22 22:50 - 00000744 _____ C:\Users\ezztr\Desktop\JRT.txt
2017-02-22 22:45 - 2017-02-22 22:45 - 00001240 _____ C:\Users\ezztr\Desktop\mbam.txt
2017-02-22 22:40 - 2017-02-25 12:47 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-02-22 22:40 - 2017-02-25 11:18 - 00176584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-02-22 22:40 - 2017-02-25 11:18 - 00110536 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-02-22 22:40 - 2017-02-25 11:18 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-02-22 22:39 - 2017-02-25 11:18 - 00251848 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-02-22 22:39 - 2017-02-22 22:39 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-02-22 22:39 - 2017-02-22 22:39 - 00000000 ____D C:\Program Files\Malwarebytes
2017-02-22 22:39 - 2017-01-20 07:47 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-02-22 22:31 - 2017-02-22 22:47 - 01663040 _____ (Malwarebytes) C:\Users\ezztr\Downloads\JRT.exe
2017-02-22 22:31 - 2017-02-22 22:39 - 55566792 _____ (Malwarebytes ) C:\Users\ezztr\Downloads\mb3-setup-consumer-3.0.6.1469.exe
2017-02-22 22:30 - 2017-02-22 22:33 - 04015056 _____ C:\Users\ezztr\Desktop\AdwCleaner_6.043.exe
2017-02-22 17:10 - 2017-02-22 17:10 - 00001199 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouPloader.lnk
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Users\ezztr\YouPloader
2017-02-22 17:10 - 2017-02-22 17:10 - 00000000 ____D C:\Program Files (x86)\YouPloader
2017-02-22 17:09 - 2017-02-22 17:09 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Sun
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-02-22 17:09 - 2017-02-22 17:09 - 00000000 ____D C:\Program Files (x86)\Java
2017-02-22 17:07 - 2017-02-22 17:07 - 00739392 _____ (Oracle Corporation) C:\Users\ezztr\Downloads\JavaSetup8u121.exe
2017-02-22 16:59 - 2017-02-22 17:07 - 15674444 _____ (BeCast ) C:\Users\ezztr\Downloads\YouPloader-setup-0.9.3.exe
2017-02-22 14:37 - 2017-02-22 14:37 - 00134008 _____ C:\Users\ezztr\Downloads\OnlineWebFonts_COM_0e81aad85bdcd8299ff6a632d00b823c.zip
2017-02-22 07:42 - 2017-02-22 07:52 - 00284296 _____ C:\TDSSKiller.3.1.0.12_22.02.2017_07.42.10_log.txt
2017-02-22 07:41 - 2017-02-22 07:42 - 04747704 _____ (AO Kaspersky Lab) C:\Users\ezztr\Downloads\tdsskiller.exe
2017-02-21 21:19 - 2017-02-21 21:37 - 638401510 _____ C:\Users\ezztr\Downloads\The.Walking.Dead.S07E10.HDTV.x264-SVA[eztv].mkv
2017-02-21 14:20 - 2017-02-25 23:54 - 00028968 _____ C:\Users\ezztr\Desktop\FRST.txt
2017-02-21 14:20 - 2017-02-24 01:53 - 00066716 _____ C:\Users\ezztr\Desktop\Addition.txt
2017-02-21 14:08 - 2017-02-25 23:53 - 02423296 _____ (Farbar) C:\Users\ezztr\Desktop\FRST64.exe
2017-02-20 21:32 - 2017-02-20 21:34 - 04465808 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 831314.crdownload
2017-02-20 16:52 - 2017-02-20 16:52 - 22287636 _____ C:\Users\ezztr\Downloads\[Guru3D.com]-RTSSSetup660.zip
2017-02-19 17:02 - 2017-02-19 17:05 - 65975400 _____ (Itch Corp) C:\Users\ezztr\Downloads\itchSetup.exe
2017-02-19 17:01 - 2017-02-19 17:04 - 00679936 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 74679.crdownload
2017-02-17 16:36 - 2017-02-17 16:36 - 00000000 ____D C:\Users\ezztr\ansel
2017-02-17 16:34 - 2017-02-17 16:34 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-02-17 16:34 - 2017-02-10 05:39 - 00134592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2017-02-17 16:34 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2017-02-17 16:34 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1.dll
2017-02-17 16:34 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo.exe
2017-02-17 16:32 - 2017-02-10 09:33 - 40192056 _____ C:\WINDOWS\system32\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 35272760 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 34979384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 28242488 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 19007016 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 14674896 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11122728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 11019704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 09305984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 08990072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 03168192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 02717752 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01983424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01589696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437866.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 01052096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00991288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00959424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00946456 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00910784 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00721952 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00687224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00576192 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00573448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00499136 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-02-17 16:32 - 2017-02-10 09:33 - 00447984 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-02-17 14:28 - 2017-02-17 14:28 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Terapoly
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dell
2017-02-17 00:05 - 2017-02-17 00:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2017-02-16 16:55 - 2017-02-16 16:55 - 00089264 _____ C:\Users\ezztr\Downloads\PA8144 CDM-MOC-FORM Annex 2 form.pdf
2017-02-16 15:56 - 2017-02-16 16:00 - 144456700 _____ C:\Users\ezztr\Downloads\Nicht bestätigt 392819.crdownload
2017-02-16 10:50 - 2017-02-21 17:27 - 00000000 ____D C:\Program Files (x86)\OpenVPN Technologies
2017-02-16 10:50 - 2017-02-16 10:50 - 30901272 _____ (OpenVPN Technologies) C:\Users\ezztr\Downloads\privatetunnel-win-2.8.exe
2017-02-16 09:20 - 2017-02-16 09:20 - 06975096 _____ (Tim Kosse) C:\Users\ezztr\Downloads\FileZilla_3.24.0_win64-setup.exe
2017-02-14 21:07 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAR.DLL
2017-02-14 20:38 - 2017-02-14 20:57 - 00289864 _____ C:\Users\ezztr\Documents\Valentine - Martina Mcbridge (mp3goo.com).mp3.sfk
2017-02-14 19:30 - 2017-02-14 19:38 - 00255992 _____ C:\Users\ezztr\Documents\My Valentine.mp3.sfk
2017-02-14 19:11 - 2017-02-14 19:12 - 65984342 _____ C:\Users\ezztr\Documents\My-babe.mp4
2017-02-14 13:37 - 2017-02-14 13:37 - 00079360 _____ C:\Users\ezztr\Documents\Manpower Data PT Malaka Nusantara Permai.xls
2017-02-14 01:51 - 2017-02-14 01:51 - 07336673 _____ C:\Users\ezztr\Downloads\Photos (3).zip
2017-02-14 01:49 - 2017-02-14 01:49 - 35406230 _____ C:\Users\ezztr\Downloads\Photos (2).zip
2017-02-14 01:40 - 2017-02-14 13:31 - 13369489 _____ C:\Users\ezztr\Documents\My-babe.pptx
2017-02-14 01:31 - 2017-02-14 01:31 - 12437714 _____ C:\Users\ezztr\Downloads\Photos (1).zip
2017-02-14 01:28 - 2017-02-14 01:28 - 32939944 _____ C:\Users\ezztr\Downloads\Photos.zip
2017-02-14 00:24 - 2017-02-14 00:35 - 11696611 _____ C:\Users\ezztr\Downloads\The Sharp Slideshow.rar
2017-02-12 15:17 - 2017-02-12 15:18 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan Full.lnk
2017-02-12 15:14 - 2017-02-12 15:17 - 00001495 _____ C:\Users\ezztr\Desktop\Power Plan AVG.lnk
2017-02-11 02:58 - 2017-02-11 03:02 - 117631040 _____ C:\Users\ezztr\Downloads\AvorionDemoSetup0.8.5.exe
2017-02-10 22:20 - 2017-02-10 22:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2017-02-08 20:21 - 2017-02-08 20:21 - 00000000 ____D C:\Users\elsia\AppData\Roaming\Apple Computer
2017-02-06 21:23 - 2017-02-06 21:23 - 00000000 ___HD C:\$Windows.~WS
2017-02-06 19:45 - 2017-02-06 22:35 - 00000000 ____D C:\ESD
2017-02-06 19:45 - 2017-02-06 19:45 - 00000000 ____D C:\$WINDOWS.~BT
2017-02-06 19:44 - 2017-02-10 22:48 - 00000000 ____D C:\Livia
2017-02-06 16:22 - 2017-02-22 17:30 - 00000690 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-22 17:30 - 00000594 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001.job
2017-02-06 16:22 - 2017-02-18 19:40 - 00003860 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:22 - 2017-02-18 19:40 - 00003764 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3515307565-1161031247-3300353082-1001
2017-02-06 16:21 - 2017-02-06 16:22 - 00000000 ____D C:\Users\ezztr\AppData\Local\Citrix
2017-02-06 10:26 - 2017-02-06 21:35 - 00000000 ___RD C:\Users\ezztr\Documents\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00001082 _____ C:\Users\Public\Desktop\Bitrix24 Desktop.lnk
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitrix24
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Bitrix
2017-02-06 10:26 - 2017-02-06 10:26 - 00000000 ____D C:\Program Files (x86)\Bitrix24
2017-02-04 11:05 - 2017-02-04 11:05 - 00000000 ____D C:\Users\ezztr\Documents\Benutzerdefinierte Office-Vorlagen
2017-02-04 10:36 - 2017-02-04 10:36 - 00002585 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002581 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002560 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2017-02-04 10:36 - 2017-02-04 10:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016-Tools
2017-02-04 10:30 - 2017-02-04 10:30 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-04 10:28 - 2017-02-04 11:05 - 00081408 _____ C:\Users\ezztr\Documents\Manpower DATA REPORT 20170128(2).xls
2017-02-02 00:15 - 2017-02-02 00:15 - 00161452 _____ C:\Users\ezztr\Documents\Eheerklärung_dt.pdf
2017-01-30 01:20 - 2017-01-30 01:21 - 12681143 _____ C:\Users\ezztr\Downloads\glitch.zip
2017-01-30 00:43 - 2017-01-30 01:08 - 94785724 _____ C:\Users\ezztr\Downloads\TEMPLATE ORGANIC PARTICLES [TAME PRODUCCIONES].rar
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-30 00:02 - 2017-01-30 00:02 - 00000000 ____D C:\ProgramData\Apple Computer
2017-01-30 00:01 - 2017-01-30 00:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2017-01-30 00:01 - 2017-01-30 00:01 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2017-01-28 10:47 - 2017-01-28 10:47 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Crytivo Games Inc_
2017-01-28 10:11 - 2017-01-28 10:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Universim
2017-01-28 10:10 - 2017-01-28 10:10 - 01177576 _____ (Crytivo Games ) C:\Users\ezztr\Downloads\The Universim Launcher Installer.exe
2017-01-27 20:50 - 2017-01-20 23:38 - 01985080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 01591352 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437849.dll
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-01-27 20:50 - 2017-01-20 23:38 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-01-26 07:13 - 2017-01-26 07:13 - 00103936 _____ C:\WINDOWS\SysWOW64\vulkaninfo-1-1-0-39-1.exe
2017-01-26 07:12 - 2017-01-26 07:12 - 00326656 _____ C:\WINDOWS\SysWOW64\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00322560 _____ C:\WINDOWS\system32\vulkan-1-1-0-39-1.dll
2017-01-26 07:09 - 2017-01-26 07:09 - 00118272 _____ C:\WINDOWS\system32\vulkaninfo-1-1-0-39-1.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-02-25 23:54 - 2016-10-24 20:00 - 00000000 ____D C:\FRST
2017-02-25 23:28 - 2016-08-03 12:50 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-02-25 23:07 - 2016-04-10 22:12 - 00000000 ____D C:\Program Files (x86)\Steam
2017-02-25 13:29 - 2016-04-13 03:38 - 00000000 ____D C:\Users\ezztr\AppData\Local\Battle.net
2017-02-25 13:27 - 2016-04-13 03:38 - 00000000 ____D C:\Program Files (x86)\Battle.net
2017-02-25 11:43 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-02-25 11:28 - 2016-05-08 18:28 - 00000000 ____D C:\tmp
2017-02-25 10:38 - 2016-07-16 18:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-02-25 06:45 - 2016-08-24 00:04 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-02-25 03:10 - 2016-11-25 19:26 - 00000000 ____D C:\Users\ezztr\AppData\LocalLow\Mozilla
2017-02-25 02:00 - 2016-06-12 18:45 - 00000000 ____D C:\Users\ezztr\AppData\Local\Adobe
2017-02-25 01:53 - 2016-06-04 15:40 - 00000000 ___RD C:\Rendern-Videos
2017-02-25 01:46 - 2016-06-02 13:49 - 00000000 ____D C:\Rendern
2017-02-24 23:07 - 2016-08-03 12:52 - 00000000 ____D C:\Users\ezztr
2017-02-24 22:55 - 2016-08-04 03:47 - 01940498 _____ C:\WINDOWS\system32\perfh007.dat
2017-02-24 22:55 - 2016-08-04 03:47 - 00524304 _____ C:\WINDOWS\system32\perfc007.dat
2017-02-24 22:55 - 2015-12-27 02:15 - 04401872 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 20:53 - 2016-05-29 23:13 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\transmission
2017-02-24 15:47 - 2016-11-22 15:30 - 00000000 ___RD C:\Users\ezztr\Google Drive
2017-02-24 15:47 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA
2017-02-24 15:47 - 2016-08-03 12:50 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-02-24 15:47 - 2016-04-10 02:34 - 00000000 __SHD C:\Users\ezztr\IntelGraphicsProfiles
2017-02-24 15:46 - 2016-08-03 12:55 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-02-24 15:41 - 2016-07-16 13:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 15:36 - 2015-12-27 02:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2017-02-23 23:37 - 2016-08-03 12:50 - 05016576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-23 14:10 - 2016-04-20 16:28 - 00000000 ____D C:\Users\ezztr\.gimp-2.8
2017-02-23 10:47 - 2016-04-10 16:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-23 10:42 - 2016-04-10 16:09 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-23 08:14 - 2016-07-25 21:01 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\vlc
2017-02-22 22:39 - 2016-10-14 00:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-02-22 22:37 - 2016-10-25 17:14 - 00000000 ____D C:\AdwCleaner
2017-02-22 22:36 - 2016-07-04 09:47 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-02-22 17:28 - 2016-04-16 19:06 - 00000000 ___RD C:\Users\ezztr\Desktop\Tools
2017-02-22 17:25 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-22 17:09 - 2017-01-20 20:09 - 00000000 ____D C:\ProgramData\Oracle
2017-02-22 14:49 - 2016-06-13 20:04 - 00000000 ____D C:\Users\ezztr\AppData\Local\gtk-2.0
2017-02-22 12:36 - 2016-04-10 02:34 - 00000000 ____D C:\Users\ezztr\AppData\Local\Packages
2017-02-20 16:57 - 2016-06-21 22:51 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2017-02-20 16:53 - 2016-06-21 22:51 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2017-02-20 14:25 - 2016-04-13 03:44 - 00000000 ____D C:\Users\ezztr\Desktop\Games
2017-02-19 19:13 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-02-19 16:56 - 2016-04-13 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\CrashDumps
2017-02-17 16:47 - 2016-04-20 16:51 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\obs-studio
2017-02-17 16:35 - 2016-08-03 12:51 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-02-17 16:34 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-16 15:43 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\FileZilla
2017-02-16 14:00 - 2015-12-27 02:14 - 00000000 ____D C:\ProgramData\Package Cache
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2017-02-16 09:21 - 2016-08-22 13:52 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2017-02-14 18:25 - 2016-12-26 23:34 - 00000000 ____D C:\Users\ezztr\Documents\Darkest
2017-02-10 22:18 - 2016-04-23 16:08 - 00000000 __SHD C:\Users\elsia\IntelGraphicsProfiles
2017-02-10 09:33 - 2017-01-09 00:11 - 04078008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 03597128 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-02-10 09:33 - 2017-01-09 00:11 - 00043556 _____ C:\WINDOWS\system32\nvinfo.pb
2017-02-10 06:13 - 2017-01-09 00:13 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-02-10 05:57 - 2017-01-09 00:13 - 07791217 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-02-10 05:57 - 2017-01-09 00:13 - 06403640 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 02477504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 01764408 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00548288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00083512 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-02-10 05:57 - 2017-01-09 00:13 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-02-08 20:28 - 2016-04-23 16:08 - 00000000 ____D C:\Users\elsia\AppData\Local\Packages
2017-02-08 20:22 - 2017-01-10 20:20 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-08 20:22 - 2016-04-23 16:09 - 00002389 _____ C:\Users\elsia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-08 20:22 - 2016-04-23 16:09 - 00000000 ___RD C:\Users\elsia\OneDrive
2017-02-08 20:21 - 2016-02-13 20:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-02-07 21:49 - 2016-04-10 16:06 - 00002266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00002389 _____ C:\Users\ezztr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-07 20:01 - 2016-04-10 02:36 - 00000000 ___RD C:\Users\ezztr\OneDrive
2017-02-07 02:48 - 2016-07-16 18:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-02-07 02:48 - 2016-07-16 18:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-06 23:21 - 2016-10-21 23:33 - 00000000 ____D C:\Volumes
2017-02-06 22:35 - 2016-08-04 03:49 - 00000000 ___DC C:\WINDOWS\Panther
2017-02-06 20:52 - 2015-12-27 02:16 - 00000000 ____D C:\Program Files\Dell
2017-02-06 20:47 - 2016-11-23 09:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-02-06 20:47 - 2016-06-25 19:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-02-06 20:42 - 2016-08-03 12:56 - 00014000 _____ C:\WINDOWS\diagwrn.xml
2017-02-06 20:42 - 2016-08-03 12:56 - 00013947 _____ C:\WINDOWS\diagerr.xml
2017-02-06 12:16 - 2015-12-27 02:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-02-04 10:45 - 2016-07-16 18:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-02-04 10:30 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-03 23:13 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\Desktop\Rendern
2017-02-01 02:50 - 2016-10-04 15:44 - 00000000 ____D C:\Users\ezztr\AppData\Local\ElevatedDiagnostics
2017-01-30 09:12 - 2016-06-21 22:50 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2017-01-30 01:11 - 2016-05-24 10:55 - 00000000 ____D C:\Users\ezztr\AppData\Roaming\Sony
2017-01-30 00:02 - 2017-01-21 17:46 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-28 10:11 - 2016-04-13 03:41 - 00000000 ____D C:\games
2017-01-28 09:48 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-01-27 20:51 - 2016-08-03 12:50 - 00000000 ____D C:\Program Files\NVIDIA Corporation

==================== Files in the root of some directories =======

2016-07-04 10:47 - 2016-08-18 01:47 - 0000153 _____ () C:\Users\ezztr\AppData\Roaming\WB.CFG
2017-02-23 14:07 - 2017-02-23 14:07 - 0040908 _____ () C:\Users\ezztr\AppData\Local\recently-used.xbel
2016-06-08 18:37 - 2016-12-30 12:59 - 0007605 _____ () C:\Users\ezztr\AppData\Local\Resmon.ResmonCfg
2016-08-03 12:50 - 2016-08-03 12:50 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-05-22 23:34 - 2016-05-22 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-12-23 18:00 - 2017-01-09 00:14 - 0045353 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-23 18:00 - 2016-12-30 15:38 - 0010654 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1

Some files in TEMP:
====================
2017-02-24 16:21 - 2017-02-24 16:21 - 0695808 ____N () C:\Users\ezztr\AppData\Local\Temp\sqlite-3.8.11.2-64fb9435-3781-4d02-b7af-5321af360a37-sqlitejdbc.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-02-18 12:55

==================== End of FRST.txt ============================

--- --- ---

Werbebanner im Steamclient

Plagegeister aller Art und deren Bekämpfung: Werbebanner im Steamclient