| |
| |||||||
Alles rund um Windows: AV-Software verhält sich seltsamWindows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 / Windows 11- als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows. |
04.04.2017, 22:50
| #1 |
  |  Problem: AV-Software verhält sich seltsam Hallo, seit Kurzem verhält sich AV-Software auf meinem System seltsam. Der Defender-Service lässt sich nicht starten: Error 577: Die digitale Signatur dieser Datei kann nicht überprüft werden MBAM bricht den Scan nach wenigen Sekunden von selbst ab. Es wäre klasse, wenn einer der Experten mal draufschauen könnte. Danke im Voraus! Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-03-2017
Ran by mongole (administrator) on MONGOMACHINE-8 (04-04-2017 23:34:15)
Running from B:\Downloads
Loaded Profiles: mongole (Available Profiles: mongole)
Platform: Windows 8.1 Enterprise (Update) (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: "C:\Program Files\Pale Moon\palemoon.exe" -osint -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-
recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Sandboxie Holdings, LLC) M:\Program Files\Sandboxie\SbieSvc.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
() M:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Micro-Star Int'l Co., Ltd.) C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe
(HTC Corporation) C:\Program Files\HTC Account\Htc.Identity.Service.exe
(Leap Motion, Inc.) C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe
(MSI) C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe
(Micro-Star INT'L CO., LTD.) C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Micro-Star Int'l Co., Ltd.) C:\Windows\SysWOW64\RAMDiskImage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Thrustmaster®) C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\64bits\tmGAInstall.exe
(Guillemot Corporation) C:\Program Files (x86)\Thrustmaster\TARGET\TmService.exe
(UltraVNC) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(UltraVNC) M:\Program Files\uvnc bvba\UltraVNC\winvnc.exe
(MSI) C:\Windows\SysWOW64\muachost.exe
() M:\Program Files (x86)\QNAP\Qfinder\iSCSIAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Greenshot) M:\Program Files\Greenshot\Greenshot.exe
(RaMMicHaeL) M:\Program Files (x86)\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(alch) M:\Program Files (x86)\ClamWin\bin\ClamTray.exe
(Sandboxie Holdings, LLC) M:\Program Files\Sandboxie\SbieCtrl.exe
(ownCloud) M:\Program Files (x86)\ownCloud\owncloud.exe
() M:\Program Files\Ditto\Ditto.exe
(Flux Software LLC) C:\Users\mongole\AppData\Local\FluxSoftware\Flux\flux.exe
(Andrea Russo - Italy) C:\Program Files (x86)\ClamSentinel\ClamSentinel.exe
() M:\Program Files\qTox\bin\qtox.exe
(RedFox) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(ftpbox.org) M:\Program Files (x86)\FTPbox\FTPbox.exe
(Governikus GmbH & Co. KG) M:\Program Files (x86)\AusweisApp2 1.10.1\AusweisApp2.exe
() M:\Program Files (x86)\QuteCom\QuteCom.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMon.exe
(G Data Software AG) C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe
(The Pidgin developer community) M:\Program Files (x86)\Pidgin\pidgin.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(VirtuaWin) C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe
() C:\Program Files (x86)\VirtuaWin\modules\WinList.exe
() F:\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe
() F:\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe
(GN Audio A/S) C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(IDRIX) M:\Program Files\VeraCrypt\VeraCrypt.exe
(Realtime Soft Ltd) C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel
\SBZ.exe
(Dominik Reichl) C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Realtime Soft Ltd) C:\Program Files\UltraMon\UltraMonUiAcc.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\EMET 5.5\EMET_Agent.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() F:\ViveSetup\PCClient\ViveportService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files\FossaMail\FossaMail.exe
(Moonchild Productions) C:\Program Files\Pale Moon\palemoon.exe
(Mozilla Corporation) C:\Program Files\Pale Moon\plugin-container.exe
(HexChat) M:\Program Files\HexChat\hexchat.exe
(SecureMix LLC) B:\TEMP\mozOpenDownload\GlassWireSetup.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(SecureMix LLC) M:\Program Files (x86)\GlassWire\GWIdlMon.exe
() M:\Program Files (x86)\qBittorrent\qbittorrent.exe
(Malwarebytes) M:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Malwarebytes) M:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) M:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(EJIE Technology) C:\Program Files (x86)\Clover\clover.exe
() M:\Program Files (x86)\ClamWin\bin\clamscan.exe
() M:\Program Files (x86)\ClamWin\bin\clamscan.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be
moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28]
(Intel Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [17406072 2017-01-24] (Logitech Inc.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-11-12] (IvoSoft)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8843784 2016-07-22] (Realtek Semiconductor)
HKLM\...\Run: [Greenshot] => m:\Program Files\Greenshot\Greenshot.exe [527792 2017-01-28] (Greenshot)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2867712 2017-01-09]
(Dominik Reichl)
HKLM-x32\...\Run: [GDataUsbProtection] => C:\Program Files (x86)\G DATA\USB KEYBOARD GUARD\GD2NDKBB.exe [1412216 2014-09-
05] (G Data Software AG)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [28065728 2017-03-21] (Dropbox, Inc.)
HKLM-x32\...\Run: [Live Update] => C:\Program Files (x86)\MSI\Live Update\Live Update.exe [11336656 2016-03-16] (Micro-
Star INT'L CO., LTD.)
HKLM-x32\...\Run: [HTC Store User Content Helper] => F:\ViveSetup\PCClient\HTCVRMarketplaceUserContextHelper.exe [112464
2017-02-24] ()
HKLM-x32\...\Run: [Command Center] => C:\Program Files (x86)\MSI\Command Center\StartCommandCenter.exe [835680 2016-06-14]
(MSI)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-
12-12] (Oracle Corporation)
HKLM-x32\...\Run: [Jabra Direct] => C:\Program Files (x86)\Jabra\Direct\JabraDirect.exe [1244096 2017-02-20] (GN Audio
A/S)
HKLM-x32\...\Run: [Sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound
Blaster Z-Series Control Panel\SBZ.exe [877056 2014-11-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [533616 2017-02-15] (Citrix
Systems, Inc.)
HKLM-x32\...\Run: [Redirector] => C:\Program Files (x86)\Citrix\ICA Client\redirector.exe [324720 2017-02-15] (Citrix
Systems, Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [7 Taskbar Tweaker] => M:\Program Files (x86)\7+ Taskbar
Tweaker\7+ Taskbar Tweaker.exe [401920 2016-09-10] (RaMMicHaeL)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ClamWin] => m:\Program Files (x86)\ClamWin\bin\ClamTray.exe
[86016 2016-03-19] (alch)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SandboxieControl] => m:\Program Files\Sandboxie\SbieCtrl.exe
[798352 2016-09-22] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [ownCloud] => M:\Program Files (x86)\ownCloud\owncloud.exe
[2026510 2016-09-27] (ownCloud)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Ditto] => m:\Program Files\Ditto\Ditto.exe [2151424 2016-03-
18] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [LoxCONTROL] => M:\Program Files (x86)\Loxone\LoxoneConfig
\LoxCONTROL.exe [2164048 2016-07-19] (Loxone Electronics GmbH)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [f.lux] => C:\Users\mongole\AppData\Local\FluxSoftware\Flux
\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Clam Sentinel] => C:\Program Files (x86)\ClamSentinel
\ClamSentinel.exe [737280 2014-07-18] (Andrea Russo - Italy)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files
\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [qTox - CptCpt] => M:\Program Files\qTox\bin\qtox.exe
[18166784 2016-11-11] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [Google Update] => C:\Users\mongole\AppData\Local\Google
\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-17] (Google Inc.)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD
\AnyDVDtray.exe [10540576 2016-10-12] (RedFox)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [FTPbox] => M:\Program Files (x86)\FTPbox\FTPbox.exe [2011136
2015-05-17] (ftpbox.org)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [AusweisApp2] => M:\Program Files (x86)\AusweisApp2
1.10.1\AusweisApp2.exe [883360 2016-12-05] (Governikus GmbH & Co. KG)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [QuteCom] => M:\Program Files (x86)\QuteCom\QuteCom.exe
[3670016 2011-05-09] ()
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Run: [GlassWire] => m:\Program Files (x86)\GlassWire\glasswire.exe
[5791696 2017-03-21] (SecureMix LLC)
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {00fc8422-4518-11e4-8264-0015833d0a57} - "Z:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {07a2f1dc-dbb6-11e4-8291-97d8e33ee520} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0b248c5f-c9bc-11e4-8290-0015833d0a57} - "R:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3130-6b70-11e4-8273-0015833d0a57} - "J:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31a4-6b70-11e4-8273-0015833d0a57} - "J:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c31c9-6b70-11e4-8273-0015833d0a57} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {0d1c3228-6b70-11e4-8273-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {1301e018-8ab3-11e6-8312-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {1301ea70-8ab3-11e6-8312-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {1301ebc6-8ab3-11e6-8312-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {1301ee30-8ab3-11e6-8312-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {1301f315-8ab3-11e6-8312-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {14df6a04-0a84-11e5-82a0-0015833d0a57} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {162e6353-bf1e-11e4-828f-0015833d0a57} - "Q:
\BvsC_Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {18bfff98-a6b1-11e4-8284-e65431e47091} - "R:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2df4f224-5338-11e5-82b8-c975e38b645c} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2ed36d9c-c905-11e6-8334-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2efb7e52-efec-11e6-8344-448a5ba2b684} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {2f6767ba-72b0-11e4-8277-0015833d0a57} - "P:
\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {345b7a48-a75e-11e5-82cf-0015833d0a57} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {345b7df0-a75e-11e5-82cf-0015833d0a57} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {3a2d0955-f9ab-11e6-8344-448a5ba2b684} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {3a2d0a7b-f9ab-11e6-8344-448a5ba2b684} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {3a2d248d-f9ab-11e6-8344-448a5ba2b684} - "V:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab32722-d8e7-11e4-8291-97d8e33ee520} - "H:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab327eb-d8e7-11e4-8291-97d8e33ee520} - "H:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4ab328a3-d8e7-11e4-8291-97d8e33ee520} - "L:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4d440e7f-770b-11e6-8301-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {4fc9a4b0-580a-11e5-82ba-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {585c7346-d348-11e6-8338-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {5b90036a-d0fb-11e5-82d9-81d69dcb7655} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {5b9003d1-d0fb-11e5-82d9-81d69dcb7655} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {5b9003f9-d0fb-11e5-82d9-81d69dcb7655} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {5b90040a-d0fb-11e5-82d9-81d69dcb7655} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {5cfa5e96-a7a4-11e6-8320-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {60881c93-86fc-11e4-827e-9f3555d7a4f3} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {6151636b-f1f5-11e5-82e2-cb2d33d897e9} - "U:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {61516509-f1f5-11e5-82e2-cb2d33d897e9} - "U:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {615165b1-f1f5-11e5-82e2-cb2d33d897e9} - "U:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {625335f1-f741-11e5-82e3-db0fedb6b2a0} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4753-b3df-11e4-828e-a9ce0c2de137} - "P:
\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {642b4891-b3df-11e4-828e-a9ce0c2de137} - "P:
\Autorun.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {6e04aecf-d6f1-11e5-82dd-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {6e04b743-d6f1-11e5-82dd-0015833d0a57} - "W:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {6e04bc5f-d6f1-11e5-82dd-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {714b828f-4260-11e5-82b7-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {72b04bbf-e33b-11e5-82dd-0015833d0a57} - "U:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b7399-7812-11e4-827d-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b75e7-7812-11e4-827d-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {762b9426-7812-11e4-827d-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {80ebadce-71e5-11e6-82fe-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {80ebbc2a-71e5-11e6-82fe-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042a8e-617d-11e4-8273-0015833d0a57} - "J:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83042bc2-617d-11e4-8273-0015833d0a57} - "J:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83043e48-617d-11e4-8273-0015833d0a57} - "J:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {830440a0-617d-11e4-8273-0015833d0a57} - "K:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {83044447-617d-11e4-8273-0015833d0a57} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {894b5c5c-8df5-11e5-82cc-f6cd61fcd195} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {894b5c96-8df5-11e5-82cc-f6cd61fcd195} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {894b5f5e-8df5-11e5-82cc-f6cd61fcd195} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89a532f9-dd49-11e5-82dd-0015833d0a57} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {89f42221-ff1a-11e4-82a0-0015833d0a57} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {8fdd1fdc-c7c2-11e5-82d5-0015833d0a57} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {8fdd21db-c7c2-11e5-82d5-be745d0fb453} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {902474bd-8504-11e6-8312-0015833d0a57} - "W:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {90247546-8504-11e6-8312-0015833d0a57} - "W:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {90a0de78-92f3-11e5-82cd-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9616c3aa-d440-11e5-82dd-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {977d8b70-7a79-11e5-82ca-0015833d0a57} - "N:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {986b72fd-0b84-11e7-8346-6245b4e7c764} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aada012-a252-11e4-8284-e65431e47091} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {9aadaf0b-a252-11e4-8284-e65431e47091} - "R:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a4fef4da-5e67-11e5-82ba-0015833d0a57} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a65b3a6d-f905-11e5-82e4-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {a9a16c7d-0027-11e5-82a0-0015833d0a57} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b22c0533-6397-11e5-82bc-0015833d0a57} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b39f8cc0-1d22-11e5-82a9-0015833d0a57} - "O:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {b6e713a1-e08e-11e6-833f-0015833d0a57} - "V:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {bb38cd0c-78ab-11e5-82c6-0015833d0a57} - "I:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225db12-d660-11e4-8291-97d8e33ee520} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d225e732-d660-11e4-8291-97d8e33ee520} - "H:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d68d6287-095e-11e6-82f0-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {d8fd446b-0383-11e6-82f0-0015833d0a57} - "W:\3dmark-
setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {da67609d-ebf0-11e6-8344-448a5ba2b684} - "V:
\OriginSetup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {daea93b4-bf0c-11e5-82d2-0015833d0a57} - "Y:
\Setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {daea9942-bf0c-11e5-82d2-0015833d0a57} - "Y:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc266ba8-80b9-11e4-827d-0015833d0a57} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc39324c-6092-11e6-82fb-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dc3935af-6092-11e6-82fb-0015833d0a57} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {dfac2b46-37c5-11e5-82b2-0015833d0a57} - "P:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e0617187-c45c-11e4-828f-0015833d0a57} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e06176a3-c45c-11e4-828f-0015833d0a57} - "R:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e12e2ead-c454-11e6-8326-448a5ba2b684} - "W:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e06e4-b393-11e4-828e-a9ce0c2de137} - "H:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e54e0808-b393-11e4-828e-a9ce0c2de137} - "H:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e6a2e0dc-dc15-11e6-833b-0015833d0a57} - "V:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e6a2e958-dc15-11e6-833b-0015833d0a57} - "V:
\start.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\MountPoints2: {e7b61e58-9e1a-11e4-8284-e65431e47091} - "Q:
\setup.exe"
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Command Processor: "C:\Program Files (x86)\clink\0.4.5\clink"
inject --profile "~\clink" <===== ATTENTION
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr
[11776 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1421736 2017-
03-28] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-18\...\RunOnce: [{BF6DA836-4385-488D-8F01-89E886CAD41D}] => "B:\Killer_Network_Drivers_
(driver_only)_1.1.50.1073\Killer\setup.exe"
HKU\S-1-5-18\...\RunOnce: [{60E52861-6CF0-4358-8D81-280A69550355}] => "C:\MSI\LiveUpdate\DL_FILE\Killer_Network_Drivers_
(driver_only)_1.1.57.1125\Killer\setup.exe"
HKU\S-1-5-18\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt64.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OCError] -> {0960F090-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud
\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOK] -> {0960F092-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud
\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCOKShared] -> {0960F093-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud
\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCSync] -> {0960F094-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud
\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [ OCWarning] -> {0960F096-F328-48A3-B746-276B1E3C3722} => m:\Program Files (x86)\ownCloud
\shellext\OCOverlays_x64.dll [2016-08-25] (ownCloud Inc.)
ShellIconOverlayIdentifiers: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files
\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files
\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files
\LinkShellExtension\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell
\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files
(x86)\Dropbox\Client\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [HardLinkMenu] -> {0A479751-02BC-11d3-A855-0004AC2568AA} => C:\Program Files
\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlayHardLink] -> {0A479751-02BC-11d3-A855-0004AC2568DD} => C:\Program Files
\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [IconOverlaySymbolicLink] -> {0A479751-02BC-11d3-A855-0004AC2568EE} => C:\Program Files
\LinkShellExtension\32\HardlinkShellExt.dll [2015-05-17] (Hermann Schinagl)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic
Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2016-02-24] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk [2017-03-20]
ShortcutTarget: UltraMon.lnk -> C:\Windows\Installer\{D4E62D29-31A1-4938-8CB7-7D275C1AEAC6}\IcoUltraMon.ico ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YubiKey PIV Manager PIN-check.lnk [2016-06-15]
ShortcutTarget: YubiKey PIV Manager PIN-check.lnk -> M:\Program Files (x86)\Yubico\YubiKey PIV Manager\pivman.exe ()
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pidgin.lnk [2014-11-26]
ShortcutTarget: Pidgin.lnk -> M:\Program Files (x86)\Pidgin\pidgin.exe (The Pidgin developer community)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\qtox.lnk [2015-10-12]
ShortcutTarget: qtox.lnk -> M:\Programme\qtox.exe (No File)
Startup: C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtuaWin.lnk [2014-09-23]
ShortcutTarget: VirtuaWin.lnk -> C:\Program Files (x86)\VirtuaWin\VirtuaWin.exe (VirtuaWin)
BootExecute: autocheck autochk /m /P \Device\TrueCryptVolumeZautocheck autochk *
GroupPolicy: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-3859236888-2619314948-3413747170-1001] => 192.240.46.123:80
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{0D417657-CC71-4DAD-BBBE-B34B58B15917}: [NameServer] 192.168.100.22,192.168.100.1
Tcpip\..\Interfaces\{0D417657-CC71-4DAD-BBBE-B34B58B15917}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{46E5605C-10C9-4BAC-B3FF-D61F3B6793AA}: [NameServer] 192.168.100.22,192.168.100.1
Tcpip\..\Interfaces\{46E5605C-10C9-4BAC-B3FF-D61F3B6793AA}: [DhcpNameServer] 192.168.100.1
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
hxxp://t.de.msn.com/
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_121\bin
\ssv.dll [2017-03-11] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_121\bin
\jp2ssv.dll [2017-03-11] (Oracle Corporation)
BHO: ExplorerWatcher Class -> {F8A6CAA2-533D-4AED-9E05-8EB19A4021AB} -> C:\Program Files (x86)\Clover\TabHelper64.dll
[2014-01-23] (EJIE Technology)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell
\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell
\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell
\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884}
hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client
\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files
(x86)\Citrix\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix
\ICA Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA
Client\IcaMimeFilter.dll [2017-02-15] (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
[2017-02-15] (Citrix Systems, Inc.)
FireFox:
========
FF DefaultProfile: q1eucqck.default
FF DefaultProfile: kanwirtn.default
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Yoono\Yoono\Profiles\wx8ddlrk.default [2017-03-29]
FF Extension: (MinimizeToTray revived (MinTrayR)) - M:\Program Files (x86)\Yoono Desktop\extensions\mintrayr@tn123.ath.cx
[2016-04-07] [not signed]
FF Extension: (Yoono) - M:\Program Files (x86)\Yoono Desktop\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}.xpi [2013-
12-18] [not signed]
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default [2017-04-04]
FF Homepage: Mozilla\Firefox\Profiles\q1eucqck.default -> hxxps://www.de-mail.t-online.de/
FF Extension: (Mailvelope) - C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default\Extensions\jid1-
AQqSMBYb0a8ADg@jetpack.xpi [2017-03-07]
FF Extension: (Cookie Monster) - C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default\Extensions
\{45d8ff86-d909-11db-9705-005056c00008} [2017-01-06]
FF Extension: (NoScript) - C:\Users\mongole\AppData\Roaming\Mozilla\Firefox\Profiles\q1eucqck.default\Extensions
\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2017-03-08]
FF ProfilePath: C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default [2017-04-04]
FF DefaultSearchEngine: Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default -> Startpage (SSL)
FF SelectedSearchEngine: Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default -> Startpage (SSL)
FF Homepage: Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default -> about:blank
FF Session Restore: Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default -> is enabled.
FF NetworkProxy: Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default -> socks_remote_dns", true
FF Extension: (Disconnect) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\2.0@disconnect.me.xpi [2016-05-07]
FF Extension: (4or6) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\4or6@hunen.net.xpi [2016-04-28]
FF Extension: (Adblock Latitude) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\adblocklatitude@addons.palemoon.org.xpi [2017-02-16] [not signed]
FF Extension: (AutoPager) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\autopager@mozilla.org.xpi [2016-04-28]
FF Extension: (Base64 ⇒ Encoder) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\base64encoder@srazzano.com [2017-04-04] [not signed]
FF Extension: (Brief) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\brief@mozdev.org.xpi [2015-05-30]
FF Extension: (Certificate Patrol) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\CertPatrol@PSYC.EU.xpi [2016-05-07]
FF Extension: (Pale Moon Commander) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\commander@palemoon.org.xpi [2015-11-13] [not signed]
FF Extension: (Convergence Extra) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\convergence@extension.fraggod.net [2016-05-07]
FF Extension: (Copy Plain Text 2) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\copyplaintext@teo.pl.xpi [2016-08-22]
FF Extension: (Cryptocat) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\cryptocat@crypto.cat.xpi [2016-04-28]
FF Extension: (Extended DNSSEC Validator) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\extended-validator@os3sec.org [2016-04-28]
FF Extension: (Firebug) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\firebug@software.joehewitt.com.xpi [2015-05-27]
FF Extension: (Fire IE) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\fireie@fireie.org [2017-04-04]
FF Extension: (FoxyProxy Standard) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\foxyproxy@eric.h.jung [2017-01-30]
FF Extension: (VTzilla) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\info@virustotal.com.xpi [2016-05-07]
FF Extension: (IPFlood) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\ipfuck@p4ul.info.xpi [2016-05-07]
FF Extension: (Google search link fix) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2015-05-30]
FF Extension: (Decentraleyes) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\jid1-BoFifL9Vbdl2zQ@jetpack.xpi [2017-04-03] [not signed]
FF Extension: (I don't care about cookies) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\jid1-KKzOGWgsW3Ao4Q@jetpack.xpi [2017-04-03] [not signed]
FF Extension: (Beef Taco (Targeted Advertising Cookie Opt-Out)) - C:\Users\mongole\AppData\Roaming\Moonchild Productions
\Pale Moon\Profiles\h4fug7zz.default\Extensions\john@velvetcache.org.xpi [2016-05-07]
FF Extension: (Lazarus: Form Recovery) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\lazarus@interclue.com.xpi [2016-05-07]
FF Extension: (Link Alert) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\linkalert.conlan@addons.mozilla.com [2016-11-20]
FF Extension: (Prevent Tab Overflow) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\noverflow@sdrocking.com.xpi [2016-08-27]
FF Extension: (Pentadactyl) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\pentadactyl@addons.palemoon.org.xpi [2017-01-27] [not signed]
FF Extension: (RequestPolicy) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\requestpolicy@requestpolicy.com.xpi [2016-07-10]
FF Extension: (RequestPolicy Continued) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\rpcontinued@amo.requestpolicy.org.xpi [2016-12-04]
FF Extension: (TrashMail.com) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\spam@trashmail.net.xpi [2016-04-16]
FF Extension: (User Agent Overrider) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\useragentoverrider@qixinglu.com.xpi [2015-05-30]
FF Extension: (Flagfox) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2017-03-21]
FF Extension: (OpenDownload²) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\{210249CE-F888-11DD-B868-4CB456D89593} [2016-12-14]
FF Extension: (LIVE HTTP Header) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\{2d916c01-db0e-4de7-85a3-3fb66ca2d96e}.xpi [2014-07-13] [not signed]
FF Extension: (RefControl) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi [2016-05-07]
FF Extension: (Cookie Monster) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2015-04-22] [not signed]
FF Extension: (Encrypted Web) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\{4bf973fe-f2b7-43e1-b2ca-52f9c6f6fddf} [2016-10-16] [not signed]
FF Extension: (Speed Dial) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2015-09-16]
FF Extension: (NoScript) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-12]
FF Extension: (White Moon) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{81c983b9-ebe4-4b2e-b98e-98e62085837f}.xpi [2017-03-05] [not signed]
FF Extension: (ReloadEvery) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2016-06-28]
FF Extension: (OPML Support) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{9458ca25-39fd-4ba8-9520-acc5c0d877b6}.xpi [2016-05-07]
FF Extension: (PMOpera) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{a53af763-1a44-4820-b98e-98e62085837f}.xpi [2016-12-06] [not signed]
FF Extension: (DownloadHelper) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-05-30]
FF Extension: (BetterPrivacy) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles
\h4fug7zz.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-05-30]
FF Extension: (DownThemAll!) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-10]
FF Extension: (Greasemonkey) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2015-06-20]
FF Extension: (UnMHT) - C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default
\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-05-30]
FF SearchPlugin: C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\searchplugins
\firefox-add-ons.xml [2013-11-05]
FF SearchPlugin: C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\searchplugins
\searx.xml [2017-04-03]
FF SearchPlugin: C:\Users\mongole\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\h4fug7zz.default\searchplugins
\startpage-ssl.xml [2015-11-14]
FF ProfilePath: M:\FossaMail\Profiles\kanwirtn.default [2017-04-04]
FF NetworkProxy: M:\FossaMail\Profiles\kanwirtn.default -> socks", "192.168.100.8"
FF NetworkProxy: M:\FossaMail\Profiles\kanwirtn.default -> socks_port", 9050
FF NetworkProxy: M:\FossaMail\Profiles\kanwirtn.default -> socks_remote_dns", true
FF NetworkProxy: M:\FossaMail\Profiles\kanwirtn.default -> type", 0
FF Extension: (TorBirdy) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\castironthunderbirdclub@torproject.org.xpi
[2015-03-13] [not signed]
FF Extension: (German Dictionary) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\de-
DE@dictionaries.addons.mozilla.org [2016-12-03]
FF Extension: (DKIM Verifier) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\dkim_verifier@pl.xpi [2017-02-14] [not
signed]
FF Extension: (FoxyProxy Standard) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\foxyproxy@eric.h.jung [2017-01-30]
FF Extension: (LookOut) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\lookout@aron.rubin.xpi [2012-07-06] [not
signed]
FF Extension: (Paranoia) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\tls-paranoia@gdr.name.xpi [2015-12-03] [not
signed]
FF Extension: (Spamness) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\{41a9ee8a-e9c6-4076-84ac-bc1b612dca68}.xpi
[2016-12-20] [not signed]
FF Extension: (Enigmail) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\{847b3a00-7ab1-11d4-8f02-006008948af5} [2017
-03-27] [not signed]
FF Extension: (Lightning) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
[2017-04-04] [not signed]
FF Extension: (Adblock Edge) - M:\FossaMail\Profiles\kanwirtn.default\Extensions\{fe272bd1-5f76-4ea4-8501-
a05d35d823fc}.xpi [2016-04-28]
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [fdm_ffext@freedownloadmanager.org] - m:
\Program Files (x86)\Free Download Manager\Firefox\Extension
FF Extension: (Free Download Manager extension) - m:\Program Files (x86)\Free Download Manager\Firefox\Extension [2017-02
-23]
FF HKU\S-1-5-21-3859236888-2619314948-3413747170-1001\...\Firefox\Extensions: [owasmime@microsoft.com] - C:\Users\mongole
\AppData\Local\SmimeAX\MozExtension
FF Extension: (Microsoft OWA S/MIME) - C:\Users\mongole\AppData\Local\SmimeAX\MozExtension [2017-03-19] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_127.dll [2017-03-18] ()
FF Plugin: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017
-03-11] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-03-11]
(Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> m:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-18] ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll [2017-02-15] (Citrix Systems,
Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management
Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine
Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=3 -> C:\Users
\mongole\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3859236888-2619314948-3413747170-1001: @tools.google.com/Google Update;version=9 -> C:\Users
\mongole\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
StartMenuInternet: FIREFOX.EXE - M:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [604216 2017-02-01] (REINER SCT)
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology
Ltd) [File not signed]
R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [122880 2017-01-18] (Creative Technology Ltd)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-04-17] (Dropbox, Inc.)
R2 DbxSvc; C:\Windows\system32\DbxSvc.exe [46408 2017-03-11] (Dropbox, Inc.)
R2 DirMngr; m:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2016-08-18] () [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [395024 2016-12-27] (EasyAntiCheat Ltd)
R2 EMET_Service; C:\Program Files (x86)\EMET 5.5\EMET_Service.exe [33960 2016-01-29] (Microsoft Corporation)
S3 Ext2Srv; C:\Program Files\Ext2Fsd\Ext2Srv.exe [72704 2016-03-13] (www.ext2fsd.com) [File not signed]
S3 FileZilla Server; m:\Program Files (x86)\FileZilla Server\FileZilla Server.exe [794584 2015-06-12] (FileZilla Project)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [342456 2016-08-11]
(Futuremark)
R2 GamingApp_Service; C:\Program Files (x86)\MSI\MSI Gaming APP\GamingApp_Service.exe [36008 2015-11-04] (Micro-Star Int'l
Co., Ltd.)
S3 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1099280
2017-03-28] (Garmin Ltd. or its subsidiaries)
R2 GlassWire; m:\Program Files (x86)\GlassWire\GWCtlSrv.exe [4393424 2017-03-21] (SecureMix LLC)
R2 HTC Account Service; C:\Program Files\HTC Account\Htc.Identity.Service.exe [20712 2016-12-15] (HTC Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28]
(Intel Corporation)
S3 iked; m:\Program Files\ShrewSoft\VPN Client\iked.exe [1127736 2013-07-01] ()
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256
2014-05-13] (Intel(R) Corporation)
S3 ipsecd; m:\Program Files\ShrewSoft\VPN Client\ipsecd.exe [810808 2013-07-01] ()
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [177376 2016-08-12] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10]
(Intel Corporation)
R2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [9870848 2015-08-21] (Leap Motion, Inc.)
[File not signed]
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [225400 2017
-01-24] (Logitech Inc.)
R3 MBAMService; m:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
S3 MSIClock_CC; C:\Program Files (x86)\MSI\Command Center\ClockGen\MSIClockService.exe [4163680 2016-06-14] (MSI)
S3 MSICOMM_CC; C:\Program Files (x86)\MSI\Command Center\MSICommService.exe [2200872 2016-02-01] (MSI)
S3 MSICPU_CC; C:\Program Files (x86)\MSI\Command Center\CPU\MSICPUService.exe [4162144 2016-05-19] (MSI)
R2 MSICTL_CC; C:\Program Files (x86)\MSI\Command Center\MSIControlService.exe [2014160 2016-03-04] (MSI)
R2 MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\MSIDDRService.exe [2328160 2016-07-01] (MSI)
S3 MSISMB_CC; C:\Program Files (x86)\MSI\Command Center\SMBus\MSISMBService.exe [2076768 2016-06-02] (MSI)
S3 MSISuperIO_CC; C:\Program Files (x86)\MSI\Command Center\SuperIO\MSISuperIOService.exe [598112 2016-06-02] (MSI)
R2 MSI_ECOSERVICE; C:\Program Files (x86)\MSI\ECO Center\ECO_Service.exe [2266280 2015-03-27] (Micro-Star INT'L CO., LTD.)
R2 MSI_LiveUpdate_Service; C:\Program Files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [1794000 2016-03-17] (Micro-
Star INT'L CO., LTD.)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [100352 2014-09-25] (Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [464440
2017-03-17] (NVIDIA Corporation)
S3 OODefragAgent; M:\Program Files\OO Software\Defrag\oodag.exe [1660200 2014-08-29] (O&O Software GmbH)
S3 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not
signed]
R2 RAMDrivService; C:\Windows\SysWOW64\RAMDiskImage.exe [343448 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R2 SbieSvc; m:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-09-22] (Sandboxie Holdings, LLC)
S3 Synergy; M:\Program Files\Synergy\synergyd.exe [298496 2014-05-23] () [File not signed]
S3 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7500048 2016-09-20] (TeamViewer GmbH)
R2 tmGAInstall; C:\Program Files (x86)\Thrustmaster\Thrustmaster FFB Driver\64bits\tmGAInstall.exe [32256 2016-03-23]
(Thrustmaster®) [File not signed]
R2 TmWinService; C:\Program Files (x86)\Thrustmaster\TARGET\TmService.exe [315944 2016-10-31] (Guillemot Corporation)
R2 uvnc_service; m:\Program Files\uvnc bvba\UltraVNC\WinVNC.exe [2188880 2016-05-22] (UltraVNC)
R2 Viveport; F:\ViveSetup\PCClient\ViveportService.exe [72016 2017-02-24] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinArchiver Service; m:\Program Files\WinArchiver\WAService.exe [257336 2015-08-16] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [154448 2016-07-11] (RedFox)
S3 bcbtums; C:\Windows\system32\DRIVERS\bcbtums.sys [186152 2016-09-14] (Broadcom Corporation.)
R1 BfLwf; C:\Windows\system32\DRIVERS\bwcW8x64.sys [148040 2016-01-22] (Rivet Networks, LLC.)
S3 bthav; C:\Windows\system32\drivers\bthav.sys [40448 2008-07-10] (CSR, plc)
R3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [66136 2016-05-25] (Broadcom Corporation.)
R3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [36112 2015-03-23] (REINER SCT)
R3 cthda; C:\Windows\system32\drivers\cthda.sys [1074984 2017-01-18] (Creative Technology Ltd)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [42792 2017-01-18] (Creative Technology Ltd)
R0 dcrypt; C:\Windows\System32\drivers\dcrypt.sys [210632 2014-07-09] ()
R1 dokan1; C:\Windows\System32\DRIVERS\dokan1.sys [82848 2016-09-24] (Dokan Project)
S3 dvblink_tuner; C:\Windows\system32\drivers\dvblink_tuner.sys [78184 2013-10-24] (DVBLogic)
R2 Ext2Fsd; C:\Windows\system32\Drivers\Ext2Fsd.sys [795136 2016-03-13] (www.ext2fsd.com)
R3 GDKBBlocker; C:\Windows\system32\drivers\GDKBBlocker64.sys [30720 2015-03-04] (G Data Software AG)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 JabraDFU; C:\Windows\System32\Drivers\JabraBcDfuX64.sys [39288 2015-09-24] (GN Netcom A/S)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [157752 2015-09-03] (Qualcomm Atheros, Inc.)
R3 kmloop; C:\Windows\system32\DRIVERS\loop.sys [15360 2013-08-22] (Microsoft Corporation)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\Windows\system32\drivers\LGJoyXlCore.sys [67736 2016-08-30] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [43456 2010-12-28] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251848 2017-04-04] (Malwarebytes)
R3 mt7612US; C:\Windows\system32\DRIVERS\mt7612US.sys [376200 2015-12-08] (MediaTek Inc.)
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [261120 2014-09-25] (Microsoft Corporation)
R1 npcap; C:\Windows\system32\DRIVERS\npcap.sys [61288 2016-10-23] (Insecure.Com LLC.)
R3 NTIOLib_ECO; C:\Program Files (x86)\MSI\ECO Center\NTIOLib_X64.sys [13808 2014-01-06] (MSI)
R3 NTIOLib_MSIDDR_CC; C:\Program Files (x86)\MSI\Command Center\DDR\NTIOLib_X64.sys [13368 2012-11-26] (MSI)
S3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [38088 2014-12-10] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 PORTMON; M:\Programme\SysinternalsSuite\PORTMSYS.SYS [28656 2015-07-11] (Systems Internals) [File not signed]
R2 RAMDriv; C:\Windows\system32\DRIVERS\ramdriv.sys [86936 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R2 RAMDriv; C:\Windows\SysWOW64\DRIVERS\ramdriv.sys [86936 2016-03-10] (Micro-Star Int'l Co., Ltd.)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [131072 2014-09-25] (Microsoft Corporation)
R3 SbieDrv; m:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-09-22] (Sandboxie Holdings, LLC)
R0 secnvme; C:\Windows\System32\drivers\secnvme.sys [126920 2016-10-13] (Samsung Electronics Co., Ltd)
R3 TmBusEn; C:\Windows\System32\drivers\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
R3 TmBusEn; C:\Windows\SysWOW64\drivers\TmBusEn.sys [30208 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\System32\drivers\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmFilter; C:\Windows\SysWOW64\drivers\TmFilter.sys [24576 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\system32\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
S3 TmHid; C:\Windows\SysWOW64\DRIVERS\TmHid.sys [24704 2011-01-26] (Guillemot Corporation)
S3 UDST7000BDA; C:\Windows\system32\DRIVERS\TerraTecUsbBda.sys [917160 2012-08-20] (TerraTec Electronic GmbH.)
S3 UDST7000HID; C:\Windows\System32\drivers\TerraTecUsbHid.sys [26408 2012-08-20] (TerraTec Electronic GmbH.)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [131144 2016-12-20] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [205440 2016-12-20] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [125008 2016-01-19] (Oracle Corporation)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [467368 2016-10-24] (IDRIX)
R0 waemu; C:\Windows\System32\Drivers\waemu.sys [142096 2015-08-16] (Power Software Ltd)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 wod0205; C:\Windows\system32\DRIVERS\wod0205.sys [33160 2011-04-23] (WeOnlyDo Software)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\Windows\System32\drivers\XtuAcpiDriver.sys [54344 2016-11-22] (Intel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
U4 npcap_wifi; no ImagePath
U4 npf_wifi; no ImagePath
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed
separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-04 23:29 - 2017-04-04 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2017-04-04 23:25 - 2017-04-04 23:25 - 00000021 _____ C:\Windows\S.dirmngr
2017-04-04 16:19 - 2017-04-04 16:19 - 00000856 _____ C:\Users\mongole\Downloads\Musik - Verknüpfung.lnk
2017-04-04 00:59 - 2017-04-04 00:59 - 00000000 ____D C:\ProgramData\Emsisoft
2017-04-04 00:55 - 2017-04-04 00:59 - 00000000 ____D C:\ProgramData\HitmanPro
2017-04-04 00:55 - 2017-04-04 00:55 - 00000000 ____D C:\Program Files\HitmanPro
2017-04-03 18:57 - 2017-04-03 19:04 - 00000000 ____D C:\Users\mongole\AppData\Roaming\LibreELEC
2017-04-01 04:59 - 2017-04-01 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2017-03-31 21:01 - 2017-03-31 21:01 - 00000000 ____D C:\Users\mongole\AppData\LocalLow\Unity
2017-03-31 21:01 - 2017-03-31 21:01 - 00000000 ____D C:\Users\mongole\AppData\LocalLow\Enigmatic
2017-03-31 20:47 - 2017-03-31 20:47 - 00000000 ____D C:\Users\mongole\AppData\LocalLow\COLOPL, Inc
2017-03-29 22:07 - 2017-03-29 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sumoman
2017-03-27 22:34 - 2017-03-27 22:34 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.kde
2017-03-26 09:50 - 2017-03-26 12:19 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\NVIDIA Demos
2017-03-26 09:46 - 2017-03-27 23:48 - 00000000 ____D C:\Program Files\Pale Moon
2017-03-24 23:42 - 2017-03-24 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-24 22:53 - 2017-03-24 23:14 - 00000000 ____D C:\Users\mongole\AppData\Roaming\DarknessII
2017-03-24 18:48 - 2017-03-17 02:59 - 40190400 _____ C:\Windows\system32\nvcompiler.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 35272760 _____ C:\Windows\SysWOW64\nvcompiler.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 34952760 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 28223544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 19006832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 14674712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 14434360 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-03-24 18:48 - 2017-03-17 02:59 - 13378096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 11122912 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 11019888 _____ (NVIDIA Corporation) C:\Windows\system32\nvptxJitCompiler.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 09306312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 08990256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvptxJitCompiler.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 03627064 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 03583744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 03187256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 01983424 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6437892.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 01589696 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6437892.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 01053240 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00989120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00959424 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00912440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00895456 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcumd.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00687408 _____ (NVIDIA Corporation) C:\Windows\system32\nvfatbinaryLoader.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00609728 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00576192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvfatbinaryLoader.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00504104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00500792 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00425104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00408272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00170360 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00153368 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2017-03-24 18:48 - 2017-03-17 02:59 - 00131536 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2017-03-20 23:34 - 2017-03-20 23:34 - 00002551 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraMon.lnk
2017-03-20 23:34 - 2017-03-20 23:34 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Realtime Soft
2017-03-20 23:34 - 2017-03-20 23:34 - 00000000 ____D C:\Program Files\UltraMon
2017-03-18 06:19 - 2017-03-18 06:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hitman
2017-03-18 05:42 - 2017-03-18 05:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2017-03-18 05:41 - 2017-03-24 18:48 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-03-18 04:40 - 2017-03-04 10:01 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-18 04:40 - 2017-03-04 09:59 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-18 04:40 - 2017-03-04 09:48 - 25746944 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-18 04:40 - 2017-03-04 09:45 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-18 04:40 - 2017-03-04 09:44 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-18 04:40 - 2017-03-04 09:31 - 06045696 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-18 04:40 - 2017-03-04 09:05 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-18 04:40 - 2017-03-04 08:54 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-18 04:40 - 2017-03-04 08:26 - 15259648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-18 04:40 - 2017-03-04 08:25 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-18 04:40 - 2017-03-04 08:12 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-18 04:40 - 2017-03-04 08:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-18 04:40 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-03-18 04:40 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-03-18 04:40 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-03-18 04:40 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-03-18 04:40 - 2017-03-02 19:25 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-03-18 04:40 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-03-18 04:40 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-03-18 04:40 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-03-18 04:40 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-03-18 04:40 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-03-18 04:40 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-03-18 04:40 - 2017-02-11 21:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-18 04:40 - 2017-02-11 07:12 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-18 04:40 - 2017-02-11 07:12 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-03-18 04:40 - 2017-02-11 07:00 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-18 04:40 - 2017-02-11 06:58 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-18 04:40 - 2017-02-11 06:56 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-18 04:40 - 2017-02-10 21:09 - 04169728 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-18 04:40 - 2017-02-10 07:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-03-18 04:40 - 2017-02-10 07:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-03-18 04:40 - 2017-02-10 07:09 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-03-18 04:40 - 2017-02-10 07:08 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-03-18 04:40 - 2017-02-10 07:01 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-03-18 04:40 - 2017-02-10 07:00 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-03-18 04:40 - 2017-02-10 06:59 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-03-18 04:40 - 2017-02-10 03:31 - 01549144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-03-18 04:40 - 2017-02-10 02:12 - 01375960 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-18 04:40 - 2017-02-09 17:28 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-18 04:40 - 2017-02-09 17:19 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-18 04:40 - 2017-02-09 17:16 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-03-18 04:40 - 2017-02-09 17:16 - 01094656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-03-18 04:40 - 2017-02-09 16:59 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-03-18 04:40 - 2017-02-09 16:58 - 00499200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-03-18 04:40 - 2017-02-09 16:58 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2017-03-18 04:40 - 2017-02-04 22:32 - 07444832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-18 04:40 - 2017-02-04 22:30 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-03-18 04:40 - 2017-02-04 22:30 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-03-18 04:40 - 2017-02-04 22:30 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-03-18 04:40 - 2017-02-04 22:30 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-03-18 04:40 - 2017-02-04 21:32 - 00251392 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-
system-events.dll
2017-03-18 04:40 - 2017-02-04 21:30 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-03-18 04:40 - 2017-02-04 20:14 - 01001472 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-18 04:40 - 2017-02-04 19:50 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-18 04:40 - 2017-02-04 19:40 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-03-18 04:40 - 2017-02-04 19:32 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-18 04:40 - 2017-02-04 19:17 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icm32.dll
2017-03-18 04:40 - 2017-02-04 19:10 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-03-18 04:40 - 2017-02-04 19:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll
2017-03-18 04:40 - 2017-01-21 23:37 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-03-18 04:40 - 2017-01-21 21:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-18 04:40 - 2017-01-21 21:27 - 00095232 _____ (Microsoft Corporation) C:\Windows\system32\auditpolmsg.dll
2017-03-18 04:40 - 2017-01-21 21:27 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-18 04:40 - 2017-01-21 21:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-18 04:40 - 2017-01-21 21:20 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-18 04:40 - 2017-01-21 20:40 - 00756736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-03-18 04:40 - 2017-01-21 20:40 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpolmsg.dll
2017-03-18 04:40 - 2017-01-21 20:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-03-18 04:40 - 2017-01-21 20:37 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-03-18 04:40 - 2017-01-21 19:58 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-03-18 04:40 - 2017-01-21 19:48 - 01437696 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-18 04:40 - 2017-01-14 19:49 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2017-03-18 04:40 - 2017-01-11 21:37 - 02345984 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-18 04:40 - 2017-01-10 21:08 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2017-03-18 04:40 - 2017-01-05 20:20 - 01697792 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-18 04:40 - 2017-01-05 20:09 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-03-18 04:40 - 2017-01-05 19:36 - 01501184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2017-03-18 04:40 - 2017-01-05 19:29 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-03-18 04:40 - 2017-01-05 19:13 - 07796224 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-03-18 04:40 - 2017-01-05 18:57 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-03-18 04:40 - 2016-11-09 21:22 - 00681472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-13 22:11 - 2017-03-13 22:11 - 00000218 _____ C:\Users\mongole\.recently-used.xbel
2017-03-11 01:17 - 2017-03-11 01:17 - 00046408 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-03-11 01:17 - 2017-03-11 01:17 - 00045672 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-04-04 23:34 - 2014-09-22 21:43 - 00000000 ____D C:\Users\mongole\AppData\Roaming\.purple
2017-04-04 23:32 - 2014-09-22 15:08 - 00763218 _____ C:\Windows\system32\perfh007.dat
2017-04-04 23:32 - 2014-09-22 15:08 - 00159364 _____ C:\Windows\system32\perfc007.dat
2017-04-04 23:32 - 2014-03-18 12:01 - 01780340 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-04 23:32 - 2013-08-22 15:36 - 00000000 ____D C:\Windows\Inf
2017-04-04 23:31 - 2014-10-12 20:02 - 00000000 ____D C:\Users\mongole\AppData\Roaming\qBittorrent
2017-04-04 23:30 - 2017-01-29 21:33 - 00251848 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-04 23:30 - 2014-09-23 01:24 - 00000000 ____D C:\Users\mongole\AppData\Roaming\HexChat
2017-04-04 23:28 - 2014-10-26 01:01 - 00000000 ____D C:\Users\mongole\AppData\Roaming\Ditto
2017-04-04 23:28 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\Registration
2017-04-04 23:27 - 2015-10-12 20:50 - 00000000 ____D C:\Users\mongole\AppData\Roaming\tox
2017-04-04 23:26 - 2015-07-25 19:36 - 00001242 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2017-04-04 23:26 - 2014-09-22 15:20 - 00000000 ____D C:\Users\mongole\AppData\Roaming\KeePass
2017-04-04 23:26 - 2014-09-21 21:21 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2017-04-04 23:25 - 2015-12-29 13:47 - 00000000 ____D C:\ProgramData\NVIDIA
2017-04-04 23:25 - 2014-10-02 20:29 - 33555456 _____ C:\Windows\SysWOW64\RAMDiskImage.data
2017-04-04 23:25 - 2014-09-22 23:04 - 00000000 ____D C:\Program Files\Logitech Gaming Software
2017-04-04 23:25 - 2013-08-22 16:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-04 23:24 - 2015-09-29 13:39 - 00056763 _____ C:\Users\mongole\Desktop\Addition.txt
2017-04-04 23:24 - 2015-09-29 13:38 - 00092318 _____ C:\Users\mongole\Desktop\FRST.txt
2017-04-04 23:17 - 2015-09-25 23:38 - 00000000 ____D C:\FRST
2017-04-04 22:41 - 2015-07-25 19:36 - 00001246 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2017-04-04 22:27 - 2014-09-21 21:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-
3859236888-2619314948-3413747170-1001
2017-04-04 22:19 - 2014-09-22 21:36 - 00000918 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FossaMail.lnk
2017-04-04 22:19 - 2014-09-22 21:36 - 00000000 ____D C:\Program Files\FossaMail
2017-04-04 19:13 - 2014-10-02 21:17 - 00001818 _____ C:\Windows\Sandboxie.ini
2017-04-04 16:19 - 2014-10-17 18:44 - 00002460 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\Google Chrome Canary.lnk
2017-04-04 16:19 - 2014-10-17 18:44 - 00002452 _____ C:\Users\mongole\Desktop\Google Chrome Canary.lnk
2017-04-02 02:46 - 2017-01-12 22:32 - 00000000 ____D C:\Users\mongole\.junique
2017-04-01 06:13 - 2015-10-05 20:04 - 00001498 __RSH C:\ProgramData\ntuser.pol
2017-04-01 05:01 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\tracing
2017-04-01 04:59 - 2014-09-22 23:59 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask
2017-04-01 04:59 - 2014-09-22 23:59 - 00001906 _____ C:\Users\Public\Desktop\Garmin Express.lnk
2017-04-01 04:59 - 2014-09-22 23:59 - 00000000 ____D C:\Program Files (x86)\Garmin
2017-04-01 04:59 - 2014-09-21 21:27 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-31 14:50 - 2014-09-22 15:18 - 00078949 _____ C:\Users\mongole\Desktop\main.kdbx
2017-03-30 18:57 - 2014-09-22 22:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\gnupg
2017-03-30 00:32 - 2014-09-22 23:04 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2017-03-30 00:32 - 2014-09-22 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2017-03-29 21:55 - 2015-06-22 22:15 - 00000992 _____ C:\Users\mongole\AppData\Roaming\Microsoft\Windows\Start Menu
\Programs\MediaInfo.lnk
2017-03-29 21:37 - 2014-10-05 20:45 - 00000000 ____D C:\Users\mongole\AppData\Roaming\vlc
2017-03-28 00:08 - 2014-12-16 21:57 - 00001779 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix
Receiver.lnk
2017-03-28 00:08 - 2014-12-16 21:57 - 00000000 ____D C:\ProgramData\Citrix
2017-03-27 22:23 - 2014-09-22 22:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win
2017-03-24 23:42 - 2015-07-25 19:36 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-24 18:49 - 2016-03-10 22:22 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-19 04:29 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\rescache
2017-03-18 06:15 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-18 06:14 - 2013-08-22 17:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-03-18 05:41 - 2014-09-25 15:28 - 00000000 ____D C:\Users\Public\Creative
2017-03-18 05:41 - 2014-09-25 15:23 - 00000105 ___RH C:\Windows\ctfile.rfc
2017-03-18 05:41 - 2014-09-25 15:23 - 00000000 ____D C:\Program Files (x86)\Creative
2017-03-18 04:44 - 2014-09-24 01:32 - 00000000 ____D C:\Temp
2017-03-18 04:43 - 2013-08-22 16:44 - 00438824 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-18 04:42 - 2013-08-22 15:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-18 04:41 - 2013-08-22 17:20 - 00000000 ____D C:\Windows\CbsTemp
2017-03-18 04:38 - 2016-10-23 18:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-03-18 04:38 - 2014-09-21 21:21 - 00000000 ____D C:\Users\mongole
2017-03-17 02:59 - 2016-10-22 15:14 - 00492560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2017-03-17 02:59 - 2016-09-26 18:23 - 04064088 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-03-17 02:59 - 2016-08-17 11:25 - 17282648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-03-17 02:59 - 2016-05-07 13:51 - 16400616 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-03-17 02:59 - 2015-12-29 13:47 - 19883600 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-03-17 02:59 - 2015-12-29 13:47 - 00042686 _____ C:\Windows\system32\nvinfo.pb
2017-03-17 01:31 - 2016-10-22 15:15 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-17 01:16 - 2015-12-29 13:47 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-17 01:16 - 2015-12-29 13:47 - 02477504 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-17 01:16 - 2015-12-29 13:47 - 01762752 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-17 01:16 - 2015-12-29 13:47 - 00549944 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-17 01:16 - 2015-12-29 13:47 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-17 01:16 - 2015-12-29 13:47 - 00081856 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-17 01:16 - 2015-12-29 13:47 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-16 11:39 - 2015-12-29 13:47 - 07813427 _____ C:\Windows\system32\nvcoproc.bin
2017-03-12 00:01 - 2014-10-31 13:51 - 00000000 ____D C:\Users\mongole\AppData\Roaming\I2P
2017-03-11 15:23 - 2016-11-01 20:38 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-03-11 15:23 - 2016-11-01 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-03-11 15:23 - 2014-10-02 16:27 - 00000000 ____D C:\Program Files\Java
2017-03-10 17:20 - 2016-01-02 16:08 - 00000718 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk
2017-03-10 06:34 - 2016-12-14 22:42 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-03-10 06:34 - 2016-12-14 22:42 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows
\SysWOW64\FlashPlayerCPLApp.cpl
2017-03-09 23:17 - 2016-12-04 03:56 - 00000000 ____D C:\Users\mongole\AppData\LocalLow\Mozilla
2017-03-05 02:25 - 2014-09-25 15:33 - 00000000 ____D C:\Users\mongole\AppData\Roaming\foobar2000
==================== Files in the root of some directories =======
2016-05-26 00:35 - 2016-06-27 22:28 - 0009216 _____ () C:\Program Files (x86)\com.htc.vive.setup.bilogclient
2017-02-09 23:09 - 2017-03-04 13:40 - 0001446 _____ () C:\Users\mongole\AppData\Roaming\.gr_fftw_wisdom
2016-04-07 23:22 - 2016-04-07 23:27 - 0002686 _____ () C:\Users\mongole\AppData\Roaming\Clock+.log
2016-04-21 19:12 - 2016-04-21 19:12 - 0000169 ____H () C:\Users\mongole\AppData\Roaming\eSReg.ini
2016-04-07 23:22 - 2016-04-07 23:27 - 0001726 _____ () C:\Users\mongole\AppData\Roaming\TMinus.log
2014-11-16 20:05 - 2017-01-29 20:07 - 0000600 _____ () C:\Users\mongole\AppData\Roaming\winscp.rnd
2014-09-24 04:01 - 2016-08-23 20:04 - 0008704 _____ () C:\Users\mongole\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-
E0D61DEA3FDF.ini
2015-03-01 01:39 - 2015-03-01 01:39 - 0000000 ___SH () C:\Users\mongole\AppData\Local\LumaEmu
2016-03-31 23:39 - 2016-03-31 23:57 - 18290710 _____ () C:\Users\mongole\AppData\Local\OcrMap.bin
2014-11-24 20:59 - 2017-03-05 19:11 - 0000600 _____ () C:\Users\mongole\AppData\Local\PUTTY.RND
2017-02-09 22:27 - 2017-02-09 22:27 - 0000698 _____ () C:\Users\mongole\AppData\Local\recently-used.xbel
2014-09-26 12:29 - 2016-09-10 03:42 - 0007653 _____ () C:\Users\mongole\AppData\Local\resmon.resmoncfg
2014-10-13 07:21 - 2014-10-13 07:21 - 0004222 _____ () C:\Users\mongole\AppData\Local\Shrew Soft VPN.7z
2016-10-24 00:50 - 2016-10-24 00:50 - 0000000 _____ () C:\Users\mongole\AppData\Local\zenmap.exe.log
2015-09-27 12:00 - 2016-02-16 02:03 - 0000040 ___SH () C:\ProgramData\.zreglib
2016-01-23 19:49 - 2017-01-21 00:48 - 0000219 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-09-25 02:24 - 2016-09-25 02:24 - 0000040 _____ () C:\ProgramData\ra3.ini
==================== Bamital & volsnap ======================
a
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-27 18:37
==================== End of FRST.txt ============================
|
| Themen zu AV-Software verhält sich seltsam |
| .dll, administrator, alert, askbar, browser, certificate, desktop, explorer, fireie, free download, google, homepage, launch, moonchild, mozilla, musik, nvidia, programme, realtek, scan, sekunden, services.exe, spam, starten, svchost.exe, system, temp, usb, virus, windows, winlogon.exe |
Baum-Darstellung