Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 22.05.2017, 22:44   #1
rilkar
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Frage

Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?



Hallo zusammen,

ich habe folgendes Problem.
Nach 1-2h stürzt bei meinem PC jeweils Chrome ab und es lassen sich auch keine weiteren Browser mehr öffnen. Dabei kann ich auch jeweils 8.8.8.8 nicht mehr anpingen, Netzwerk-Interne Server gehen. Andere Geräte (z.B. am W-LAN) haben keine Probleme ins Netz zu kommen, es ist also nur dieser eine PC.

Da bei Firefox plötzlich das neue Tab auf "ww-searchings" gelinkt war habe ich Malwarebytes und Avira ausgeführt, diese haben einige unbedeutende Malwares gefunden, das Problem wurde jedoch noch nicht gelöst.

Weiterhin nach ein paar Stunden "stürzt meine Internetleitung ab" und ich muss den PC neustarten.

Anbei ein Hijackthis-Protokoll.

Hat jemand eine Ahnung, wie ich das Problem möglichst schnell löse?

Vielen Dank & Grüsse,
rilkar

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:04:00, on 21.05.2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0953)

FIREFOX: 53.0.3 (x86 de)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System\3DG4me.exe
D:\Programs\CrashPlan\CrashPlanTray.exe
C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe
C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe
C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Programs\AudioSwitcher\switcher.exe
C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
C:\Program Files (x86)\PDF24\pdf24.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
D:\Programs\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
H:\jDownloader\HijackThis.exe
D:\Programs\Steam\Steam.exe
D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
C:\WINDOWS\SysWOW64\NOTEPAD.EXE
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4 - HKLM\..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [PDFPrint] "C:\Program Files (x86)\PDF24\pdf24.exe"
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [SDTray] "d:\Programs\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programs\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "D:\Programs\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Amazon Music] "C:\Users\Michael\AppData\Local\Amazon Music\Amazon Music Helper.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
O4 - HKCU\..\Run: [iCloudPhotos] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Startup: AudioSwitcher.lnk = D:\Programs\AudioSwitcher\switcher.exe
O4 - Startup: Dropbox.lnk = Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: GIGABYTE XTREME GAMING ENGINE.lnk = C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: startup-monitor-timeout.lnk = Michael\Documents\startup-monitor-timeout.bat
O4 - Startup: Synology Cloud Station Drive.lnk = C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe
O4 - Global Startup: FileBox eXtender.lnk = D:\Programs\FileBX\FileBX.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{4a3501c2-f5bb-46aa-a34a-2b67b7ae66fd}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Active File Monitor V14 (AdobeActiveFileMonitor14.0) - Adobe Systems Incorporated - D:\Programs\Adobe PSE 14\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avira Email-Schutz (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit-Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Browser-Schutz (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cloud Station Drive VSS Service x64 - Unknown owner - C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CrashPlan Backup Service (CrashPlanService) - Code 42 Software - D:\Programs\CrashPlan\CrashPlanService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool11 (NitroDriverReadSpool11) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe
O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\WINDOWS\SysWOW64\NLSSRV32.EXE
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - d:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - d:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - d:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: tbupddwu - Unknown owner - C:\Program Files\UPDD\tbupddwu.exe
O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service: ZoneAlarm ICM Service - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe

--
End of file - 18976 bytes
         
--- --- ---
[/CODE]

Alt 22.05.2017, 22:45   #2
rilkar
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Standard

zusätzliches Log



Und das FRST-Protokoll:

Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
Ran by Michael (administrator) on PHANTOM (22-05-2017 22:36:12)
Running from H:\jDownloader
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 10 Pro Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> Secure System
() C:\Program Files\UPDD\TBUPDDWU.EXE
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Nitro Software, Inc.) C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\vmcompute.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AppWork GmbH) C:\Users\Michael\AppData\Local\JDownloader v2.0\JDownloader2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\System\3DG4me.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
() C:\Program Files\UPDD\TBDAEMON.EXE
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
() C:\Program Files\UPDD\AIDAEMON.EXE
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Apple, Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() D:\Programs\AudioSwitcher\switcher.exe
() C:\Program Files\UPDD\TBUPDDWU.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(GIGABYTE Technology Co.,Ltd.) C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synology Inc.) C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-ui.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Synology Inc.) C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-connect.exe
(Safer-Networking Ltd.) D:\Programs\Spybot - Search & Destroy 2\SDTray.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Synology Inc.) C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\cloud-drive-daemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Programs\Steam\Steam.exe
(Valve Corporation) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Adobe Systems Incorporated) D:\Programs\Adobe PSE 14\Elements 14 Organizer\PhotoshopElementsFileAgent.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(hxxp://tortoisesvn.net) D:\Programs\TortoiseSVN\bin\TSVNCache.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [3DG4me] => C:\Windows\System\3DG4me.exe [151552 2013-05-28] ()
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [CrashPlanTray] => D:\Programs\CrashPlan\CrashPlanTray.exe
HKLM\...\Run: [DisplayLinkUI] => C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe [2152104 2016-12-05] (DisplayLink Corp.)
HKLM\...\Run: [tbdaemon] => C:\Program Files\UPDD\tbdaemon.exe [676352 2012-10-10] ()
HKLM\...\Run: [aidaemon] => C:\Program Files\UPDD\aidaemon.exe [524288 2012-10-10] ()
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [303928 2017-03-22] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation)
HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [909824 2011-05-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [912768 2017-04-28] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2383040 2016-10-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [61944 2017-04-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [210432 2016-07-05] (Geek Software GmbH)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [145208 2017-04-14] (Check Point Software Technologies Ltd.)
HKLM-x32\...\Run: [SDTray] => d:\Programs\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM Group Policy restriction on software: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy <====== ATTENTION
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [DAEMON Tools Lite] => D:\Programs\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [Steam] => D:\Programs\Steam\steam.exe [3019552 2017-04-26] (Valve Corporation)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [Dropbox Update] => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2017-03-16] (Apple Inc.)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23819304 2017-03-21] (Google)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {4f3a791b-2841-11e7-9dc9-bc5ff44470d5} - "J:\OnePlus_setup.exe" /s
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {ab5ea47b-e615-11e6-9d62-bc5ff44470d5} - "J:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {ab5eb073-e615-11e6-9d62-bc5ff44470d5} - "P:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {b007f661-97a2-11e6-9cef-bc5ff44470d5} - "J:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\MountPoints2: {fb39d74c-0cab-11e6-9c38-bc5ff44470d5} - "J:\Lenovo_Suite.exe" 
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [37376 2016-07-16] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [   01UnsuppModule] -> {AEB16659-2125-4ADA-A4AB-45EE21E86469} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   02SyncingModule] -> {48AB5ADA-36B1-4137-99C9-2BD97F8788AB} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   03SyncedModule] -> {472CE1AD-5D53-4BCF-A1FB-3982A5F55138} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   04ReadOnlyModule] -> {A433C3E0-8B24-40EB-93C3-4B10D9959F58} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [   05NoPermModule] -> {C701AD67-3DF0-47C9-89CB-DFA6207BE229} => C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll [2017-03-08] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2017-03-21] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-10-25] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll [2017-05-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -> {C5994560-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -> {C5994561-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -> {C5994562-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -> {C5994563-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -> {C5994564-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -> {C5994565-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -> {C5994566-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -> {C5994567-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -> {C5994568-53D9-4125-87C9-F193FC689CB2} => C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll [2011-06-13] (hxxp://tortoisesvn.net)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk [2015-01-10]
ShortcutTarget: FileBox eXtender.lnk -> D:\Programs\FileBX\FileBX.exe (Hyperionics Technology LLC)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AudioSwitcher.lnk [2015-01-06]
ShortcutTarget: AudioSwitcher.lnk -> D:\Programs\AudioSwitcher\switcher.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-05-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE XTREME GAMING ENGINE.lnk [2017-05-22]
ShortcutTarget: GIGABYTE XTREME GAMING ENGINE.lnk -> C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\autorun.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk [2016-11-21]
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Synology Cloud Station Drive.lnk [2017-05-22]
ShortcutTarget: Synology Cloud Station Drive.lnk -> C:\Program Files (x86)\Synology\CloudStation\bin\launcher.exe (Synology Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{4a3501c2-f5bb-46aa-a34a-2b67b7ae66fd}: [NameServer] 8.8.8.8

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1783363258-1944623717-140360357-1000 -> {5CE28901-92B7-477d-1203-852F0B34D8B9} URL = hxxp://ww-searchings.com/s?src=zl&r=6A8F87E4669DB6AAD784DE1507FD9EEC&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-05-15] (Microsoft Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-05-15] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2017-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll [2017-02-05] (Oracle Corporation)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2014-05-19] (Logitech, Inc.)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-15] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll [2017-02-05] (Oracle Corporation)
IE Session Restore: HKU\S-1-5-21-1783363258-1944623717-140360357-1000 -> is enabled.
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-15] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\lf0ws6wi.default-1489255188019 [2017-05-22]
FF Homepage: Mozilla\Firefox\Profiles\lf0ws6wi.default-1489255188019 -> about:home
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: (Logitech SetPoint) - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2015-01-06] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll [2015-01-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-10-25] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll [2015-01-10] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\dtplugin\npDeployJava1.dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.121.2 -> C:\Program Files (x86)\Java\jre1.8.0_121\bin\plugin2\npjp2.dll [2017-02-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50906.0\npctrl.dll [2017-03-09] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-06] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 11\npnitromozilla.dll [2016-09-14] (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-04-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-10-25] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome: 
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.sweet-page.com/?type=hp&ts=1420567273&from=cor&uid=WDCXWD10EADS-00L5B1_WD-WCAU4D17672176721
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default [2017-05-22]
CHR Extension: (Google Drive) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-08]
CHR Extension: (Kostenloser Proxy zum Entsperren von Websites 
 Touch VPN) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\bihmplhobchoageeokmgbdihknkjbknd [2017-05-16]
CHR Extension: (Tab List) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\dafbjaojfddcknamegleglagibnmhmcm [2015-01-06]
CHR Extension: (Calculator) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhgccgjmilgadndgigplchopkfhfcphj [2015-02-03]
CHR Extension: (iCloud-Lesezeichen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah [2015-08-07]
CHR Extension: (Close Tabs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gadafnnkijfmbbmeielphlapddbmgbgo [2015-01-06]
CHR Extension: (Google Docs Offline) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-08]
CHR Extension: (AdBlock) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-04-13]
CHR Extension: (Hotspot Shield Free VPN Proxy – Unblock Sites) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajfgnegopeedndeahkdjedjkjcmnpb [2016-09-15]
CHR Extension: (Weather Now) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmiebhdnnejnaijgmkhomnheecmonjli [2015-11-04]
CHR Extension: (Dropbox) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-06-30]
CHR Extension: (OpenIn) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\knmnnnlapfmlljjjbdojfpbeadolmmdo [2015-01-06]
CHR Extension: (Mosaic ALPHA) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfgmghibdnjjohcapaojljhlihdkpppi [2016-01-07]
CHR Extension: (Linkclump) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfpjkncokllnfokkgpkobnkbkmelfefj [2016-12-05]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2017-05-07]
CHR Extension: (Google Maps) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-19]
CHR Extension: (Video Downloader GetThemAll) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbkekaeindpfpcoldfckljplboolgkfm [2017-05-21]
CHR Extension: (Open URLs) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncaoaohlkpbniilomjcodiddmmkehbkl [2015-01-06]
CHR Extension: (Hotspot Shield Free VPN Proxy – Entsperrung) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2017-05-20]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Stylebot) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiaejidbmkiecgbjeifoejpgmdaleoha [2017-01-22]
CHR Extension: (Synology Web Clipper) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcfbfimijgibligmbglggnbiobgjgmbk [2017-04-11]
CHR Extension: (Chrome Media Router) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-16]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1783363258-1944623717-140360357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Michael\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2017-05-07]
CHR HKU\S-1-5-21-1783363258-1944623717-140360357-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor14.0; D:\Programs\Adobe PSE 14\Elements 14 Organizer\PhotoshopElementsFileAgent.exe [226016 2015-08-27] (Adobe Systems Incorporated)
R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [744640 2016-10-25] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2227312 2017-02-27] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [1119712 2017-04-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [488920 2017-04-28] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [488920 2017-04-28] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1520680 2017-04-28] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2017-03-17] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [350120 2017-04-11] (Avira Operations GmbH & Co. KG)
S4 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3801280 2017-05-04] (Microsoft Corporation)
R2 Cloud Station Drive VSS Service x64; C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe [287256 2016-12-28] ()
S3 hns; C:\WINDOWS\System32\HostNetSvc.dll [584192 2017-03-28] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-03-29] (Microsoft Corporation)
R2 LDrvSvc; c:\program files (x86)\ostotosoft\drivertalent\LDrvSvc.dll [181928 2017-01-20] ()
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NitroDriverReadSpool11; C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe [327360 2016-09-14] (Nitro Software, Inc.)
R2 NitroUpdateService; C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe [418496 2016-09-14] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [495224 2017-05-03] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-04-01] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-05-03] (NVIDIA Corporation)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 SDScannerService; d:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; d:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; d:\Programs\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 tbupddwu; C:\Program Files\UPDD\tbupddwu.exe [1059096 2012-10-10] ()
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2016-03-29] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6889232 2015-12-14] (TeamViewer GmbH)
R3 vmcompute; C:\WINDOWS\system32\vmcompute.exe [1934336 2017-04-28] (Microsoft Corporation)
R2 vmms; C:\WINDOWS\system32\vmms.exe [14423040 2017-04-28] (Microsoft Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4107680 2017-04-14] (Check Point Software Technologies Ltd.)
S3 VSStandardCollectorService140; D:\Programs\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [56552 2016-03-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347320 2017-04-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103712 2017-04-28] (Microsoft Corporation)
S4 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-11-01] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [1058616 2017-04-14] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 3dxhid; C:\WINDOWS\System32\drivers\3dxhid.sys [48560 2016-04-08] (3Dconnexion SAM)
R0 asahci64; C:\WINDOWS\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [161824 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [163976 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-21] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-21] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\WINDOWS\System32\drivers\dtsoftbus01.sys [283064 2015-01-06] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-05-09] ()
R3 ISCT; C:\WINDOWS\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
S3 KMJHidMini; C:\WINDOWS\System32\drivers\3dxkmj.sys [18944 2016-04-08] (3Dconnextion Inc.) [File not signed]
S3 KMJShim; C:\WINDOWS\System32\drivers\3dxshim.sys [7168 2016-04-08] (3Dconnextion Inc.) [File not signed]
S3 leusbser; C:\WINDOWS\system32\DRIVERS\leusbser.sys [238080 2015-04-14] (QUALCOMM Incorporated)
S3 lunparser; C:\WINDOWS\System32\drivers\lunparser.sys [22528 2016-08-22] (Microsoft Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [187320 2017-05-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [113592 2017-05-22] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-05-22] (Malwarebytes)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [251832 2017-05-22] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93624 2017-05-22] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R2 NPF; C:\WINDOWS\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_e69a53b8ddde469c\nvlddmkm.sys [14841784 2017-04-03] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30144 2017-04-26] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48248 2017-05-03] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57792 2017-04-26] (NVIDIA Corporation)
S3 passthruparser; C:\WINDOWS\System32\drivers\passthruparser.sys [24576 2016-08-22] (Microsoft Corporation)
S3 pcip; C:\WINDOWS\System32\drivers\pcip.sys [46592 2016-08-22] (Microsoft Corporation)
S3 pvhdparser; C:\WINDOWS\System32\drivers\pvhdparser.sys [50176 2016-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\drivers\PxHlpa64.sys [56336 2013-09-03] (Corel Corporation)
S3 ramparser; C:\WINDOWS\System32\drivers\ramparser.sys [30720 2016-08-22] (Microsoft Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
R3 Synth3dVsp; C:\WINDOWS\System32\drivers\synth3dvsp.sys [103424 2016-08-22] (Microsoft Corporation)
R3 tbupddsu; C:\WINDOWS\system32\DRIVERS\tbupddsu.sys [154264 2012-10-10] ()
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [102664 2014-05-19] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [25992 2014-05-19] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [700296 2014-05-19] ()
R3 upddvh; C:\WINDOWS\System32\drivers\upddvh.sys [29464 2012-10-10] (Windows (R) Win 7 DDK provider)
R3 USBADVAU; C:\WINDOWS\system32\drivers\cm11264.sys [1308160 2009-11-25] (C-Media Electronics Inc)
R1 VfpExt; C:\WINDOWS\System32\drivers\vfpext.sys [988672 2017-03-28] (Microsoft Corporation)
S3 vhdparser; C:\WINDOWS\System32\drivers\vhdparser.sys [26624 2016-08-22] (Microsoft Corporation)
R2 VMSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1617920 2017-04-28] (Microsoft Corporation)
R0 vmsproxy; C:\WINDOWS\System32\drivers\vmsproxy.sys [33632 2016-08-06] (Microsoft Corporation)
S3 VMSVSF; C:\WINDOWS\System32\drivers\vmswitch.sys [1617920 2017-04-28] (Microsoft Corporation)
S3 VMSVSP; C:\WINDOWS\System32\drivers\vmswitch.sys [1617920 2017-04-28] (Microsoft Corporation)
R1 Vsdatant; C:\WINDOWS\System32\drivers\vsdatant.sys [461240 2017-04-13] (Check Point Software Technologies Ltd.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: hns -> C:\Windows\System32\HostNetSvc.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 22:36 - 2017-05-22 22:36 - 00000000 ____D C:\FRST
2017-05-21 14:03 - 2017-05-21 14:03 - 00000044 _____ C:\Users\Michael\Documents\adsspy.txt
2017-05-20 15:59 - 2017-05-20 15:59 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ePaperPress
2017-05-20 15:54 - 2017-05-20 15:56 - 00002615 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PTLens.lnk
2017-05-20 15:54 - 2017-05-20 15:54 - 00000000 ____D C:\Program Files\ePaperPress
2017-05-20 11:16 - 2017-05-20 11:16 - 00000000 ____D C:\Program Files\Common Files\AV
2017-05-20 11:16 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2017-05-20 10:54 - 2017-05-20 11:16 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-05-20 10:51 - 2017-05-20 11:17 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-05-20 10:51 - 2017-05-20 10:51 - 00001018 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-05-20 10:51 - 2017-05-20 10:51 - 00001018 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-05-20 10:51 - 2017-05-20 10:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-05-20 10:51 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2017-05-20 10:50 - 2017-05-20 10:50 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Michael\Downloads\spybot-2.4.exe
2017-05-20 09:01 - 2017-05-21 22:02 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-05-19 21:18 - 2017-05-19 21:18 - 09317408 _____ (Imadio LLC ) C:\Users\Michael\Downloads\SetupHemiVistaWin7.exe
2017-05-19 21:11 - 2017-05-22 22:29 - 00093624 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-19 21:11 - 2017-05-22 22:25 - 00251832 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-19 21:11 - 2017-05-22 22:25 - 00113592 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-19 21:11 - 2017-05-22 22:25 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-19 21:11 - 2017-05-19 21:11 - 00187320 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-19 21:11 - 2017-05-19 21:11 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-19 21:11 - 2017-05-19 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-19 21:11 - 2017-05-19 21:11 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-19 21:11 - 2017-05-19 21:11 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-19 21:11 - 2017-05-09 16:37 - 00077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-05-19 21:08 - 2017-05-19 21:10 - 63035592 _____ (Malwarebytes ) C:\Users\Michael\Downloads\mb3-setup-13595.13595-3.1.2.1733.exe
2017-05-19 20:57 - 2017-05-19 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imadio
2017-05-19 20:55 - 2017-05-19 21:17 - 00000000 ____D C:\Users\Michael\AppData\Roaming\IObit
2017-05-19 20:54 - 2017-05-19 20:55 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\IObit
2017-05-19 20:54 - 2017-05-19 20:55 - 00000000 ____D C:\ProgramData\ProductData
2017-05-19 20:54 - 2017-05-19 20:55 - 00000000 ____D C:\ProgramData\IObit
2017-05-19 20:54 - 2017-05-19 20:54 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-05-19 20:54 - 2017-05-19 20:54 - 00000000 ____D C:\Program Files (x86)\IObit
2017-05-19 20:53 - 2017-05-19 20:54 - 41773432 _____ (IObit ) C:\Users\Michael\Downloads\IObit-Malware-Fighter-Setup_5.0.2.3804.exe
2017-05-19 20:45 - 2017-05-19 20:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2017-05-19 20:44 - 2017-05-03 22:21 - 00175736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-05-19 20:44 - 2017-05-03 22:21 - 00143480 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-05-17 21:41 - 2017-05-17 21:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-05-16 21:17 - 2017-05-16 21:17 - 00000000 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts
2017-05-16 21:16 - 2017-05-16 21:16 - 00441296 _____ C:\WINDOWS\system32\Drivers\vsconfig.xml
2017-05-16 21:16 - 2017-05-16 21:16 - 00000778 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2017-05-16 21:16 - 2017-05-16 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2017-05-16 20:58 - 2017-05-16 20:58 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Google
2017-05-15 21:38 - 2017-05-15 21:38 - 00000211 _____ C:\Users\Michael\Desktop\Redie.url
2017-05-13 14:14 - 2017-05-20 16:25 - 00000000 ____D C:\Users\Michael\Documents\DxO OpticsPro 11 logs
2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DxO Labs
2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\Users\Michael\AppData\Local\IsolatedStorage
2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\Users\Michael\AppData\Local\DxO_Labs
2017-05-13 14:14 - 2017-05-13 14:14 - 00000000 ____D C:\ProgramData\Reprise
2017-05-13 14:05 - 2017-05-13 14:05 - 00000211 _____ C:\Users\Michael\Desktop\Prey.url
2017-05-10 18:01 - 2017-04-28 03:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-05-10 18:01 - 2017-04-28 02:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2017-05-10 18:01 - 2017-04-28 02:58 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-05-10 18:01 - 2017-04-28 02:57 - 00794928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-10 18:01 - 2017-04-28 02:56 - 02048488 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-05-10 18:01 - 2017-04-28 02:55 - 00088416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scmbus.sys
2017-05-10 18:01 - 2017-04-28 02:53 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 18:01 - 2017-04-28 02:53 - 00774224 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 18:01 - 2017-04-28 02:53 - 00616048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2017-05-10 18:01 - 2017-04-28 02:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2017-05-10 18:01 - 2017-04-28 02:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-05-10 18:01 - 2017-04-28 02:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-05-10 18:01 - 2017-04-28 02:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2017-05-10 18:01 - 2017-04-28 02:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-05-10 18:01 - 2017-04-28 02:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2017-05-10 18:01 - 2017-04-28 02:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-05-10 18:01 - 2017-04-28 02:45 - 00781144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-05-10 18:01 - 2017-04-28 02:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2017-05-10 18:01 - 2017-04-28 02:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-05-10 18:01 - 2017-04-28 02:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-05-10 18:01 - 2017-04-28 02:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2017-05-10 18:01 - 2017-04-28 02:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2017-05-10 18:01 - 2017-04-28 02:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2017-05-10 18:01 - 2017-04-28 02:42 - 00601952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2017-05-10 18:01 - 2017-04-28 02:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 07220184 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 01860288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2017-05-10 18:01 - 2017-04-28 02:40 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-05-10 18:01 - 2017-04-28 02:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-05-10 18:01 - 2017-04-28 02:39 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-05-10 18:01 - 2017-04-28 02:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-05-10 18:01 - 2017-04-28 02:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-05-10 18:01 - 2017-04-28 02:39 - 00715104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-05-10 18:01 - 2017-04-28 02:38 - 00847200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-05-10 18:01 - 2017-04-28 02:38 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-05-10 18:01 - 2017-04-28 02:36 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 08170600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 04260576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 01988048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 01702392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 01414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 01302136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 00596040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2017-05-10 18:01 - 2017-04-28 02:35 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2017-05-10 18:01 - 2017-04-28 02:34 - 22220856 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 18:01 - 2017-04-28 02:34 - 01072248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-05-10 18:01 - 2017-04-28 02:29 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-05-10 18:01 - 2017-04-28 02:28 - 00453536 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-05-10 18:01 - 2017-04-28 02:28 - 00387864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-05-10 18:01 - 2017-04-28 02:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-05-10 18:01 - 2017-04-28 02:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2017-05-10 18:01 - 2017-04-28 02:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2017-05-10 18:01 - 2017-04-28 02:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2017-05-10 18:01 - 2017-04-28 02:21 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2017-05-10 18:01 - 2017-04-28 02:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BthTelemetry.dll
2017-05-10 18:01 - 2017-04-28 02:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2017-05-10 18:01 - 2017-04-28 02:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\virtdisk.dll
2017-05-10 18:01 - 2017-04-28 02:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2017-05-10 18:01 - 2017-04-28 02:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2017-05-10 18:01 - 2017-04-28 02:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-05-10 18:01 - 2017-04-28 02:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2017-05-10 18:01 - 2017-04-28 02:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2017-05-10 18:01 - 2017-04-28 02:17 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-05-10 18:01 - 2017-04-28 02:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2017-05-10 18:01 - 2017-04-28 02:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2017-05-10 18:01 - 2017-04-28 02:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-05-10 18:01 - 2017-04-28 02:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-05-10 18:01 - 2017-04-28 02:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2017-05-10 18:01 - 2017-04-28 02:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Lights.dll
2017-05-10 18:01 - 2017-04-28 02:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2017-05-10 18:01 - 2017-04-28 02:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2017-05-10 18:01 - 2017-04-28 02:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-05-10 18:01 - 2017-04-28 02:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2017-05-10 18:01 - 2017-04-28 02:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2017-05-10 18:01 - 2017-04-28 02:15 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2017-05-10 18:01 - 2017-04-28 02:15 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2017-05-10 18:01 - 2017-04-28 02:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2017-05-10 18:01 - 2017-04-28 02:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2017-05-10 18:01 - 2017-04-28 02:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-05-10 18:01 - 2017-04-28 02:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vaultcli.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2017-05-10 18:01 - 2017-04-28 02:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2017-05-10 18:01 - 2017-04-28 02:12 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2017-05-10 18:01 - 2017-04-28 02:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2017-05-10 18:01 - 2017-04-28 02:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2017-05-10 18:01 - 2017-04-28 02:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2017-05-10 18:01 - 2017-04-28 02:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2017-05-10 18:01 - 2017-04-28 02:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2017-05-10 18:01 - 2017-04-28 02:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-05-10 18:01 - 2017-04-28 02:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-05-10 18:01 - 2017-04-28 02:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-05-10 18:01 - 2017-04-28 02:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2017-05-10 18:01 - 2017-04-28 02:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-05-10 18:01 - 2017-04-28 02:09 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2017-05-10 18:01 - 2017-04-28 02:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2017-05-10 18:01 - 2017-04-28 02:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-05-10 18:01 - 2017-04-28 02:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2017-05-10 18:01 - 2017-04-28 02:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2017-05-10 18:01 - 2017-04-28 02:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2017-05-10 18:01 - 2017-04-28 02:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2017-05-10 18:01 - 2017-04-28 02:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2017-05-10 18:01 - 2017-04-28 02:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2017-05-10 18:01 - 2017-04-28 02:07 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpshell.exe
2017-05-10 18:01 - 2017-04-28 02:07 - 00372736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-05-10 18:01 - 2017-04-28 02:07 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpinit.exe
2017-05-10 18:01 - 2017-04-28 02:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-05-10 18:01 - 2017-04-28 02:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-05-10 18:01 - 2017-04-28 02:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2017-05-10 18:01 - 2017-04-28 02:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-05-10 18:01 - 2017-04-28 02:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2017-05-10 18:01 - 2017-04-28 02:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-05-10 18:01 - 2017-04-28 02:05 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-05-10 18:01 - 2017-04-28 02:05 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2017-05-10 18:01 - 2017-04-28 02:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2017-05-10 18:01 - 2017-04-28 02:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2017-05-10 18:01 - 2017-04-28 02:04 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-10 18:01 - 2017-04-28 02:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2017-05-10 18:01 - 2017-04-28 02:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2017-05-10 18:01 - 2017-04-28 02:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2017-05-10 18:01 - 2017-04-28 02:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2017-05-10 18:01 - 2017-04-28 02:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsnt.dll
2017-05-10 18:01 - 2017-04-28 02:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2017-05-10 18:01 - 2017-04-28 02:02 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-05-10 18:01 - 2017-04-28 02:02 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2017-05-10 18:01 - 2017-04-28 02:02 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-05-10 18:01 - 2017-04-28 02:02 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-05-10 18:01 - 2017-04-28 02:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2017-05-10 18:01 - 2017-04-28 02:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2017-05-10 18:01 - 2017-04-28 02:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-05-10 18:01 - 2017-04-28 02:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-05-10 18:01 - 2017-04-28 02:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2017-05-10 18:01 - 2017-04-28 02:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-05-10 18:01 - 2017-04-28 02:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2017-05-10 18:01 - 2017-04-28 02:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2017-05-10 18:01 - 2017-04-28 02:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2017-05-10 18:01 - 2017-04-28 02:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-05-10 18:01 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-05-10 18:01 - 2017-04-28 02:00 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Core.dll
2017-05-10 18:01 - 2017-04-28 01:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2017-05-10 18:01 - 2017-04-28 01:59 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2017-05-10 18:01 - 2017-04-28 01:59 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2017-05-10 18:01 - 2017-04-28 01:59 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-05-10 18:01 - 2017-04-28 01:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2017-05-10 18:01 - 2017-04-28 01:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-05-10 18:01 - 2017-04-28 01:58 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2017-05-10 18:01 - 2017-04-28 01:58 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2017-05-10 18:01 - 2017-04-28 01:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2017-05-10 18:01 - 2017-04-28 01:58 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2017-05-10 18:01 - 2017-04-28 01:58 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 18:01 - 2017-04-28 01:58 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ErrorDetails.dll
2017-05-10 18:01 - 2017-04-28 01:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-05-10 18:01 - 2017-04-28 01:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CameraCaptureUI.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 18:01 - 2017-04-28 01:56 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 18:01 - 2017-04-28 01:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-05-10 18:01 - 2017-04-28 01:55 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpcore.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2017-05-10 18:01 - 2017-04-28 01:54 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 06288384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-05-10 18:01 - 2017-04-28 01:53 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-05-10 18:01 - 2017-04-28 01:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2017-05-10 18:01 - 2017-04-28 01:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-05-10 18:01 - 2017-04-28 01:52 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2017-05-10 18:01 - 2017-04-28 01:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-05-10 18:01 - 2017-04-28 01:51 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 18:01 - 2017-04-28 01:51 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-05-10 18:01 - 2017-04-28 01:51 - 00409600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 18:01 - 2017-04-28 01:50 - 03778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-05-10 18:01 - 2017-04-28 01:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2017-05-10 18:01 - 2017-04-28 01:49 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2017-05-10 18:01 - 2017-04-28 01:48 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2017-05-10 18:01 - 2017-04-28 01:47 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 18:01 - 2017-04-28 01:47 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2017-05-10 18:01 - 2017-04-28 01:47 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-05-10 18:01 - 2017-04-28 01:45 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-05-10 18:01 - 2017-04-28 01:45 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-05-10 18:01 - 2017-04-28 01:44 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-05-10 18:01 - 2017-04-28 01:44 - 01145344 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-05-10 18:01 - 2017-04-28 01:44 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-10 18:01 - 2017-04-28 01:43 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-05-10 18:01 - 2017-04-28 01:43 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2017-05-10 18:01 - 2017-04-28 01:43 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-05-10 18:01 - 2017-04-28 01:42 - 13441536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-05-10 18:01 - 2017-04-28 01:42 - 08076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-05-10 18:01 - 2017-04-28 01:42 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-05-10 18:01 - 2017-04-28 01:42 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2017-05-10 18:01 - 2017-04-28 01:41 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-05-10 18:01 - 2017-04-28 01:41 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-05-10 18:01 - 2017-04-28 01:41 - 00860160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-05-10 18:01 - 2017-04-28 01:41 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-05-10 18:01 - 2017-04-28 01:40 - 02316800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdp4vs.dll
2017-05-10 18:01 - 2017-04-28 01:40 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 18:01 - 2017-04-28 01:39 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2017-05-10 18:01 - 2017-04-28 01:39 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-05-10 18:01 - 2017-04-28 01:38 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-05-10 18:01 - 2017-04-28 01:38 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-05-10 18:01 - 2017-04-28 01:38 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 04407808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvgm.exe
2017-05-10 18:01 - 2017-04-28 01:37 - 04149248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 03134976 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 01984000 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-05-10 18:01 - 2017-04-28 01:37 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-05-10 18:01 - 2017-04-28 01:36 - 01131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-05-10 18:01 - 2017-04-28 01:35 - 03299840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-05-10 18:01 - 2017-04-28 01:34 - 00999424 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 18:01 - 2017-04-28 01:30 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-05-10 18:01 - 2017-03-04 09:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-05-10 18:01 - 2017-03-04 09:09 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-05-10 18:01 - 2017-03-04 08:27 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-05-10 18:01 - 2017-03-04 08:25 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2017-05-10 18:01 - 2017-03-04 08:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2017-05-10 18:01 - 2017-03-04 08:22 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2017-05-10 18:01 - 2017-03-04 08:19 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-05-10 18:01 - 2017-03-04 08:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2017-05-10 18:01 - 2017-03-04 08:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2017-05-10 18:01 - 2017-03-04 08:06 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-05-10 18:01 - 2017-03-04 08:05 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2017-05-10 18:01 - 2017-03-04 08:01 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2017-05-10 18:01 - 2017-03-04 08:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-05-10 18:00 - 2017-04-28 02:57 - 00754528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-05-10 18:00 - 2017-04-28 02:57 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-05-10 18:00 - 2017-04-28 02:57 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-05-10 18:00 - 2017-04-28 02:57 - 00573280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-05-10 18:00 - 2017-04-28 02:56 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-05-10 18:00 - 2017-04-28 02:53 - 07784288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 18:00 - 2017-04-28 02:52 - 02255712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-10 18:00 - 2017-04-28 02:49 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 18:00 - 2017-04-28 02:49 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 18:00 - 2017-04-28 02:49 - 00700936 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 18:00 - 2017-04-28 02:47 - 00699744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2017-05-10 18:00 - 2017-04-28 02:47 - 00501088 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizeng.dll
2017-05-10 18:00 - 2017-04-28 02:46 - 00410464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-05-10 18:00 - 2017-04-28 02:44 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2017-05-10 18:00 - 2017-04-28 02:42 - 00526176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2017-05-10 18:00 - 2017-04-28 02:42 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-05-10 18:00 - 2017-04-28 02:40 - 02759704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 18:00 - 2017-04-28 02:40 - 02187104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 18:00 - 2017-04-28 02:40 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-10 18:00 - 2017-04-28 02:40 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-05-10 18:00 - 2017-04-28 02:40 - 00578400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 18:00 - 2017-04-28 02:40 - 00402784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-10 18:00 - 2017-04-28 02:40 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-05-10 18:00 - 2017-04-28 02:40 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 18:00 - 2017-04-28 02:39 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2017-05-10 18:00 - 2017-04-28 02:38 - 02915704 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 18:00 - 2017-04-28 02:38 - 02446704 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-05-10 18:00 - 2017-04-28 02:38 - 01852200 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 18:00 - 2017-04-28 02:38 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-10 18:00 - 2017-04-28 02:38 - 00431968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-05-10 18:00 - 2017-04-28 02:36 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2017-05-10 18:00 - 2017-04-28 02:34 - 04674360 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-10 18:00 - 2017-04-28 02:34 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-05-10 18:00 - 2017-04-28 02:34 - 01277824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 18:00 - 2017-04-28 02:34 - 00443232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-05-10 18:00 - 2017-04-28 02:34 - 00244824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-05-10 18:00 - 2017-04-28 02:34 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-05-10 18:00 - 2017-04-28 02:30 - 01569184 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 18:00 - 2017-04-28 02:30 - 00322912 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2017-05-10 18:00 - 2017-04-28 02:28 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2017-05-10 18:00 - 2017-04-28 02:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx
2017-05-10 18:00 - 2017-04-28 02:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-05-10 18:00 - 2017-04-28 02:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-05-10 18:00 - 2017-04-28 02:15 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-05-10 18:00 - 2017-04-28 02:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-05-10 18:00 - 2017-04-28 02:14 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-05-10 18:00 - 2017-04-28 02:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-05-10 18:00 - 2017-04-28 02:12 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2017-05-10 18:00 - 2017-04-28 02:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2017-05-10 18:00 - 2017-04-28 02:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-05-10 18:00 - 2017-04-28 02:10 - 07216640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-05-10 18:00 - 2017-04-28 02:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-05-10 18:00 - 2017-04-28 02:08 - 18365440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-05-10 18:00 - 2017-04-28 02:06 - 22569472 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 18:00 - 2017-04-28 02:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-05-10 18:00 - 2017-04-28 02:05 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-05-10 18:00 - 2017-04-28 02:05 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-05-10 18:00 - 2017-04-28 02:03 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 18:00 - 2017-04-28 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 18:00 - 2017-04-28 02:03 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys
2017-05-10 18:00 - 2017-04-28 02:03 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
2017-05-10 18:00 - 2017-04-28 02:03 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 18:00 - 2017-04-28 02:02 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmusrv.dll
2017-05-10 18:00 - 2017-04-28 02:02 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-05-10 18:00 - 2017-04-28 02:01 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-05-10 18:00 - 2017-04-28 02:01 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-05-10 18:00 - 2017-04-28 02:01 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-05-10 18:00 - 2017-04-28 02:01 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_ClosedCaptioning.dll
2017-05-10 18:00 - 2017-04-28 02:01 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2017-05-10 18:00 - 2017-04-28 02:01 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 18:00 - 2017-04-28 02:00 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 12187136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmsif.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-05-10 18:00 - 2017-04-28 01:59 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00276992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.AppDefaults.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-05-10 18:00 - 2017-04-28 01:58 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 18:00 - 2017-04-28 01:57 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 18:00 - 2017-04-28 01:57 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00692224 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2017-05-10 18:00 - 2017-04-28 01:56 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 01617920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmswitch.sys
2017-05-10 18:00 - 2017-04-28 01:55 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-05-10 18:00 - 2017-04-28 01:55 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2017-05-10 18:00 - 2017-04-28 01:55 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-05-10 18:00 - 2017-04-28 01:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-05-10 18:00 - 2017-04-28 01:54 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-05-10 18:00 - 2017-04-28 01:53 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-05-10 18:00 - 2017-04-28 01:53 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-05-10 18:00 - 2017-04-28 01:53 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2017-05-10 18:00 - 2017-04-28 01:53 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-05-10 18:00 - 2017-04-28 01:51 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-05-10 18:00 - 2017-04-28 01:51 - 01913856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-05-10 18:00 - 2017-04-28 01:51 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-05-10 18:00 - 2017-04-28 01:51 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-05-10 18:00 - 2017-04-28 01:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2017-05-10 18:00 - 2017-04-28 01:50 - 01476608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-05-10 18:00 - 2017-04-28 01:50 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2017-05-10 18:00 - 2017-04-28 01:50 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
2017-05-10 18:00 - 2017-04-28 01:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2017-05-10 18:00 - 2017-04-28 01:49 - 17198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-10 18:00 - 2017-04-28 01:49 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-05-10 18:00 - 2017-04-28 01:49 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-05-10 18:00 - 2017-04-28 01:48 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-10 18:00 - 2017-04-28 01:48 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-05-10 18:00 - 2017-04-28 01:48 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-05-10 18:00 - 2017-04-28 01:47 - 14423040 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmms.exe
2017-05-10 18:00 - 2017-04-28 01:47 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-10 18:00 - 2017-04-28 01:47 - 03290112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-05-10 18:00 - 2017-04-28 01:47 - 01790464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2017-05-10 18:00 - 2017-04-28 01:47 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-10 18:00 - 2017-04-28 01:47 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-05-10 18:00 - 2017-04-28 01:47 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2017-05-10 18:00 - 2017-04-28 01:46 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-05-10 18:00 - 2017-04-28 01:46 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2017-05-10 18:00 - 2017-04-28 01:46 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-05-10 18:00 - 2017-04-28 01:46 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2017-05-10 18:00 - 2017-04-28 01:46 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2017-05-10 18:00 - 2017-04-28 01:46 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-05-10 18:00 - 2017-04-28 01:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvps.dll
2017-05-10 18:00 - 2017-04-28 01:45 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 18:00 - 2017-04-28 01:45 - 01934336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmcompute.exe
2017-05-10 18:00 - 2017-04-28 01:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-05-10 18:00 - 2017-04-28 01:45 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2017-05-10 18:00 - 2017-04-28 01:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 18:00 - 2017-04-28 01:45 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2017-05-10 18:00 - 2017-04-28 01:45 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-05-10 18:00 - 2017-04-28 01:45 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 13091328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 04749824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 00937984 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-05-10 18:00 - 2017-04-28 01:44 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-05-10 18:00 - 2017-04-28 01:44 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptui.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-05-10 18:00 - 2017-04-28 01:43 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2017-05-10 18:00 - 2017-04-28 01:43 - 00320512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-05-10 18:00 - 2017-04-28 01:42 - 08125440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 18:00 - 2017-04-28 01:42 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2017-05-10 18:00 - 2017-04-28 01:42 - 01692160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 18:00 - 2017-04-28 01:42 - 01021440 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2017-05-10 18:00 - 2017-04-28 01:42 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 18:00 - 2017-04-28 01:42 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-05-10 18:00 - 2017-04-28 01:41 - 01359872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-10 18:00 - 2017-04-28 01:41 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 18:00 - 2017-04-28 01:41 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2017-05-10 18:00 - 2017-04-28 01:41 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 18:00 - 2017-04-28 01:41 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2017-05-10 18:00 - 2017-04-28 01:41 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 18:00 - 2017-04-28 01:41 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 02914816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 02096640 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 18:00 - 2017-04-28 01:40 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 00913920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2017-05-10 18:00 - 2017-04-28 01:40 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-05-10 18:00 - 2017-04-28 01:39 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-10 18:00 - 2017-04-28 01:38 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-05-10 18:00 - 2017-04-28 01:38 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-10 18:00 - 2017-04-28 01:38 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 04744192 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 02895872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 02316288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 02286592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 02216960 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 01783296 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 03613184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 18:00 - 2017-04-28 01:36 - 02691072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 02478080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 18:00 - 2017-04-28 01:36 - 01328640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 00735744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-05-10 18:00 - 2017-04-28 01:35 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 18:00 - 2017-04-28 01:35 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-05-10 18:00 - 2017-04-28 01:34 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wksprt.exe
2017-05-10 18:00 - 2017-04-28 01:34 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2017-05-10 18:00 - 2017-04-28 01:34 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-05-10 18:00 - 2017-04-28 01:33 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-10 18:00 - 2017-03-04 08:26 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2017-05-10 18:00 - 2017-03-04 08:25 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-05-10 18:00 - 2016-12-21 09:09 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2017-05-07 18:42 - 2017-05-22 22:26 - 00000000 ___RD C:\Users\Michael\Google Drive
2017-05-07 18:42 - 2017-05-07 18:42 - 00001813 _____ C:\Users\Michael\Desktop\Google Drive.lnk
2017-05-07 18:41 - 2017-05-07 18:41 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2017-05-07 18:41 - 2017-05-07 18:41 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2017-05-07 18:41 - 2017-05-07 18:41 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2017-05-07 18:41 - 2017-05-07 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-04-30 10:45 - 2017-04-30 11:05 - 00000000 ____D C:\WINDOWS\Panther
2017-04-25 21:10 - 2017-04-25 21:10 - 00001252 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update- und Datenschutzeinstellungen.lnk
2017-04-25 21:10 - 2017-04-25 21:10 - 00000000 ____D C:\Users\Michael\AppData\Local\UNP
2017-04-25 20:51 - 2017-04-25 20:52 - 00000000 ____D C:\Program Files\UNP
2017-04-25 20:51 - 2017-04-25 20:51 - 00000000 ____D C:\WINDOWS\system32\UNP
2017-04-23 14:59 - 2017-04-23 14:59 - 00000000 ____D C:\Users\Michael\Documents\Faasoft Video Converter
2017-04-23 14:56 - 2017-04-23 14:56 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Faasoft Video Converter
2017-04-22 11:32 - 2017-04-22 11:32 - 00000000 ____D C:\Users\Michael\AppData\Local\UnrealEngine
2017-04-22 11:32 - 2017-04-22 11:32 - 00000000 ____D C:\Users\Michael\AppData\Local\SwordWithSauce1_5
2017-04-22 10:14 - 2017-04-22 10:14 - 00000211 _____ C:\Users\Michael\Desktop\Sword With Sauce Alpha.url
         
__________________


Alt 22.05.2017, 22:46   #3
rilkar
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Standard

Neues Log



und der 2. Teil vom FRST.txt

Code:
ATTFilter
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-05-22 22:35 - 2015-01-14 18:11 - 00000000 ____D C:\Users\Michael\AppData\Local\TSVNCache
2017-05-22 22:31 - 2016-08-22 22:08 - 04995490 _____ C:\WINDOWS\system32\perfh007.dat
2017-05-22 22:31 - 2016-08-22 22:08 - 01495244 _____ C:\WINDOWS\system32\perfc007.dat
2017-05-22 22:31 - 2016-08-22 12:13 - 10556036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-22 22:27 - 2016-09-14 17:31 - 00003456 _____ C:\WINDOWS\System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE
2017-05-22 22:27 - 2016-08-22 12:12 - 00000000 ____D C:\ProgramData\NVIDIA
2017-05-22 22:26 - 2017-02-22 21:26 - 00000000 ___RD C:\Users\Michael\iCloudDrive
2017-05-22 22:26 - 2016-11-20 14:14 - 00000000 ____D C:\Users\Michael\AppData\LocalLow\Mozilla
2017-05-22 22:26 - 2016-09-14 17:31 - 00000000 ____D C:\Users\Michael\Documents\temp
2017-05-22 22:26 - 2016-08-22 12:14 - 00000000 ____D C:\Users\Michael
2017-05-22 22:26 - 2015-04-19 10:11 - 00000000 ____D C:\Users\Michael\AppData\Local\Apple
2017-05-22 22:25 - 2017-03-25 18:10 - 00000000 ____D C:\Program Files\UPDD
2017-05-22 22:25 - 2016-08-22 12:36 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-05-22 22:25 - 2015-01-06 20:01 - 00000000 ____D C:\Users\Michael\AppData\Local\JDownloader v2.0
2017-05-22 22:25 - 2015-01-06 19:50 - 00000000 __SHD C:\Users\Michael\IntelGraphicsProfiles
2017-05-22 22:24 - 2016-07-16 08:04 - 03932160 _____ C:\WINDOWS\system32\config\BBI
2017-05-22 22:23 - 2016-08-22 12:12 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-05-22 20:36 - 2015-01-07 00:04 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe
2017-05-22 20:30 - 2017-01-15 01:10 - 00000000 ____D C:\Users\Michael\AppData\Local\CloudStation
2017-05-21 22:39 - 2016-03-13 17:58 - 00000000 ____D C:\Users\Michael\AppData\Local\CrashDumps
2017-05-21 21:56 - 2016-11-28 23:00 - 00000000 ____D C:\ProgramData\CrashPlan
2017-05-21 16:42 - 2016-08-22 12:14 - 00000000 ____D C:\Users\DefaultAppPool
2017-05-21 12:15 - 2017-02-07 19:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\WhatsApp
2017-05-21 00:37 - 2015-01-06 19:26 - 00000000 ____D C:\Users\Michael\AppData\Roaming\foobar2000
2017-05-20 22:45 - 2016-03-26 10:50 - 00121451 _____ C:\Users\Michael\Desktop\TNG+.mpcpl
2017-05-20 10:50 - 2015-06-19 17:35 - 00000000 ____D C:\Users\Michael\AppData\Local\Dropbox
2017-05-20 08:54 - 2015-01-06 18:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-05-19 22:23 - 2015-01-06 19:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-05-19 21:19 - 2015-01-06 20:20 - 00000000 ____D C:\ProgramData\APN
2017-05-19 21:15 - 2016-08-22 22:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-05-19 20:51 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-05-19 20:48 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-19 20:46 - 2016-10-18 20:18 - 00003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-19 20:46 - 2016-10-18 20:18 - 00003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-19 20:46 - 2016-10-18 20:18 - 00003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-19 20:46 - 2016-10-18 20:18 - 00003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-19 20:46 - 2016-10-18 20:18 - 00003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-19 20:45 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2017-05-18 21:48 - 2015-05-07 21:38 - 00000000 ____D C:\Users\Michael\AppData\Local\ElevatedDiagnostics
2017-05-18 19:07 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-17 21:41 - 2015-01-06 02:30 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2017-05-17 00:03 - 2015-12-23 16:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-05-16 21:16 - 2015-01-08 21:02 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2017-05-16 21:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-16 21:03 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-15 23:40 - 2015-01-06 02:11 - 00002264 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-15 22:14 - 2016-07-16 13:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-15 22:13 - 2016-06-19 19:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-05-14 14:02 - 2015-01-21 01:04 - 00000000 ____D C:\Users\Michael\AppData\Local\Information Factory
2017-05-13 11:11 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2017-05-11 20:16 - 2015-09-11 23:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 19:52 - 2016-08-22 12:12 - 05023664 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-10 23:28 - 2016-08-22 22:05 - 00000000 ____D C:\Program Files\Hyper-V
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-05-10 23:28 - 2016-07-16 13:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-05-10 23:28 - 2016-07-16 08:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2017-05-10 18:05 - 2015-01-06 19:33 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-10 18:02 - 2015-01-06 19:33 - 156335152 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-10 17:45 - 2016-07-16 13:42 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManMigrationPlugin.dll
2017-05-07 18:41 - 2015-01-06 02:11 - 00000000 ____D C:\Users\Michael\AppData\Local\Google
2017-05-07 18:41 - 2015-01-06 02:11 - 00000000 ____D C:\Program Files (x86)\Google
2017-05-07 17:26 - 2017-02-21 22:05 - 00000000 ____D C:\Users\Michael\AppData\Local\WhatsApp
2017-05-07 17:26 - 2017-02-07 19:50 - 00002285 _____ C:\Users\Michael\Desktop\WhatsApp.lnk
2017-05-07 17:26 - 2017-02-07 19:50 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-05-07 17:26 - 2017-02-07 19:50 - 00000000 ____D C:\Users\Michael\AppData\Local\SquirrelTemp
2017-05-07 15:27 - 2016-08-22 12:36 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-05-05 23:58 - 2015-01-06 19:28 - 00000000 ____D C:\ProgramData\Package Cache
2017-05-05 23:58 - 2015-01-06 19:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-05-04 22:38 - 2017-01-24 20:55 - 00004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-04 22:38 - 2016-10-18 20:18 - 00003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-05-04 22:38 - 2016-10-18 20:18 - 00001485 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2017-05-04 22:38 - 2016-08-22 12:12 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-05-04 22:38 - 2016-08-22 12:12 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-05-04 22:38 - 2016-08-22 12:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-05-04 18:41 - 2015-09-11 23:36 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2017-05-03 22:21 - 2016-07-05 23:57 - 00048248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2017-05-03 21:28 - 2017-01-24 20:55 - 00001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-05-03 17:41 - 2016-10-18 20:18 - 00001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-05-01 13:32 - 2015-02-03 00:11 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2017-04-30 10:55 - 2017-03-19 05:20 - 00000000 ___HD C:\$WINDOWS.~BT
2017-04-29 23:33 - 2016-08-22 12:36 - 00003628 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-04-29 23:33 - 2016-08-22 12:36 - 00003504 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-04-29 02:59 - 2016-07-16 13:49 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-04-29 02:59 - 2016-07-16 13:49 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-04-28 18:39 - 2016-10-15 23:46 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Nitro
2017-04-28 18:39 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-04-28 08:47 - 2015-12-16 19:40 - 00005864 __RSH C:\ProgramData\ntuser.pol
2017-04-28 08:42 - 2016-04-28 17:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2017-04-28 08:42 - 2016-04-28 17:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2017-04-28 08:42 - 2016-04-28 17:13 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2017-04-28 03:01 - 2016-08-22 12:12 - 02717184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2017-04-26 22:23 - 2016-09-25 12:57 - 00000000 ____D C:\WINDOWS\Minidump
2017-04-26 22:23 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-04-26 07:40 - 2017-01-24 20:55 - 00057792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-04-26 07:40 - 2016-09-14 17:12 - 01882048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-04-26 07:40 - 2016-09-14 17:12 - 01755072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-04-26 07:40 - 2016-09-14 17:12 - 01472960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-04-26 07:40 - 2016-09-14 17:12 - 01317312 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-04-26 07:40 - 2016-09-14 17:12 - 00121280 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-04-25 20:53 - 2015-05-27 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Private Tax

==================== Files in the root of some directories =======

2016-08-16 17:46 - 2016-08-16 17:46 - 0000077 _____ () C:\Users\Michael\AppData\Roaming\Camdata.ini
2016-08-16 17:46 - 2016-08-16 17:46 - 0000408 _____ () C:\Users\Michael\AppData\Roaming\CamLayout.ini
2016-08-16 17:46 - 2016-08-16 17:46 - 0000408 _____ () C:\Users\Michael\AppData\Roaming\CamShapes.ini
2016-08-16 17:46 - 2016-08-16 17:46 - 0004536 _____ () C:\Users\Michael\AppData\Roaming\CamStudio.cfg
2016-08-16 17:31 - 2016-08-16 17:31 - 0000096 _____ () C:\Users\Michael\AppData\Roaming\version2.xml
2016-07-02 10:07 - 2016-07-02 10:07 - 0361773 _____ () C:\Users\Michael\AppData\Local\debuggee.mdmp
2016-03-31 22:59 - 2017-03-23 22:01 - 0000600 _____ () C:\Users\Michael\AppData\Local\PUTTY.RND
2017-04-20 20:29 - 2017-04-20 20:29 - 0003265 _____ () C:\Users\Michael\AppData\Local\recently-used.xbel
2016-09-27 23:39 - 2016-09-27 23:39 - 0007601 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2016-08-22 13:45 - 2017-01-28 21:36 - 0000000 ____D () C:\Users\Michael\AppData\Local\Temp\avgnt.exe
2017-05-22 20:33 - 2017-05-22 20:33 - 0040448 ____N () C:\Users\Michael\AppData\Local\Temp\proxy_vole5152704635647006300.dll
2017-05-22 20:33 - 2017-05-22 20:33 - 0040448 ____N () C:\Users\Michael\AppData\Local\Temp\proxy_vole8510138313039682662.dll
2017-05-22 20:33 - 2017-05-22 20:33 - 0040448 _____ () C:\Users\Michael\AppData\Local\Temp\proxy_vole9117567214597511199.dll
2017-01-29 21:20 - 2017-01-29 21:20 - 0000000 ____D () C:\Users\Michael\AppData\Local\Temp\SynciosTransfer.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-05-14 22:17

==================== End of FRST.txt ============================
         
__________________

Alt 22.05.2017, 22:47   #4
rilkar
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Frage

Neues Log



sowie Addition.txt

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Ran by Michael (22-05-2017 22:36:58)
Running from H:\jDownloader
Windows 10 Pro Version 1607 (X64) (2016-08-22 10:37:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1783363258-1944623717-140360357-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1783363258-1944623717-140360357-503 - Limited - Disabled)
Guest (S-1-5-21-1783363258-1944623717-140360357-501 - Limited - Disabled)
Michael (S-1-5-21-1783363258-1944623717-140360357-1000 - Administrator - Enabled) => C:\Users\Michael

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
Active Directory Authentication Library for SQL Server (Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Active Directory Authentication Library for SQL Server (x86) (x32 Version: 13.0.1100.286 - Microsoft Corporation) Hidden
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.1.335 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Lightroom (HKLM-x32\...\{8048A5DF-8A70-5BE1-954B-E0FDE1BD0D0D}) (Version: 6.6 - Adobe Systems Incorporated)
Adobe Photoshop Elements 14 (HKLM-x32\...\{49F8D229-3E0E-4F43-8429-EB8F2583DB19}) (Version: 14.0 - Adobe Systems Incorporated)
Alien: Isolation (HKLM\...\Steam App 214490) (Version:  - Creative Assembly)
Altium Designer 17 (HKLM-x32\...\Altium Designer {18A9D362-7BAB-46B7-8088-3F339B6C8DDF}) (Version: 17.0.10.617 - Altium Limited)
Amazon Music (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Amazon Amazon Music) (Version: 3.10.0.928 - Amazon Services LLC)
Android SDK Tools (HKLM-x32\...\Android SDK Tools) (Version: 1.16 - Google Inc.)
Ansel (Version: 381.65 - NVIDIA Corporation) Hidden
Apple Application Support (32-Bit) (HKLM-x32\...\{05E07D23-91E9-4E70-A4CC-EF505088F967}) (Version: 5.4.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{741291DA-2B34-4D44-8FB6-58EDE21261D8}) (Version: 5.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{DB18F1C0-846F-46F5-A074-5B97C8AF5C8E}) (Version: 10.3.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{52D87F32-70E4-4348-8148-C0B9F35B1314}) (Version: 2.3.0.177 - Apple Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{981F324E-98F4-4784-B76F-04E92039F3F6}) (Version: 5.2.60328.3 - Microsoft Corporation)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology)
AutoHotkey 1.0.48.05 (HKLM-x32\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.18.170105 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.26.48 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{897e4d08-9554-48e9-ba07-ce6040867fa3}) (Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.83.46341 - Avira Operations GmbH & Co. KG) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Batman - The Telltale Series - Episode 1 (HKLM\...\Steam App 543830) (Version:  - Telltale Games)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio Add-in for Adobe FXG Import (x32 Version: 1.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Windows Phone 8.0 (x32 Version: 3.0.30924.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFL-Pro Suite DCP-7065DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Build Tools - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31010 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31010 - Microsoft Corporation) Hidden
CodedUITest81 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
CodedUITestUAP (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
CopyTrans Control Center deinstallieren (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\CopyTrans Suite) (Version: 4.002 - WindSolutions)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dishonored (HKLM\...\Steam App 205100) (Version:  - Arkane Studios)
Dishonored 2 (HKLM\...\Steam App 403640) (Version:  - Arkane Studios)
DisplayLink Graphics Driver (HKLM\...\{128986C9-B03C-45AC-8E24-F7CB694E798E}) (Version: 8.1.848.0 - DisplayLink Corp.)
Distortion Control Data (HKLM-x32\...\{B08B4896-886C-4644-8664-BBA4CE99D318}) (Version: 1.00.0000 - Nikon)
DOOM (HKLM\...\Steam App 379720) (Version:  - id Software)
DOOM 3: BFG Edition (HKLM\...\Steam App 208200) (Version:  - id Software)
Dotfuscator and Analytics Community Edition 5.19.1 (x32 Version: 5.19.1.3091 - PreEmptive Solutions) Hidden
Dropbox (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Dropbox) (Version: 26.4.24 - Dropbox, Inc.)
Entity Framework 6.1.3 Tools  for Visual Studio 2015 Update 1 (HKLM-x32\...\{2A56910C-69C8-495D-8ED8-9080F0A14E58}) (Version: 14.0.41103.0 - Microsoft Corporation)
Entity Framework Designer for Visual Studio 2012 - enu (HKLM-x32\...\{3F29268A-F53A-4387-9F2B-E9368A823178}) (Version: 11.1.30729.00 - Microsoft Corporation)
F.E.A.R. (HKLM\...\Steam App 21090) (Version:  - Monolith Productions, Inc.)
F.E.A.R. 3 (HKLM\...\Steam App 21100) (Version:  - Day 1 Studios)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
FileBox eXtender (Version: 2.1.0 - Hyperionics Technology LLC) Hidden
foobar2000 v1.3.6 (HKLM-x32\...\foobar2000) (Version: 1.3.6 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Drive (HKLM-x32\...\{A1238426-ECDF-4639-BE2F-8D12A97AE23C}) (Version: 2.34.5075.1619 - Google, Inc.)
Google Earth (HKLM-x32\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Earth Pro (HKLM-x32\...\{6D5E5B27-D872-4A5F-A1D9-CE681DB7B96A}) (Version: 7.1.7.2606 - Google)
Google Update Helper (x32 Version: 1.3.33.5 - Google Inc.) Hidden
Google Web Designer (HKLM\...\{811767F4-C586-4673-A41F-E9D767497222}) (Version: 1.3.10.0 - Google Inc.)
GPAC (remove only) (HKLM-x32\...\GPAC) (Version:  - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Hitman GO: Definitive Edition (HKLM\...\Steam App 427820) (Version:  - Square Enix Montréal)
HITMAN™ (HKLM\...\Steam App 236870) (Version:  - Io-Interactive)
iCloud (HKLM\...\{7F40A9A7-B3BE-4EA8-B052-60449F6C3C02}) (Version: 6.2.1.67 - Apple Inc.)
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{7A28A2B0-458B-4A58-84AC-C90D2D4B79FB}) (Version: 10.0.1735 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Imadio's Fisheye-Hemi Plug-In 1.3.2 (HKLM-x32\...\{138BAF26-9911-4C6D-9A24-D8ADE6C36718}) (Version: 1.3.2 - Imadio LLC)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intellisense Lang Pack Mobile Extension SDK 10.0.10586.0 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
iTunes (HKLM\...\{6C01A0A7-7440-4D48-93C6-2927A1E93FE6}) (Version: 12.6.0.100 - Apple Inc.)
Java 8 Update 121 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180121F0}) (Version: 8.0.1210.13 - Oracle Corporation)
Java SE Development Kit 7 Update 55 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170550}) (Version: 1.7.0.550 - Oracle)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (x32 Version: 10.1.10586.212 - Microsoft) Hidden
LenovoUsbDriver 1.0.16 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.16 - Lenovo)
LibreOffice 5.0.6.3 (HKLM-x32\...\{900D9036-4EDA-45EC-A095-E8AFB25D807A}) (Version: 5.0.6.3 - The Document Foundation)
Life Is Strange™ (HKLM\...\Steam App 319630) (Version:  - DONTNOD Entertainment)
LocalESPC (x32 Version: 8.59.29989 - Microsoft Corporation) Hidden
LocalESPCui for en-us (x32 Version: 8.59.29989 - Microsoft) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
MediaInfo 0.7.91 (HKLM\...\MediaInfo) (Version: 0.7.91 - MediaArea.net)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{1948E039-EC79-4591-951D-9867A8C14C90}) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (Deutsch) (HKLM-x32\...\{529EFF09-750D-48B9-A47A-34A3B6248C3F}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Version Manager (x64) 1.0.0-beta5 (HKLM\...\{c5a4aba3-1aba-3ef8-b2d5-c3fa37f59738}) (Version: 1.0.10609.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 2.0 (HKLM-x32\...\Microsoft Help Viewer 2.0) (Version: 2.0.50727 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25123 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 16.0.7967.2161 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{8325FD0C-2FDB-46C3-921A-3A78385EA972}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{A106D33E-6B43-42C0-9BFC-D03303261FA7}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{9D573E71-1077-4C7E-B4DB-4E22A5D2B48B}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM\...\{36E619BC-A234-4EC3-849B-779A7C865A45}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}) (Version: 11.0.2316.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{13D558FE-A863-402C-B115-160007277033}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{DA1C1761-5F4F-4332-AB9D-29EDF3F8EA0A}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{FA0A244E-F3C2-4589-B42A-3D522DE79A42}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{49D665A2-4C2A-476E-9AB8-FCC425F526FC}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{BEB0F91E-F2EA-48A1-B938-7857ABF2A93D}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{0E8670B8-3965-4930-ADA6-570348B67153}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{6D6D43E5-218C-4B05-92D3-2240810F4760}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2016 LocalDB RC0 (HKLM\...\{9CED5D08-5664-4668-A927-CD6C60C4175D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (HKLM-x32\...\{948B5F49-A57E-46B4-9F1E-145D7A9E66D7}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 Management Objects RC0 (x64) (HKLM\...\{F6F8053F-D328-4ACA-93A1-A49E495899F2}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL Language Service RC0 (HKLM-x32\...\{1852BD30-570B-4E47-8752-461448E8E250}) (Version: 13.0.12000.52 - Microsoft Corporation)
Microsoft SQL Server 2016 T-SQL ScriptDom RC0 (HKLM\...\{D9F55D00-A8AB-4518-A56E-D9D5E615542A}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (11.1.20828.01) (HKLM-x32\...\{4F2B8233-35EE-4197-8C3B-EACCBF712029}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (14.0.60311.1) (HKLM-x32\...\{28292CA9-8D65-4E37-95A3-753EEB38F122}) (Version: 14.0.60311.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (11.1.20828.01) (HKLM-x32\...\{FAE0523E-08A4-4717-8E8E-6EC6F32CBE88}) (Version: 11.1.20828.01 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{28D06854-572C-4A65-83E5-F8CAF26B9FDC}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{F1949145-EB64-4DE7-9D81-E6D27937146C}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM\...\{495CC0B4-D4C3-4D87-8317-F66BA48C5552}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2016 RC0 (HKLM-x32\...\{3A87F9F2-D65D-4BA9-8459-E5BBE31EA64D}) (Version: 13.0.1100.286 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{b341426f-8543-4e0d-96c3-e976f8ec5ab6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40649 (HKLM-x32\...\{5d0723d3-cff7-4e07-8d0b-ada737deb5e6}) (Version: 12.0.40649.5 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{616C6F39-4CE1-3434-A665-2F6A04C09A7F}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Community 2015 with Update 2 (HKLM-x32\...\{04fa3a35-1f49-4510-8051-819cdc1e6e01}) (Version: 14.0.25123.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2012 for Windows Desktop - ENU (HKLM-x32\...\{e0efdce9-a486-4676-8aa5-65bb08cbf34c}) (Version: 11.0.50727.42 - Microsoft Corporation)
Microsoft Visual Studio Tools for Apache Cordova (HKLM-x32\...\{c74f8058-96e2-4e64-97ed-2784129c858d}) (Version: 14.0.60401.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
Mirror's Edge (HKLM\...\Steam App 17410) (Version:  - DICE)
MKVToolNix 7.7.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 7.7.0 - Moritz Bunkus)
Mozilla Firefox 53.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 53.0.3 (x86 de)) (Version: 53.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 53.0.3.6347 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
Mozilla Thunderbird 45.8.0 (x86 de) (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Mozilla Thunderbird 45.8.0 (x86 de)) (Version: 45.8.0 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
MyHarmony (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Nik Collection (HKLM-x32\...\Nik Collection) (Version: 1.2.11 - Google)
Nitro Pro (HKLM\...\{B4DD03BC-F7FE-4983-BCBC-47BA91E4128F}) (Version: 11.0.1.16 - Nitro)
Node.js (HKLM-x32\...\{69735668-F8BC-4E9A-839A-4006FDFDD5AC}) (Version: 0.12.2 - Joyent, Inc. and other Node contributors)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.3 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 369.04 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 369.04 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 381.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.5.0.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.5.0.76 - NVIDIA Corporation)
NVIDIA Grafiktreiber 381.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 381.65 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.17.0329 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.17.0329 - NVIDIA Corporation)
NvNodejs (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.4.5.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7967.2161 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM-x32\...\{4860C1E5-CE58-4D32-89DE-37951333B4C9}) (Version: 4.6.01055 - Microsoft Corporation)
Paragon Backup and Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDF Compressor (HKLM-x32\...\{74CB4E29-732C-47A6-B9C6-790EC768FCBA}) (Version: 2.7.0.0 - iWesoft)
PDF2Text Pilot (HKLM-x32\...\{EAA1CA7B-A804-4743-9DF0-31F470444756}) (Version: 3.0.1 - Two Pilots)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 12.0 - PlotSoft LLC)
PDF-XChange Editor (HKLM-x32\...\{2ffd0690-7fdd-401d-b6a4-5351e54879e8}) (Version: 5.5.311.0 - Tracker Software Products (Canada) Ltd.)
PDF-XChange Editor (Version: 5.5.311.0 - Tracker Software Products (Canada) Ltd.) Hidden
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal Stories: Mel (HKLM-x32\...\Steam App 317400) (Version:  - Prism Studios)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{9169C939-ED01-446A-BD0C-29873BAF4E48}) (Version: 11.0.2100.60 - Microsoft Corporation)
Prerequisites for SSDT RC0 (HKLM-x32\...\{AB72EB1C-9CF4-4274-984D-5EDA8BF37A08}) (Version: 13.0.1100.286 - Microsoft Corporation)
Prey (HKLM\...\Steam App 480490) (Version:  - Arkane Studios)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Private Tax 2014 1.4.0 (HKLM-x32\...\3690-0225-9329-1026) (Version: 1.4.0 - Information Factory AG)
Private Tax 2015 1.1.0 (HKLM-x32\...\6588-3357-8633-9771) (Version: 1.1.0 - Information Factory AG)
Private Tax 2016 1.4.0 (HKLM-x32\...\5175-4634-8645-0854) (Version: 1.4.0 - Information Factory AG)
Project and Item Templates for Visual Studio Community 2015 - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25208 - Microsoft Corporation) Hidden
PTLens (HKLM\...\{0910F62D-459A-45AD-8A6C-10E93125C345}) (Version: 3.0.911 - ePaperPress)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 3.3.2 r2609 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Redie (HKLM\...\Steam App 536990) (Version:  - Rückert Broductions)
Resident Evil 6 / Biohazard 6 (HKLM-x32\...\Steam App 221040) (Version:  - Capcom)
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25126 - Microsoft Corporation) Hidden
Sennheiser 3D G4ME1 (HKLM-x32\...\{71B53BA8-4BE3-49AF-BC3E-07F392DDDFB6}) (Version: 1.00.0001 - )
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SHIELD Streaming (Version: 7.1.0360 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.5.0.76 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Starcraft (HKLM-x32\...\Starcraft) (Version:  - )
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERHOT (HKLM\...\Steam App 322500) (Version:  - SUPERHOT Team)
Sword With Sauce: Alpha (HKLM\...\Steam App 581630) (Version:  - Diatomic Games)
Synology Cloud Station Drive (remove only) (HKLM\...\Synology Cloud Station Drive) (Version: 4.2.2.4379 - Synology, Inc.)
Team Explorer for Microsoft Visual Studio 2015 Update 2 (x32 Version: 14.95.25118 - Microsoft) Hidden
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
TeighaX 3.09 (HKLM-x32\...\{3D63579F-2398-418B-9227-A852FB201D2D}) (Version: 3.9.0 - Open Design Alliance)
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
The Crew (Worldwide) (HKLM-x32\...\Uplay Install 413) (Version:  - Ubisoft)
The Evil Within (HKLM\...\Steam App 268050) (Version:  - Tango Gameworks)
The Witcher 3: Wild Hunt (HKLM-x32\...\Steam App 292030) (Version:  - CD PROJEKT RED)
The Witcher: Enhanced Edition (HKLM-x32\...\Steam App 20900) (Version:  - CD PROJEKT RED)
This War of Mine (HKLM\...\Steam App 282070) (Version:  - 11 bit studios)
THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited)
Tom Clancy's Splinter Cell Anthology Edition 1.0 (HKLM-x32\...\Tom Clancy's Splinter Cell Anthology Edition 1.0) (Version:  - )
TortoiseSVN 1.8.10.26129 (64 bit) (HKLM\...\{A9E679EC-8FD4-49D8-A5A5-ACE462515A9E}) (Version: 1.8.26129 - TortoiseSVN)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
TypeScript Power Tool (x32 Version: 1.8.9.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.30.0 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Universal Pointer Device Driver (HKLM\...\TBUPDDV4) (Version: 05.00.02-0346 - Touch-Base Ltd)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup  (HKLM\...\{6AF73222-EE90-434C-AE7E-B96F70A68D89}) (Version: 10.1.2731.0 - Microsoft Corporation)
Uplay (HKLM-x32\...\Uplay) (Version: 22.2 - Ubisoft)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{CFCB8616-A5D1-4281-80E8-389F685BFAE2}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2012 Update 4 (KB2707250) (HKLM-x32\...\{312d9252-c71c-4c84-b171-f4ad46e22098}) (Version: 11.0.61030 - Microsoft Corporation)
Visual Studio 2015 Update 2 (KB3022398) (HKLM-x32\...\{78c1b501-a6eb-4f29-88c5-84189564827e}) (Version: 14.0.25123 - Microsoft Corporation)
Vivaldi (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\Vivaldi) (Version: 1.2.490.43 - Vivaldi)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VS Update core components (x32 Version: 14.0.25123 - Microsoft Corporation) Hidden
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WhatsApp (HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\WhatsApp) (Version: 0.2.4240 - WhatsApp)
WinAppDeploy (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 10-Upgrade-Assistent (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17353 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{75C39BA6-1D02-4BEA-844F-0EA6C4B7FA1B}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.10586.212 (HKLM-x32\...\{43d9f43d-c90b-4fdf-9dfe-ecf9990bfa2a}) (Version: 10.1.10586.212 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.1.10586.212 - Microsoft Corporation) Hidden
Wireshark 2.2.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 2.2.6 - The Wireshark developer community, hxxps://www.wireshark.org)
Wolfenstein 3D (HKLM-x32\...\Steam App 2270) (Version:  - id Software)
Wolfenstein 3D: Spear of Destiny (HKLM-x32\...\Steam App 9000) (Version:  - id Software)
ZoneAlarm Firewall (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.1.504.17269 - Check Point)
ZoneAlarm Security (x32 Version: 15.1.504.17269 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-5F80F7FC2945}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{2C4A5D61-009C-4561-9A33-6AFD542FD237}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\ContextMenu.dll ()
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{472CE1AD-5D53-4BCF-A1FB-3982A5F55138}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{48AB5ADA-36B1-4137-99C9-2BD97F8788AB}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{A433C3E0-8B24-40EB-93C3-4B10D9959F58}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{AEB16659-2125-4ADA-A4AB-45EE21E86469}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{C701AD67-3DF0-47C9-89CB-DFA6207BE229}\InprocServer32 -> C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\icon-overlay\18\x64\iconOverlay.dll (TODO: <Company name>)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1783363258-1944623717-140360357-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.16.0.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F647F4-8303-4FAA-93DD-59B202A5860C} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000UA1d23747e716dc7b => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {0448D563-22ED-44BF-A985-8943C2C6031C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2017-02-14] (Apple Inc.)
Task: {059BCFBE-4B32-4FC3-B423-ACF29D17FEC5} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {0AE30D9C-BAB5-40B1-9E82-64AA4247EEC1} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-05-03] (NVIDIA Corporation)
Task: {0D96694F-06D2-42BC-8153-755FCFA64C9B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {12569FA6-C543-4658-A04D-46B66BD40EDE} - System32\Tasks\3DconnexionCreateProcess_3DxService.exe => C:\Program Files\3Dconnexion\3DxWare\3DxWinCore64\3DxService.exe 
Task: {136E6B25-26CD-40A5-B0EC-62C76D0ACA1D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {1D8022F2-D132-483F-B188-BA40AC014439} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {1D8CA53B-2208-4DA5-B86A-3F0A860CBE65} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {1E2C561A-CFF4-4FA8-80E6-9BE63B0AD700} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {1E7E4713-242D-439D-AC1C-BF34FFB045EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2375DFBB-4057-4071-9CBA-75A73CCB7684} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {2AE43B01-7879-4C79-8FAC-3A6D55AAE7DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2DBE6CA3-1F0C-42BE-9722-84A59F76A77F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2FD2A3AB-2590-4384-85A7-51F5D502871A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3118AA9B-998A-4065-8AF6-44140C166F99} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {4A82421F-B040-4BFC-9344-E9340E2FEA6D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4CB0F5D2-89A2-4A29-A800-DB2E1A5A913F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {51A43766-923E-4518-8678-AE0253727A8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-15] (Microsoft Corporation)
Task: {53899A2D-F217-4DC7-A1C2-7C9A2E321D7E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {59952C6F-1BFD-4D93-B2EA-BE01C50F30B2} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-05-03] (NVIDIA Corporation)
Task: {5D474024-B6DB-46CB-A0A3-4E01070EDFBA} - System32\Tasks\Launcher GIGABYTE XTREME GAMING ENGINE => C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\Xtreme.exe [2016-09-07] (GIGABYTE Technology Co.,Ltd.)
Task: {62893A99-0222-48AC-AE91-24F2950F4B1F} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000Core1d23747e711faa5 => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {64B40378-E4EB-47A7-9690-6D4FEC63DDF1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6749F777-AB34-464D-B630-602778E042EB} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {74408695-3B25-4E92-96F1-D6211289DFC0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {7A8D4F2F-5080-43EB-8FF3-4D4DB8ECD878} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {830F0FA1-3D06-449C-8477-1CFE44A54CF1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2017-05-15] (Microsoft Corporation)
Task: {87B72F43-AE8F-4292-9E9B-8D7BADA25F52} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {882555C2-8DE1-4609-AB57-4BBF2F6AF49B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {8BC508ED-2A4F-4E87-AF51-29C55DE28897} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {8CF3527D-32D9-46D9-8147-3363F7324027} - System32\Tasks\{A8533624-3469-4C15-909E-86228908CD48} => pcalua.exe -a C:\Users\Michael\AppData\Local\Adobe\OOBE\PDApp\DECore\Setup.exe -d C:\Users\Michael\AppData\Local\Adobe\OOBE\PDApp\core\..\D6\..\DECore -c --deploymentFile="C:\Users\Michael\AppData\Local\Temp\{8D6B5DD7-1AB8-4F92-8F6E-3000D625BFEA}\deploy.xml" --userASUPath="C:\Users\Michael\AppData\Local\Adobe\ (the data entry has 27 more characters). <==== ATTENTION
Task: {9324DD03-0021-4823-92BE-9231A4AEC89E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {93656C3E-9B64-41E0-BBE6-2B317CC5FB83} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {99D3057B-C1A5-46C0-8DBD-C455DCBCEFF0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {9BE54479-1468-4AD1-82C2-CCA21480B8EF} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {A5F0E4D4-6444-493E-9A68-C40EA60099EF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {ABD8921B-8921-4C62-9CD5-0722FB4A28BB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {ACFBAC1E-A9D1-4C1A-9488-6FEC557DDDDE} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {AE78B9E4-7CF9-440A-AAA3-F23F01EE7052} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {AEB392E5-4007-4E17-908A-EFC678864F68} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-04-26] (NVIDIA Corporation)
Task: {C088409E-13A5-459D-AE1A-21AC071CAB1F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-05-10] (Microsoft Corporation)
Task: {C2D571DA-B0A7-42A3-A4B8-FD6CAA551118} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {C6074259-EE72-41B7-8F0F-9B35A15C886B} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C696447C-D317-4AA2-96FB-F5440BB74EB6} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C7987C25-00C9-4E73-B742-768DCE4FEEF0} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {CBBD0B51-6667-4D72-9131-2720BD202037} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {CF387A49-63F3-4EDF-B2AC-6AFCCD6BBBD7} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-05-03] (NVIDIA Corporation)
Task: {D8551303-1E83-4208-8BE3-D00263DEE2E7} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => D:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-03-22] (Microsoft Corporation)
Task: {D92F14A6-DA6F-4D92-B166-E764A1D10639} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {DC3EFEBB-4441-4064-BD41-017BB8FD7942} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-04] (Microsoft Corporation)
Task: {DC6D392A-5C0A-47BC-9AA2-C55FAE9DA880} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {E5D29950-AEFB-4A91-8BC0-B66A81C44691} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {ECA96BC7-329E-4E5C-B85A-A084D0F7EF21} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {ED386E5D-1FF1-4D51-B126-4E27391860E4} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-05-03] (NVIDIA Corporation)
Task: {FBAA2600-6BA6-42C8-82FB-38B1D1AFA01B} - System32\Tasks\AdobeAAMUpdater-1.0-Phantom-Michael => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000Core1d23747e711faa5.job => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1783363258-1944623717-140360357-1000UA1d23747e716dc7b.job => C:\Users\Michael\AppData\Local\Dropbox\Update\DropboxUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Compressor\PDF Compressor Website.lnk -> hxxp://www.pdfcompressor.org

ShortcutWithArgument: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Node.js\Node.js command prompt.lnk -> C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) -> /k "C:\Program Files (x86)\nodejs\nodevars.bat"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-10 18:00 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2017-03-25 18:10 - 2012-10-10 13:35 - 01059096 _____ () C:\Program Files\UPDD\tbupddwu.exe
2017-03-25 18:10 - 2012-01-19 15:22 - 01987584 _____ () C:\Program Files\UPDD\ACE_updd_5.6.2.dll
2016-09-01 18:12 - 2016-09-01 18:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-19 21:11 - 2017-05-09 16:38 - 02270672 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-28 14:31 - 2016-12-28 14:31 - 00287256 _____ () C:\Program Files (x86)\Synology\CloudStation\bin\vss-service-x64.exe
2016-09-14 15:35 - 2016-09-14 15:35 - 00418496 _____ () C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe
2016-09-14 15:35 - 2016-09-14 15:35 - 02735296 _____ () C:\Program Files\Nitro\Pro 11\Nitro_KissMetrics.dll
2016-10-18 20:18 - 2017-04-26 07:40 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-01-08 23:23 - 2005-04-22 06:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2017-03-25 18:10 - 2012-10-09 16:27 - 00041984 _____ () C:\Program Files\UPDD\tbhook.dll
2017-05-10 18:00 - 2017-04-28 02:49 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-15 18:55 - 2016-09-07 06:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-14 19:58 - 2017-03-04 08:31 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-14 19:57 - 2017-03-04 08:12 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-14 19:57 - 2017-03-04 08:05 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-03-14 19:57 - 2017-03-04 08:05 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-10 18:00 - 2017-04-28 01:36 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-10 18:00 - 2017-04-28 01:37 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-05-09 17:19 - 2017-05-09 17:19 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-05-09 17:19 - 2017-05-09 17:19 - 00201728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-05-09 17:19 - 2017-05-09 17:19 - 43195904 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-05-09 17:19 - 2017-05-09 17:19 - 02457088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.15.597.0_x64__kzf8qxf38zg5c\skypert.dll
2017-05-22 22:25 - 2017-05-22 22:25 - 00566439 _____ () C:\Users\Michael\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\libgcc_s_sjlj-1.dll
2017-05-22 22:25 - 2017-05-22 22:25 - 04078962 _____ () C:\Users\Michael\AppData\Local\JDownloader v2.0\tmp\7zip\SevenZipJBinding-FKPz9\lib7-Zip-JBinding.dll
2015-01-06 19:19 - 2013-05-28 16:56 - 00151552 _____ () C:\Windows\System\3DG4me.exe
2017-03-25 18:10 - 2012-10-10 13:33 - 00676352 _____ () C:\Program Files\UPDD\TBDAEMON.EXE
2017-03-25 18:10 - 2011-10-11 15:27 - 06642688 _____ () C:\Program Files\UPDD\qt-mt336.dll
2017-03-25 18:10 - 2012-10-10 13:33 - 00524288 _____ () C:\Program Files\UPDD\AIDAEMON.EXE
2017-03-27 12:20 - 2017-03-27 12:20 - 00092472 _____ () C:\Program Files\iTunes\zlib1.dll
2017-03-27 12:20 - 2017-03-27 12:20 - 01354040 _____ () C:\Program Files\iTunes\libxml2.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 00491184 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2014-12-17 22:31 - 2014-12-17 22:31 - 00076032 _____ () D:\Programs\TortoiseSVN\bin\TortoiseStub.dll
2014-12-17 22:30 - 2014-12-17 22:30 - 00088832 _____ () D:\Programs\TortoiseSVN\bin\libsasl.dll
2015-01-06 19:17 - 2011-11-19 02:12 - 00129536 _____ () D:\Programs\AudioSwitcher\switcher.exe
2017-05-15 23:40 - 2017-05-09 11:13 - 03767640 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libglesv2.dll
2017-05-15 23:40 - 2017-05-09 11:13 - 00100696 _____ () C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.110\libegl.dll
2016-10-25 09:57 - 2016-10-25 09:57 - 31723696 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-01-02 14:21 - 2017-01-20 11:44 - 00181928 _____ () c:\program files (x86)\ostotosoft\drivertalent\ldrvsvc.dll
2016-01-02 14:21 - 2015-12-28 11:19 - 00254824 _____ () c:\program files (x86)\ostotosoft\drivertalent\updater\checkupdate.dll
2016-01-02 14:21 - 2017-01-20 11:44 - 00172200 _____ () c:\program files (x86)\ostotosoft\drivertalent\substat.dll
2016-01-02 14:21 - 2017-01-20 11:44 - 00112296 _____ () c:\program files (x86)\ostotosoft\drivertalent\dstudp.dll
2016-01-02 14:21 - 2015-12-28 11:19 - 00117088 _____ () c:\program files (x86)\ostotosoft\drivertalent\udp.dll
2017-03-23 19:10 - 2017-03-23 10:26 - 00068744 _____ () c:\program files (x86)\ostotosoft\drivertalent\DTLPlugs\InstallPlugV2\InstallPlugV2.dll
2017-05-20 10:51 - 2014-05-13 12:04 - 00109400 _____ () d:\Programs\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-20 10:51 - 2014-05-13 12:04 - 00167768 _____ () d:\Programs\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-20 10:51 - 2014-05-13 12:04 - 00416600 _____ () d:\Programs\Spybot - Search & Destroy 2\DEC150.bpl
2017-05-20 10:51 - 2012-08-23 10:38 - 00574840 _____ () d:\Programs\Spybot - Search & Destroy 2\sqlite3.dll
2017-05-20 10:51 - 2012-04-03 17:06 - 00565640 _____ () d:\Programs\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-10-18 20:18 - 2017-04-26 07:40 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2015-01-06 19:19 - 2012-06-06 09:56 - 00143360 _____ () C:\Windows\System\3DG4me.dll
2017-03-16 16:09 - 2017-03-16 16:09 - 01041720 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-09-01 18:13 - 2016-09-01 18:13 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2017-03-16 16:08 - 2017-03-16 16:08 - 00189752 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2017-05-22 22:26 - 2017-05-22 22:26 - 00098816 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32api.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00110080 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pywintypes27.dll
2017-05-22 22:26 - 2017-05-22 22:26 - 00364544 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pythoncom27.dll
2017-05-22 22:26 - 2017-05-22 22:26 - 00320512 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32com.shell.shell.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00914432 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_hashlib.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 01176576 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._core_.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00806400 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._gdi_.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00816128 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._windows_.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 01067008 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._controls_.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00733184 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._misc_.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00682496 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pysqlite2._sqlite.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00088064 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_ctypes.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00686080 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\unicodedata.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00119808 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32file.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00108544 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32security.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00007168 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\hashobjs_ext.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00017920 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\thumbnails_ext.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00088064 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\usb_ext.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00012800 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\common.time34.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00018432 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32event.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00167936 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32gui.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00046080 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_socket.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 01303552 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_ssl.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00128512 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_elementtree.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00127488 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\pyexpat.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00038912 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32inet.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00036864 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_psutil_windows.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00524248 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\windows._lib_cacheinvalidation.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00011264 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32crypt.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00123392 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._wizard.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00077312 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._html2.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00027648 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_multiprocessing.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00020480 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\_yappi.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00035840 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32process.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00078848 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\wx._animate.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00024064 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32pipe.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00010240 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\select.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00025600 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32pdh.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00017408 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32profile.pyd
2017-05-22 22:26 - 2017-05-22 22:26 - 00022528 ____R () C:\Users\Michael\AppData\Local\Temp\_MEI138602\win32ts.pyd
2015-01-06 19:17 - 2011-11-18 18:32 - 00029184 _____ () D:\Programs\AudioSwitcher\EndPointController.dll
2015-01-06 02:14 - 2011-05-04 17:32 - 00094208 ____N () C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
2017-05-17 21:41 - 2017-05-16 22:55 - 00871744 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-05-17 21:41 - 2017-05-16 22:55 - 01787200 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2015-12-12 12:47 - 2017-04-26 02:38 - 00035792 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-12 12:47 - 2017-04-26 02:38 - 00100296 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-12 12:47 - 2017-04-26 02:38 - 00018888 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-12 12:47 - 2017-05-16 23:00 - 00019776 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00020824 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 12:47 - 2017-04-26 02:39 - 00123856 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-12 12:47 - 2017-04-26 02:38 - 00694224 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 01729360 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00020816 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-05-17 21:41 - 2017-04-26 02:38 - 00145864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-05-17 21:41 - 2017-04-26 02:39 - 00019408 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-05-17 21:41 - 2017-04-26 02:38 - 00116688 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-12 12:47 - 2017-04-26 02:40 - 00105928 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32api.pyd
2016-08-16 09:16 - 2017-05-16 23:01 - 00022864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00060736 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00038712 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00024528 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-05-17 21:41 - 2017-04-26 02:38 - 00392656 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-05-17 21:41 - 2017-04-26 02:40 - 00020936 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00116176 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-12 12:47 - 2017-05-16 23:00 - 00392512 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00124880 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32file.pyd
2016-08-16 09:16 - 2017-05-16 23:01 - 00026456 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00024016 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00175560 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00030160 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00043472 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00048592 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00057808 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00024016 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00246608 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00027488 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00022336 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-05-15 21:30 - 2017-05-16 23:01 - 00082264 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2015-12-12 12:47 - 2017-05-16 23:01 - 00025432 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00028616 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 01826104 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-12 12:47 - 2017-04-26 02:39 - 00083912 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\sip.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 01972024 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 03928896 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00171336 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00042816 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00531264 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00133432 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00224064 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00207680 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00060880 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-02-27 21:31 - 2017-05-16 23:01 - 00054608 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-01-23 23:02 - 2017-05-16 23:01 - 00022864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2016-04-15 22:40 - 2017-05-16 23:01 - 00069968 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\windisplaytoast.compiled._DisplayToast.pyd
2017-01-23 23:02 - 2017-05-16 23:01 - 00022872 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-01-23 23:02 - 2017-05-16 23:01 - 00021848 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-01-23 23:02 - 2017-05-16 23:01 - 00022872 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2015-12-12 12:47 - 2017-04-26 02:40 - 00349128 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00103232 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtWinExtras.pyd
2016-02-19 22:24 - 2017-05-16 23:01 - 00023896 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00025936 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-05-17 21:41 - 2017-04-26 02:34 - 00036296 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\librsync.dll
2017-05-17 21:41 - 2017-05-16 23:00 - 00033112 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2017-05-17 21:41 - 2017-03-22 12:07 - 00293392 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2017-05-17 21:41 - 2017-05-16 23:00 - 00084288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2016-07-08 20:55 - 2017-05-16 23:01 - 00030536 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-05-17 21:41 - 2017-04-26 02:43 - 00017864 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-05-17 21:41 - 2017-04-26 02:43 - 01631184 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2016-08-16 09:16 - 2017-05-16 23:01 - 00026456 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-07 20:31 - 2017-05-16 23:01 - 00023368 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\wincrashpad.compiled._Crashpad.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00546104 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-05-17 21:41 - 2017-05-16 23:00 - 00357688 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2016-09-14 17:31 - 2016-08-18 20:26 - 00225792 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\GvFireware.dll
2016-09-14 17:31 - 2014-05-01 02:49 - 00025088 _____ () C:\Program Files (x86)\GIGABYTE\XTREME GAMING ENGINE\BSL430.dll
2015-01-08 23:23 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00123918 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libgcc_s_dw2-1.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 01026062 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libstdc++-6.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00524460 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libcurl-4.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 03036430 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\libsqlite3-0.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 01798570 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\icuuc53.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 03095505 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\icuin53.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00115214 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\zlib1.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 21565192 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\icudt53.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00712704 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\platforms\qwindows.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00031744 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qgif.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00046080 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qicns.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00032768 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qico.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00516608 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjp2.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00243200 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qjpeg.dll
2017-03-08 20:17 - 2017-03-08 20:17 - 00431616 _____ () C:\Users\Michael\AppData\Local\CloudStation\CloudStation.app\bin\imageformats\qtiff.dll
2017-05-20 10:51 - 2014-05-13 12:04 - 00109400 _____ () D:\Programs\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-05-20 10:51 - 2014-05-13 12:04 - 00167768 _____ () D:\Programs\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-05-20 10:51 - 2014-05-13 12:04 - 00416600 _____ () D:\Programs\Spybot - Search & Destroy 2\DEC150.bpl
2016-10-12 01:08 - 2016-10-12 01:08 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00223232 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-10-12 01:08 - 2016-10-12 01:08 - 00124928 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-10-25 10:49 - 2016-10-25 10:49 - 00098496 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-10-12 01:08 - 2016-10-12 01:08 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2015-01-06 23:25 - 2017-03-10 02:13 - 00674592 _____ () D:\Programs\Steam\SDL2.dll
2015-01-21 00:13 - 2016-09-01 03:02 - 04969248 _____ () D:\Programs\Steam\v8.dll
2015-01-06 23:25 - 2017-04-26 01:55 - 02465056 _____ () D:\Programs\Steam\video.dll
2015-01-06 23:25 - 2016-01-27 09:49 - 02549760 _____ () D:\Programs\Steam\libavcodec-56.dll
2015-01-06 23:25 - 2016-01-27 09:49 - 00491008 _____ () D:\Programs\Steam\libavformat-56.dll
2015-01-06 23:25 - 2016-01-27 09:49 - 00332800 _____ () D:\Programs\Steam\libavresample-2.dll
2015-01-06 23:25 - 2016-01-27 09:49 - 00442880 _____ () D:\Programs\Steam\libavutil-54.dll
2015-01-06 23:25 - 2016-01-27 09:49 - 00485888 _____ () D:\Programs\Steam\libswscale-3.dll
2015-01-21 00:13 - 2016-09-01 03:02 - 01563936 _____ () D:\Programs\Steam\icui18n.dll
2015-01-21 00:13 - 2016-09-01 03:02 - 01195296 _____ () D:\Programs\Steam\icuuc.dll
2015-01-06 23:25 - 2017-04-26 01:55 - 00848672 _____ () D:\Programs\Steam\bin\chromehtml.DLL
2016-03-09 19:53 - 2016-07-05 00:17 - 00266560 _____ () D:\Programs\Steam\openvr_api.dll
2016-12-13 18:52 - 2017-01-30 23:41 - 68875552 _____ () D:\Programs\Steam\bin\cef\cef.win7\libcef.dll
2015-01-06 23:25 - 2017-04-26 01:55 - 00383776 _____ () D:\Programs\Steam\steam.dll
2015-01-21 00:13 - 2015-09-25 01:52 - 00119208 _____ () D:\Programs\Steam\winh264.dll
2016-10-18 20:18 - 2017-04-26 07:03 - 02442360 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\Downloader.node
2016-10-18 20:18 - 2017-04-26 07:03 - 00361920 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVAccountAPINode.node
2016-10-18 20:18 - 2017-04-26 07:03 - 00252352 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\DriverInstall.node
2016-10-18 20:18 - 2017-04-26 07:03 - 00384120 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGameShareAPINode.node
2016-10-18 20:18 - 2017-04-26 07:03 - 00467392 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvGalleryAPINode.node
2016-10-18 20:18 - 2017-04-26 07:03 - 00572024 _____ () \\?\C:\Program Files (x86)\NVIDIA Corporation\NvNode\NvSpCapsAPINode.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [386]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Software\Classes\.com:  =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2017-05-21 22:02 - 00001077 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1783363258-1944623717-140360357-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\Documents\tardis_wallpaper___dw_by_vampiric_time_lord-d5luyi7.png
DNS Servers: 8.8.8.8
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: Avira.ServiceHost => 2
MSCONFIG\Services: BrYNSvc => 3
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: WTabletServiceCon => 2
MSCONFIG\Services: ZAPrivacyService => 2
MSCONFIG\startupreg: CheckManager => C:\Incasolution\Checkmanager\CheckManagerRun.exe
HKLM\...\StartupApproved\StartupFolder: => "FileBox eXtender.lnk"
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\StartupApproved\StartupFolder: => "startup-monitor-timeout.lnk"
HKU\S-1-5-21-1783363258-1944623717-140360357-1000\...\StartupApproved\StartupFolder: => "Rainmeter.lnk"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{955B74C1-33F7-45D6-AD5F-98C2C16937A5}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{7D7F4C28-8D12-4997-9632-061C396DE7FD}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{2E9FADA1-EFCA-437C-8B77-85CF50F9E4B2}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{F6DA3110-D1B2-499C-9E8E-4E9594C3F6EE}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{4A551D9B-2B42-45D9-A533-B150FDCD8A6D}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{C9146A9A-7681-4C6A-A0A9-A7C33DFF6BB4}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{F9717377-651A-4EAF-AD26-03D8B2633911}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{53F8F870-D058-474F-81C9-4A9286905917}] => (Allow) D:\Programs\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [UDP Query User{2A6AC553-1AFB-4043-B2AA-D12E1E2D0096}E:\tmnationsforever\tmforever.exe] => (Allow) E:\tmnationsforever\tmforever.exe
FirewallRules: [TCP Query User{3B60553F-43B9-4E81-97E3-6CD6DEB1D6C7}E:\tmnationsforever\tmforever.exe] => (Allow) E:\tmnationsforever\tmforever.exe
FirewallRules: [{53943896-F8ED-4E47-B870-2FAF543D2836}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{35394F4C-CA8C-4C04-B3CC-10C9B8129F44}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6AB151CC-A7A5-45F4-B348-6DDE222B23EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{F9C05C63-1961-493B-A8A7-A4992558C69A}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [TCP Query User{D2EFF52C-DA64-4893-8905-CF0C15BE0AEE}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell blacklist\src\system\blacklist_dx11_game.exe
FirewallRules: [{3FF192BE-4F83-4525-86B1-F00740BEB58A}] => (Allow) D:\Programs\Microsoft Visual Studio 14.0\Common7\IDE\devenv.exe
FirewallRules: [UDP Query User{A6F115DC-2C2F-4391-BABC-923644435628}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell  pandora tomorrow\pandora.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell  pandora tomorrow\pandora.exe
FirewallRules: [TCP Query User{52AC7088-093C-43FD-B960-13BCE020A8E0}F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell  pandora tomorrow\pandora.exe] => (Block) F:\games\tom clancy's splinter cell anthology edition\tom clancy's splinter cell  pandora tomorrow\pandora.exe
FirewallRules: [{555D07CC-8705-4BE6-9FB6-7FBCE6227799}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{FA2ACA2F-666A-4AD4-96CF-D36332DF588B}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect Safe Mode.exe
FirewallRules: [{D34398DC-5025-4DED-8FF8-1BA0BCAF9282}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\download\MiniThunderPlatform.exe
FirewallRules: [{3021B711-EAB8-4AC5-A5C5-B8E16AE12403}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DTLService.exe
FirewallRules: [{6F9A9248-EBE7-4CC4-9CAB-D629218BA2B7}] => (Allow) C:\Program Files (x86)\OSTotoSoft\DriverTalent\DriverTalent.exe
FirewallRules: [UDP Query User{8C214CAC-48AA-43B8-A677-485E59B225B5}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [TCP Query User{9EC1E6F0-41B0-40A6-842B-D43883B20519}C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe] => (Block) C:\program files (x86)\ostotosoft\drivertalent\drivertalent.exe
FirewallRules: [UDP Query User{7D789ECC-A756-44EF-B7B3-478D6F5F95B2}D:\programs\foobar2000\foobar2000.exe] => (Block) D:\programs\foobar2000\foobar2000.exe
FirewallRules: [TCP Query User{5E667F31-36CC-4426-84C1-F68CCEF66A2A}D:\programs\foobar2000\foobar2000.exe] => (Block) D:\programs\foobar2000\foobar2000.exe
FirewallRules: [{57C5828B-C9E5-4DB8-A9FB-3F98BFD52224}] => (Allow) G:\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [{9731ABFB-465D-49EC-A1D6-3A89C391ADA2}] => (Allow) G:\Steam\steamapps\common\Resident Evil 6\BH6.exe
FirewallRules: [UDP Query User{D6D7C7D7-3F70-46FD-8AC8-C9DF6255B97E}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{DC96E293-2BB2-4CEF-9CF6-B120AD1B8290}C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\michael\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{2242B5CD-2921-4799-905C-356CDAE0AF29}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Block) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{96EBBC58-8C15-468E-A63A-BE28762B7437}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Block) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{CF8F04DA-B812-4C90-A895-B66031D4A639}] => (Allow) D:\Programs\Steam\steamapps\common\Spear of Destiny\base\dosbox.exe
FirewallRules: [{95338DE0-FE41-47BE-B151-767AA1180A89}] => (Allow) D:\Programs\Steam\steamapps\common\Spear of Destiny\base\dosbox.exe
FirewallRules: [{08AA2AC6-0C70-43C8-9639-4E93E87ABB5A}] => (Allow) D:\Programs\Steam\steamapps\common\Wolfenstein 3D\base\dosbox.exe
FirewallRules: [{F95DFE2E-99B2-4263-BD45-A953E837D57E}] => (Allow) D:\Programs\Steam\steamapps\common\Wolfenstein 3D\base\dosbox.exe
FirewallRules: [{D4ED68FA-74E4-4E96-BF36-1C875B097BCF}] => (Allow) D:\Programs\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{51A123A1-FB52-429D-881A-3B2796EEEA79}] => (Allow) D:\Programs\Steam\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{56BD6AE2-7182-4584-AAB4-CF2AD25FCC7C}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [{96B03758-8C41-461A-B6DD-9FD56563D46B}] => (Allow) D:\Programs\Steam\steamapps\common\Prison Architect\Prison Architect.exe
FirewallRules: [UDP Query User{0BC58C2B-9E78-4110-94E4-39A7858A77C5}H:\games\dying light\dyinglightgame.exe] => (Block) H:\games\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{5EB5B183-FE73-45E5-9860-D385BEC7D5B4}H:\games\dying light\dyinglightgame.exe] => (Block) H:\games\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{879C58DF-C067-4A38-A9D6-27B2FE0A0A21}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [TCP Query User{838D2167-8748-4C2D-A33D-F436BC919383}C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe] => (Allow) C:\users\michael\appdata\local\jdownloader v2.0\jdownloader2.exe
FirewallRules: [{BE43F635-BA04-4CAC-A310-38CF722049E5}] => (Allow) D:\Games\Steam\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{B3A4CC42-BD0C-4024-8194-9062962571EF}] => (Allow) D:\Games\Steam\SteamApps\common\Metro 2033 Redux\metro.exe
FirewallRules: [{4B3A379A-7100-4E17-BF49-EC6AD32984BE}] => (Allow) G:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{D4B37A53-6A9D-4911-AAC6-28FEDBD5AD39}] => (Allow) G:\Steam\steamapps\common\Max Payne 3\Max Payne 3\MaxPayne3.exe
FirewallRules: [{6D4E7E3D-31B6-445E-B5F8-FB890317C1A7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{C47B4151-BC3F-4B28-A5CE-5BFBC87783BA}] => (Allow) LPort=54925
FirewallRules: [{7004C489-DB6A-4B50-8321-DD09AD71EDD5}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{38256FFF-56BD-458B-A2AE-984332EF3E56}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6B24788A-6C6D-4177-A3C9-473787F69470}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{67D55BB8-0DB9-4A6A-80F4-91BC562B7AAC}] => (Allow) D:\Programs\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{55F33EB0-2C34-4106-BBCF-C4E79936D7CC}] => (Allow) D:\Programs\Microsoft Visual Studio 11.0\Common7\IDE\WDExpress.exe
FirewallRules: [UDP Query User{8E9DD929-DFC0-415E-83A6-5F786033887E}D:\programs\foobar2000\foobar2000.exe] => (Allow) D:\programs\foobar2000\foobar2000.exe
FirewallRules: [TCP Query User{FFFC5B9A-A353-4734-BC7C-F7F463BE489F}D:\programs\foobar2000\foobar2000.exe] => (Allow) D:\programs\foobar2000\foobar2000.exe
FirewallRules: [{6623C922-4F21-4696-AF7D-35067405AC5D}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{8367A874-2822-4D8B-8908-DD9A6D166559}] => (Allow) D:\Programs\Steam\bin\steamwebhelper.exe
FirewallRules: [{FAAB3F45-15BA-442C-B926-BB1CFFCF2124}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{243C3603-844F-4C92-8870-3BFD9B1BEDBB}] => (Allow) D:\Programs\Steam\Steam.exe
FirewallRules: [{72534F44-C789-447A-9732-866905A11746}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D07EB507-4344-4C9B-ADC3-F25121CAE88B}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{89C1F102-DAED-40E7-9E60-8BF31586E87C}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{EB84C45E-A501-4C7C-9C81-61C9B43A78C7}] => (Allow) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{70ED136F-D934-4203-8B00-EBE9E813EC4F}] => (Allow) H:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{043F22C9-3D05-4702-94B5-83D6D4706CEF}] => (Allow) H:\SteamLibrary\steamapps\common\The Witcher 3\bin\x64\witcher3.exe
FirewallRules: [{779B07EE-2FA0-4618-ABD6-00745748EB5B}] => (Allow) H:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{151298FA-BE85-4551-981D-F5AFF0C7DE64}] => (Allow) H:\SteamLibrary\steamapps\common\Life Is Strange\Binaries\Win32\LifeIsStrange.exe
FirewallRules: [{5888DE07-A1AA-4BDE-BF57-E5C571A17559}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{CDE4BE0C-0E93-4826-A28A-9C901B9C0133}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\This War of Mine.exe
FirewallRules: [{B35E2C7B-F909-485C-A69C-ADE634FAC284}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{38FFCDB9-0DCB-4E7A-A23A-48EC1A5B840E}] => (Allow) H:\SteamLibrary\steamapps\common\This War of Mine\Storyteller.exe
FirewallRules: [{2360F18C-8C8E-4F47-A3D4-425B81510932}] => (Allow) H:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{C9789B73-CFD2-4BC0-BC89-C8EE7D908FF7}] => (Allow) H:\SteamLibrary\steamapps\common\SUPERHOT\SUPERHOT.exe
FirewallRules: [{FC49070F-5FDB-4234-843B-5600679BF73B}] => (Allow) F:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{AD11315D-33F6-4637-82AD-E7793AC1F808}] => (Allow) F:\Games\The Crew (Worldwide)\TheCrew.exe
FirewallRules: [{5E1AC82E-AD2C-4285-BE4B-EDBBA5B1E836}] => (Allow) H:\SteamLibrary\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{7F715553-FD09-40D4-B918-6B46B948F941}] => (Allow) H:\SteamLibrary\steamapps\common\F.E.A.R. 3\F.E.A.R. 3.exe
FirewallRules: [{C35A98E9-BB18-41DE-9715-6C6E7C083072}] => (Allow) H:\SteamLibrary\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{E113E15A-489B-4244-8C15-DE2F507CD651}] => (Allow) H:\SteamLibrary\steamapps\common\FEAR Ultimate Shooter Edition\FEAR.exe
FirewallRules: [{7C314EEA-E84A-460C-B94F-955195B7B230}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ACAA0BAF-FF9A-4242-A4BF-BE471956E955}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{574F5A68-C7FC-4C1B-91E4-A5BDE63CF8A9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3C3AE875-699D-45D6-AE83-974F98C242BB}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8D26C63D-6AA6-49CD-80E9-D5BA9BD5F828}] => (Allow) I:\Games\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{1BA9D80D-9432-45D3-8806-0A67946445F6}] => (Allow) I:\Games\Steam\steamapps\common\Hitman™\Launcher.exe
FirewallRules: [{294FBA59-6CE2-4BF4-8FC2-86BA4C3CD38F}] => (Allow) I:\Games\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [{71D90140-EF1F-40D5-B80E-19CCF8FA3983}] => (Allow) I:\Games\Steam\steamapps\common\DOOM\DOOMx64.exe
FirewallRules: [TCP Query User{863A29BC-23D6-45DB-A418-EA9E5A390896}D:\programs\altium\dxp.exe] => (Block) D:\programs\altium\dxp.exe
FirewallRules: [UDP Query User{92047B1B-BD16-4F3E-B170-711F344EA367}D:\programs\altium\dxp.exe] => (Block) D:\programs\altium\dxp.exe
FirewallRules: [{0C1AB8F9-4778-40B3-96A1-486AB3F923B9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{ADAA8C40-6142-48D6-BECC-92225A111BA1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{1E39741F-C28B-4F32-91B8-335C2CAEC6A3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EACCD66A-2224-4159-A37B-5F73277AB303}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{4C0DEB67-DFA2-4B3B-8397-10BDCA6A6857}] => (Allow) I:\Games\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{B99BFA50-1C68-4ECC-B46B-0E0A71F052BF}] => (Allow) I:\Games\Steam\steamapps\common\DOOM 3 BFG Edition\Doom3BFG.exe
FirewallRules: [{B3886132-92B6-4CCF-9155-1E1B9B19403B}] => (Allow) D:\Programs\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{798C2EB8-6E0F-4942-87F3-A7673925FF31}] => (Allow) D:\Programs\Steam\steamapps\common\TheEvilWithin\EvilWithin.exe
FirewallRules: [{B8F991F1-3B34-4B1B-ACDD-E1E5D6CA12F5}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{1414331D-C47E-411F-A2BC-E4ACCB543BAC}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{04529D6F-4AC2-4C5C-9C34-20FDE3FB87A0}] => (Allow) I:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{836E4648-91DE-4625-A4CA-5EA3B2A9A4DC}] => (Allow) I:\Games\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{491C7DFC-FF42-489E-AB05-36BEAE4C8D61}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
FirewallRules: [{2EC81DA8-69F7-44AC-A969-376C64FF0CFF}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{C16EBEA5-C50D-4439-AAD4-27FF98CAEAF1}] => (Allow) D:\Programs\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{7DC2E662-0E9D-40E9-B3A5-1EABC599A07A}] => (Allow) I:\Games\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [{96BAE599-96E3-43FC-99BB-EDDCB7653D31}] => (Allow) I:\Games\Steam\steamapps\common\mirrors edge\Binaries\MirrorsEdge.exe
FirewallRules: [TCP Query User{1C8F6E1E-D4CA-4DBB-B04F-4F118FAFC386}D:\programs\altium\ad17\dxp.exe] => (Allow) D:\programs\altium\ad17\dxp.exe
FirewallRules: [UDP Query User{6F48A20F-F3EE-4C03-ADEF-B628C337F02E}D:\programs\altium\ad17\dxp.exe] => (Allow) D:\programs\altium\ad17\dxp.exe
FirewallRules: [{8CFD0B45-98A9-46EE-BE85-E1084B565286}] => (Allow) D:\Programs\Steam\steamapps\common\Hitman GO\HitmanGo.exe
FirewallRules: [{BB35EFF7-CE88-46CD-958D-117114AE780C}] => (Allow) D:\Programs\Steam\steamapps\common\Hitman GO\HitmanGo.exe
FirewallRules: [{033C7ECB-BEA4-4275-8441-3CB7D00BF98A}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{0AF2C5D0-E0C6-4951-AC6A-36D1AE81B5D7}] => (Allow) I:\Games\Steam\steamapps\common\Dishonored2\Dishonored2.exe
FirewallRules: [{09F98C06-5433-4828-AD68-3F4BC820DBD5}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{3B6DA8FF-B5D5-4245-B674-8E6215E19440}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{F818E25D-273A-489F-B555-CE9BEE4AF8C2}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{D50F8D53-AEE5-4FED-A965-AC3F23498D0A}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{3A13B96D-578F-4BA5-964C-13923A8BC001}] => (Allow) D:\Programs\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BCF755E3-AFDE-4CBB-8C23-9EFD3F193DE9}] => (Allow) D:\Programs\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [TCP Query User{02FD20CB-33F4-4265-8A29-18C68B580890}C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [UDP Query User{E99049C8-84E9-4463-B540-B54505A762D4}C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe] => (Block) C:\users\michael\appdata\local\cloudstation\cloudstation.app\bin\cloud-drive-connect.exe
FirewallRules: [{08C7B5C2-59FF-40D4-ACFF-4058D7A9A4E7}] => (Allow) C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe
FirewallRules: [{99F00DF3-3245-4980-80DB-6D5912FCA1ED}] => (Allow) C:\Program Files (x86)\AnvSoft\Syncios Data Transfer\SynciosTransfer.exe
FirewallRules: [{64AFFE18-8C36-410F-8480-2D0A647FD66A}] => (Allow) D:\Programs\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{FD41FED3-E906-4E46-A921-A168C47DA7F0}] => (Allow) D:\Programs\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{95AA1533-0445-4233-B590-AFC843BB03EE}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win8.exe
FirewallRules: [{09A276AB-5706-47E6-9A18-0608EB3B0B22}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win8.exe
FirewallRules: [{93584101-2795-4F70-9393-89B25039DB9B}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win7.exe
FirewallRules: [{9FC8EB2E-DDDE-4939-9204-5ECAE7CD46B0}] => (Allow) D:\Programs\Steam\steamapps\common\Batman The Telltale Series\Batman_win7.exe
FirewallRules: [{7317A101-1F03-41FB-933B-EAE59F1EDEB4}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0A6B5AC1-234D-4305-A659-166EAF6B0F4A}] => (Allow) D:\Programs\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [{C79C37C6-8DE9-4CFA-BC5A-807CE64F0F3D}] => (Allow) D:\Programs\Steam\steamapps\common\Sword With Sauce Alpha\SwordWithSauce.exe
FirewallRules: [TCP Query User{519FAD81-CDE7-443F-A175-7462F0D00172}D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe] => (Allow) D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe
FirewallRules: [UDP Query User{11E8EF7A-EC5C-4AD1-89C5-234514BC4028}D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe] => (Allow) D:\programs\steam\steamapps\common\sword with sauce alpha\swordwithsauce1_5\binaries\win64\swordwithsauce1_5-win64-shipping.exe
FirewallRules: [{D1D00F8C-9527-463C-A07F-01C39AEB67E7}] => (Allow) I:\Games\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{A1E9EEB6-CC41-49D7-8B2E-8448B0C5D87A}] => (Allow) I:\Games\Steam\steamapps\common\Prey\Binaries\Danielle\x64\Release\Prey.exe
FirewallRules: [{89E16C7C-CDA4-456C-B018-34CB91C21B85}] => (Allow) I:\Games\Steam\steamapps\common\Redie\launcher.exe
FirewallRules: [{92955C8D-89A5-408A-B543-558C9C4DEE19}] => (Allow) I:\Games\Steam\steamapps\common\Redie\launcher.exe
FirewallRules: [{8AB9ECA7-42BF-4D96-B737-2D4FF4C69B19}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{144D07F9-DFB1-48E3-99CD-EA0FC83788F7}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{6F75BCDF-C62E-44E8-AD11-39FCFF1795BF}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{65DB9264-7C95-4F8B-8E17-F0340BBBE7D2}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9C4E4CA7-56A9-468B-8E16-90CAF993B0B8}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{0BD09A37-030D-424B-9109-C322EE3FE282}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{10012684-2306-4C20-A2B1-6A48A8C78910}] => (Allow) C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\FFNativeMessage.exe
FirewallRules: [{92FBBED3-8A4F-462C-AD56-9843EA4105EB}] => (Block) LPort=445
FirewallRules: [{147818E4-58BD-442F-B55D-3FA319DFE9B2}] => (Block) LPort=445
StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [d:\Programs\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: USB Touchpanel
Description: USB Touchpanel
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Description: Unbekanntes USB-Gerät (Fehler beim Anfordern einer Gerätebeschreibung.)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard-USB-Hostcontroller)
Service: 
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 


==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2017 10:25:39 PM) (Source: Microsoft-Windows-WMI) (EventID: 24) (User: NT AUTHORITY)
Description: Vom Ereignisanbieter "VmmsWmiEventProvider" wurde versucht, die Abfrage "SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA "Msvm_ContainerSystem"" zu registrieren, deren Zielklasse "Msvm_ContainerSystem" im Namespace "//./root/virtualization/v2" nicht vorhanden ist. Die Abfrage wird ignoriert.

Error: (05/22/2017 09:13:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (05/22/2017 08:42:15 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "c:\program files (x86)\adobe\adobe creative cloud\utils\Creative Cloud Uninstaller.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile .
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_89c2555adb023171.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.953_none_42151e83c686086b.manifest.

Error: (05/22/2017 08:41:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\signtool.exe.Manifest".
Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2017 08:41:28 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm\signtool.exe.Manifest".
Die abhängige Assemblierung "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2017 08:40:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\oleview.exe".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2017 08:40:10 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Kits\10\bin\arm64\filetypeverifier.exe".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2017 08:38:08 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "D:\Programs\Microsoft Visual Studio 14.0\VC\redist\1033\vcredist_arm.exe".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2017 08:37:09 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\14.0\Debugger\target\armv4i\vsgraphicsremoteengine.exe".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (05/22/2017 08:36:34 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" in Zeile  1.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition: UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (05/22/2017 10:25:52 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (05/22/2017 10:25:34 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.

Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/22/2017 10:24:10 PM) (Source: DCOM) (EventID: 10010) (User: Phantom)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/22/2017 10:24:09 PM) (Source: DCOM) (EventID: 10010) (User: Phantom)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/22/2017 10:24:09 PM) (Source: DCOM) (EventID: 10010) (User: Phantom)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (05/22/2017 08:29:20 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
         

Alt 22.05.2017, 22:48   #5
rilkar
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Standard

Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?



Code:
ATTFilter
Error: (05/22/2017 08:29:03 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "NetTcpActivator" ist vom Dienst "NetTcpPortSharing" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.


CodeIntegrity:
===================================
  Date: 2017-05-21 21:49:05.061
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 21:49:02.210
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 16:46:24.223
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-21 16:46:24.221
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-21 16:46:24.219
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-21 16:46:24.218
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-05-21 13:57:12.067
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 13:53:16.645
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 13:53:14.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume1\Windows\System32\nvspcap64.dll that did not meet the Store signing level requirements.

  Date: 2017-05-21 13:41:55.380
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz
Percentage of memory in use: 25%
Total physical RAM: 32663.03 MB
Available physical RAM: 24185.21 MB
Total Virtual: 33663.03 MB
Available Virtual: 23390.02 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.35 GB) (Free:7.84 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:1863.01 GB) (Free:14.56 GB) NTFS
Drive e: (Games) (Fixed) (Total:48.83 GB) (Free:22.54 GB) NTFS
Drive f: (Daten) (Fixed) (Total:368.1 GB) (Free:291.41 GB) NTFS
Drive g: (Games2) (Fixed) (Total:50 GB) (Free:5.96 GB) NTFS
Drive h: (Multimedia) (Fixed) (Total:931.51 GB) (Free:225.6 GB) NTFS
Drive i: (Downloads) (Fixed) (Total:1813.01 GB) (Free:97.21 GB) NTFS
Drive n: (BIRD_OF_PREY_VOL_01) (CDROM) (Total:7.11 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 11F42019)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 6FD9C0EF)
Partition 1: (Not Active) - (Size=50 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1813 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: 4832A475)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: BBA2BBA2)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=48.8 GB) - (Type=42)
Partition 3: (Not Active) - (Size=416.9 GB) - (Type=42)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 4EC3CCFA)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================
         


Alt 24.05.2017, 23:02   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Standard

Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?



hi,

Zitat:
habe ich Malwarebytes und Avira ausgeführt, diese haben einige unbedeutende Malwares gefunden
die Logs sind bitte wo?

Bitte nachreichen. In code-tags.
__________________
--> Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?

Alt 25.05.2017, 10:16   #7
rilkar
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Standard

logs malware+virenscanner



Die Logfiles sind im Anhang.

Gestern konnte ich folgendes Verhalten feststellen:
wenn das Problem auftritt
- stürzt Chrome ab, der Task lässt sich nicht mehr beenden
- aktionen wie das öffnen des taskmanagers oder des startmenus gehen nicht mehr

Ich hatte zum Glück schon einen Taskmanager geöffnet und habe dann wahllos Prozesse abgeschossen und irgendwann lief das System und die Internetverbindung wieder.

Ich versuche beim nächsten Auftreten systematischer vorzugehen um den Übeltäter zu identifizieren.
Angehängte Dateien
Dateityp: rar AVSCAN-20170522-235937-6711C8D6.rar (51,1 KB, 4x aufgerufen)
Dateityp: txt malwarebytes.txt (11,6 KB, 130x aufgerufen)

Alt 26.05.2017, 07:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Standard

Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?
adobe, antivir, avg, avira, bho, bonjour, browser, defender, desktop, excel, explorer, firefox, google, hijack, internet explorer, logfile, malware, nvidia, opera, security, server, software, system, usb, windows



Ähnliche Themen: Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?


  1. Infektion? DNS nach einigen Stunden nicht mehr erreichbar
    Log-Analyse und Auswertung - 29.05.2017 (9)
  2. Offtopic zu " Keine WLAN verbindung mehr möglich nach Update auf Windows 10 1703! Schreibe vom Handy!"
    Mülltonne - 22.04.2017 (14)
  3. Offtopic2 zu " Keine WLAN verbindung mehr möglich nach Update auf Windows 10 1703! Schreibe vom Handy!"
    Mülltonne - 21.04.2017 (0)
  4. Windows 8, Firefox: immer wieder "Webseite nicht gefunden", "sichere Verbindung fehlgeschlagen"
    Alles rund um Windows - 28.06.2016 (33)
  5. Nach Photo Transfer mit "MPE" nach"D", auf "C" ca. 5GB verloren? Rest: 5,6GB auf "C"!
    Alles rund um Windows - 17.04.2016 (21)
  6. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  7. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  8. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  9. "Explorer.exe" stürzt nach start von Windows 7 ab
    Log-Analyse und Auswertung - 15.10.2012 (1)
  10. Weißer Bildschirm, "Bitte warten, Verbindung wird hergestellt", Bluescreen nach Boot-CD
    Plagegeister aller Art und deren Bekämpfung - 21.06.2012 (22)
  11. Weißer Bildschirm nach Start mit Melsung "Warten Sie während die Verbindung hergestellt wird" / WinX
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  12. Win Xp nach hochfahren weißer Bildschirm " Verbindung wird hergestellt"
    Plagegeister aller Art und deren Bekämpfung - 13.05.2012 (6)
  13. Win Xp nach hochfahren weißer Bildschirm " Verbindung wird hergestellt"
    Plagegeister aller Art und deren Bekämpfung - 04.05.2012 (9)
  14. Windows hängt nach mehreren "Stunden" beim öffnen/schließen von......
    Alles rund um Windows - 22.04.2011 (6)
  15. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  16. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  17. "Suchseite kann nicht geöffnet werden" nach einigen Minuten
    Log-Analyse und Auswertung - 01.02.2005 (7)

Zum Thema Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? - Hallo zusammen, ich habe folgendes Problem. Nach 1-2h stürzt bei meinem PC jeweils Chrome ab und es lassen sich auch keine weiteren Browser mehr öffnen. Dabei kann ich auch jeweils - Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware?...
Archiv
Du betrachtest: Verbindung zu DNS "stürzt" nach einigen Stunden ab -> Malware? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.