Plotzliches schließEn aller Anwendungen wenn Chrome Browser geöffnet! PANIK

woteva · 18.07.2017, 17:32

Nichtsahnend beim surfen begannen sich auf einmal alle Anwendungen die unten rechts in der Taskleiste zu sehen sind zu schließen. Ob insgesamt ALLE anwendungen sich so stück für stück geschlossen hätten, kann ich nicht sagen. Als ich den Browser in Panik schloss mit der absicht den computer schnell herunterzufahren, hörte das plötzlich auf. als ich Ihn wieder öffnete ging es weiter :S . Das erste seltsame war dass plötzlich die internetseiten nicht mehr erreicht wurden mit dem chrom browser (habe den chrome gestern erst auf aktualität überpfrüft). es war aber keine DNS fehlermeldung oder sowas, ich kann mich nicht mehr erinnern, was dort stand (ich glaube sowas ähnliches wie "page couldnt be reached", aber es sah so aus als sei es keine offizielle fehlermeldung, wenn ich es mir ins gedächtnis zurückrufe. weiß es aber nicht sicher. Auch hat die angesurfte seite sehr lange geladen bevor die meldung kam. was ich auch seltsam fand die letzten tage war dass meine geräte, tablets, smartphone, computer alle unterschiedliche IP adressen zu haben schienen (das tablet eine ganz komische ellenlange, mit doppelpunkten und buchstaben). zumindest laut wieistmeineip.de. Obwohl alle am selben router hängen. avira ist in der free version und auf dem neuesten stand gewesen und gestern erst habe ich einen tiefenscan vollzgen ohne ergebnisse. mir kamen auch phising nachrichten durch den slack bot ins email fach, weil ich dort in einer gruppe bin. das problem war mir bekannt, habe aber, soweit ich das nachvollziehen kann, nie einen verseuchten link geklickt. Ich muss zugeben in den letzten tagen war ich viel in der crypto currency welt unterwegs um mich schlau zu machen etc. Da gibt es scams an jeder ecke, vielleicht habe ich mir dabei etwas eingefangen?

schnell getippt und in panik, dankbar für jede Hilfe,
woteva

P.S: jetzt ist der betroffene computer noch immer an und avira macht einen weiteren scan, dauert noch ca eine halbe stunde. auch benutze ich nun einen laptop im selben netzwerk/router. Alle meine Geräte könnten befallen sein, richtig?

AH JA! und noch was: seit wochen/monaten öffnet sich gelegentlich das DVD laufwerk einfach so ohne unerkennbaren Grund von selbst.
EDIT der betroffene computer läuft auf windows 10. Ich glaube auf dem neuesten stand, bin mir aber nicht sicher.
EDITEDIT: windows updatestatus ist auf dem neuesten stand, letzte überprüfung um 10:40 Uhr

EDITEDITEDIT habe jetzt die email von trojaner board bezüglich log files erstellung etc bekommen. stoppe ich nun den avira scan und beginne damit? Ich traue mich im moment nicht mal am womöglich infizierten computer einen webbrowser zu öffnen, wegen der beschriebenen thematik. Ich bin anstrengend, ich weiß, bitte habt Nachsicht

Beruhige mich langsam, wenn jemand meine Daten wollte, hat er sie jetzt wahrscheinlich eh schon denke ich ich mal... oooh maaan! Ich bin erledigt

M-K-D-B · 18.07.2017, 18:45

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support unterbrechen bis jegliche Art von illegaler Software vom Rechner entfernt wurde.
Lies dir meine Anleitungen immer sorgfältig durch, arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste immer alle Logdateien (auch wenn nichts gefunden wurde). Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo. Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Während der Bereinigung bitte nichts installieren oder deinstallieren, außer ich bitte dich darum!
Außerdem bitte ich dich, nicht eigenmächtig irgendwelche Sicherheitsprogramme auszuführen und damit deinen Rechner zu überprüfen/bereinigen, da ich so leicht den Überblick verlieren kann.
Außerdem hättest du dir das Eröffnen eines Themas in diesem Fall auch gleich sparen können, wenn du dann doch wieder alleine rumhantierst.
Bitte beachten: Download bei filepony.de: So ladet Ihr unsere Tools richtig!
Alle zu verwendenen Programme sind auf dem Desktop ( C:\users\dein Benutzername\Desktop\ ) abzuspeichern und von dort als Administrator zu starten!
Einige Programme, die wir hier verwenden, können unter Umständen von deinem Antiviren- oder Anti-Malwareprogramm fälschlicherweise als Bedrohung eingestuft werden. Die Sicherheitsprogramme können aufgrund eines bestimmten Programmverhaltens nicht zwischen "gut" oder "böse" unterscheiden und schlagen Alarm. Dabei handelt es sich um Fehlalarme, welche du getrost ignorieren kannst. Gegebenenfalls musst du deine Sicherheitssoftware vor der Ausführung eines Programms deaktivieren, damit unsere Bereinigungsvorgänge nicht beeinträchtigt werden.
Sollten die Logdateien einmal die zulässige Länge (~ 120.000 Zeichen) überschreiten, so teile die Logdateien auf mehrere Posts auf.
Zur Not kannst du die Logdateien dann auch zippen (in ein .zip Archiv packen) und als Anhang hochladen.
Bitte arbeite so lange mit mir zusammen, bis ich dir sage, dass wir fertig sind und dein Rechner "sauber" ist. Das vorzeitige Verschwinden von Symptomen heißt nicht automatisch, dass dein Rechner bereits vollständig sauber ist.
In der Regel antworte ich dir innerhalb von 24 Stunden, oft sogar wesentlich schneller.
Jedoch habe auch ich einen normalen Beruf und Familie. Ich bin daher nicht jeden Tag stundenlag hier im Forum unterwegs. Es kann unter Umständen bis zu 2 Tage dauern, bis du eine Antwort von mir erhältst. Sollte diese Zeit überschritten sein, so kannst du mir gerne eine PM als Erinnerung schicken.

Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke aauf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Danke für deine Mitarbeit!

Schritt 1
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Schritt 2
Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die Logdatei von TDSS-Killer,
die beiden neuen Logdateien von FRST.

woteva · 18.07.2017, 19:10

Hallo Matthias, ich dachte schon mein Panik Post würde mangels Formatierung abgelehnt werden. Vielen Dank für die Nachsicht!

Ich verstehe nicht, wie ich dir die Logfiles schicken soll, ohne einen Browser am betroffenen Computer zu öffnen. Ich benutze hierfür einen USB Stick und transferriere die Programme zum betroffenen Computer, und die Ergebnisse dann wieder zurück zum Laptop um sie von dort aus zu posten? Könnte sich damit der USB Stick auch infizieren und somit der Laptop, wenn ich diesen dann anschließend an diesem verwende? Das mache ich auf eigene Gefahr und muss mich wohl selbst entscheiden ob ich das riskieren möchte? Oder mache ich mir da zu viele Gedanken? Ich habe den betroffenen Computer nun vorerst vom Internet getrennt. Was meinst du, lieber wieder ans Internet dranhängen und mal den Edge Browser probieren um weiter mit dir hier zu kommunizieren / besagte Programme runterzuladen oder doch eher die USB Variante? Danke vielmals nochmal!

Was mich auch wundert ist ob die Gefahr besteht dass ich den betroffen Computer nach dem runterfahren womöglich auch nicht mehr hoch fahren könnte. Lasse ich Ihn also die nächsten Tage bis wir das ausgedudelt haben besser an / maximal im Stand By Modus? Der Avira Scan ist nun übrigens abgeschlossen und hat nur 2 mögliche Archivbomben ausgespuckt.

M-K-D-B · 18.07.2017, 19:14

Servus,

versuchs am infizierten Rechner mal mit einem anderen Browser, z. B. Edge.

Wenn du dort das gleiche Problem hast, dann mach alles über USB-Stick.

Und komm mal runter... ich weiß, dass man bei sowas aufgeregt ist, aber das bringt keinem was.

woteva · 18.07.2017, 20:14

Keine Probleme mit Edge soweit. Habe meinen Router auch mal "restarted" bevor ich den Computer wieder an das Netz gehangen habe, falls das von Bedeutung ist. Im Task Manager unter Status sind übrigens etlcihe beendete Prozesse aufgelistet.

FRST

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-07-2017
Ran by yuk (administrator) on MEISFIT (18-07-2017 20:48:00)
Running from C:\Users\yuk\Downloads
Loaded Profiles: yuk (Available Profiles: yuk)
Platform: Windows 10 Pro Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Excel_17.8269.50431.0_x64__8wekyb3d8bbwe\xlim.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41225.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41225.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeApp.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [97512 2017-06-13] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [918008 2017-07-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [BingSvc] => C:\Users\yuk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Google Update] => C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Writefull] => C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe [64315392 2017-03-24] (ThinqLab)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Discord] => C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-09-12]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-20]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
GroupPolicy: Restriction - Chrome <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d5ffb703-501b-4fdb-82da-cc5480365edb}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-01] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-01] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 3qisvbq9.default
FF DefaultProfile: xqo7hp7f.default
FF DefaultProfile: witxcj5b.default
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928\Profiles\3qisvbq9.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66\Profiles\xqo7hp7f.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default [2016-05-14]
FF user.js: detected! => C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\user.js [2015-11-15]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\witxcj5b.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\witxcj5b.default -> startpage.com
FF Extension: (Avira Browser Safety) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\abs@avira.com [2016-04-21]
FF Extension: (Lightbeam) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-10-05]
FF Extension: (S3.Google Translator) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\s3google@translator.xpi [2015-10-08]
FF Extension: (WOT) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10]
FF Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-images.xml [2015-10-12]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-maps.xml [2015-10-12]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\search-provided-by-yahoo.xml [2015-11-15]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/O1DPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=3 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=9 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default [2017-07-18]
CHR Extension: (Google Präsentationen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15]
CHR Extension: (Google Docs) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-15]
CHR Extension: (Readlang) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-11-15]
CHR Extension: (Google Drive) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-06-24]
CHR Extension: (YouTube) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google-Suche) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Bliu Bliu) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmhflbdkpnkjpomcjofacekggdgmlfh [2015-11-15]
CHR Extension: (Byrd IRC client) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\endimfdcgfnlmoankhocnkhgohmoecoi [2017-06-27]
CHR Extension: (Google Tabellen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15]
CHR Extension: (HTTPS Everywhere) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (AdBlock) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (Avast Online Security) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-08]
CHR Extension: (MetaMask) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2017-07-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Google Mail) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Buffer) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbbfjmllpkjhkmljjeahemghjhkecfae [2017-07-16]
OPR Extension: (Translator) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2016-12-14]
OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2017-03-18]
OPR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1128432 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [490968 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [490968 2017-07-12] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1524216 2017-07-12] (Avira Operations GmbH & Co. KG)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [377976 2017-06-13] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [60920 2017-06-14] (Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [167504 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [164824 2017-06-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44488 2017-03-22] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [88488 2017-03-22] (Avira Operations GmbH & Co. KG)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-05-19] (Disc Soft Ltd)
S3 gbxavs; C:\WINDOWS\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\WINDOWS\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TASCAM_US122144; C:\WINDOWS\System32\Drivers\tascusb2.sys [409664 2010-06-18] (TASCAM)
S3 TASCAM_US122L_WDM; C:\WINDOWS\system32\drivers\tscusb2a.sys [50240 2010-06-18] (TASCAM)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 X6va060; C:\WINDOWS\SysWOW64\Drivers\X6va060 [21208 2015-11-21] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 20:48 - 2017-07-18 20:48 - 00024832 _____ C:\Users\yuk\Downloads\FRST.txt
2017-07-18 20:47 - 2017-07-18 20:48 - 00000000 ____D C:\FRST
2017-07-18 20:46 - 2017-07-18 20:46 - 02435584 _____ (Farbar) C:\Users\yuk\Downloads\FRST64.exe
2017-07-18 18:54 - 2017-07-18 18:54 - 00000000 ____D C:\Users\yuk\Documents\FeedbackHub
2017-07-18 16:35 - 2017-07-18 16:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignd320c6188b0c3a3e
2017-07-18 15:41 - 2017-07-18 17:14 - 00000484 _____ C:\Users\yuk\Desktop\blogging IDeas.txt
2017-07-18 10:52 - 2017-07-18 10:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignef9162340afc81e7
2017-07-18 03:58 - 2017-07-18 03:58 - 00001666 _____ C:\Users\yuk\Desktop\VINIPOARS.txt
2017-07-18 01:25 - 2017-07-18 01:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign8d0021bddd45850f
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndbdfcd33d6e8acea
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb641b4b9cbdaa7f3
2017-07-17 23:34 - 2017-07-17 23:36 - 00014330 _____ C:\Users\yuk\Desktop\recapNeverdieDiscord.txt
2017-07-17 19:03 - 2017-07-17 23:34 - 00007466 _____ C:\Users\yuk\Desktop\sttembloggentry.txt
2017-07-17 18:51 - 2017-07-17 18:51 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne70c98b4cd02912f
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf4200db89f9632ff
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna93330d847d30df6
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna659908c3c042600
2017-07-17 14:36 - 2017-07-17 14:36 - 00182700 _____ C:\Users\yuk\Desktop\MEWwallet.pdf
2017-07-15 01:26 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Chaincoin
2017-07-15 01:26 - 2017-07-15 01:26 - 00000000 ____D C:\Users\yuk\Desktop\ChaincoinWallet
2017-07-15 00:11 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Sia-UI
2017-07-15 00:11 - 2017-07-15 00:11 - 00000000 ____D C:\Users\yuk\Desktop\Sia
2017-07-13 21:55 - 2017-07-13 21:55 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign22b248e799dcec20
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb3c26d14701f90fd
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign18d4b9f127dffb93
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignc5fa6dc60df608fe
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign930cff8b7f6e3f4e
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign10ab782c206575ee
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndf8526185b5d544d
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95dd2b0ed413f2c2
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign1298faa7ae0ffb34
2017-07-12 18:58 - 2017-07-07 09:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 18:58 - 2017-07-07 09:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 09:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 09:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 18:58 - 2017-07-07 09:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 18:58 - 2017-07-07 09:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 18:58 - 2017-07-07 08:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 18:58 - 2017-07-07 08:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 18:58 - 2017-07-07 08:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 18:58 - 2017-07-07 08:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 18:58 - 2017-07-07 08:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 18:58 - 2017-07-07 08:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 18:58 - 2017-07-07 08:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 18:58 - 2017-07-07 08:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 18:58 - 2017-07-07 08:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 18:58 - 2017-07-07 08:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 18:58 - 2017-07-07 08:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 18:58 - 2017-07-07 08:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 18:58 - 2017-07-07 08:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 18:58 - 2017-07-07 08:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 18:58 - 2017-07-07 08:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 18:58 - 2017-07-07 08:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 18:58 - 2017-07-07 08:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 18:58 - 2017-07-07 08:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 18:58 - 2017-07-07 08:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 18:58 - 2017-07-07 08:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 18:58 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 18:58 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 18:58 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 18:58 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 18:58 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 18:58 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 18:58 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 18:58 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 18:58 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 18:58 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:58 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 18:58 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 18:58 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 18:58 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 18:58 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 18:58 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 18:57 - 2017-07-07 16:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 18:57 - 2017-07-07 09:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 18:57 - 2017-07-07 09:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 18:57 - 2017-07-07 09:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 18:57 - 2017-07-07 09:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 18:57 - 2017-07-07 09:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 18:57 - 2017-07-07 09:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 18:57 - 2017-07-07 09:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 18:57 - 2017-07-07 09:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 18:57 - 2017-07-07 09:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 18:57 - 2017-07-07 09:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 18:57 - 2017-07-07 09:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 18:57 - 2017-07-07 09:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 18:57 - 2017-07-07 09:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 18:57 - 2017-07-07 09:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 18:57 - 2017-07-07 08:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 18:57 - 2017-07-07 08:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 18:57 - 2017-07-07 08:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 18:57 - 2017-07-07 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 18:57 - 2017-07-07 08:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 18:57 - 2017-07-07 08:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 18:57 - 2017-07-07 08:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 18:57 - 2017-07-07 08:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-07 08:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 18:57 - 2017-07-07 08:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 18:57 - 2017-07-07 08:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 18:57 - 2017-07-07 08:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 18:57 - 2017-07-07 08:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 18:57 - 2017-07-07 08:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-02 00:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 18:57 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 18:57 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 18:57 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 18:57 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 18:57 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 18:57 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 18:57 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 18:57 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 18:57 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 18:57 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 18:57 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 18:57 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 18:57 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 18:57 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 18:57 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 18:57 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 18:57 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 18:57 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 18:57 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 18:57 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 18:57 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 18:57 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 18:57 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 18:57 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 18:57 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 18:57 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 18:57 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 18:57 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 18:57 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 18:57 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 18:57 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 18:57 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 18:57 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 18:57 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-12 01:28 - 2017-07-12 01:28 - 00001209 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2017-07-11 15:25 - 2017-07-11 15:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign691e163531e0b57f
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf7398b9b18fb737a
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign3fedaf8a159f6dbe
2017-07-09 22:31 - 2017-07-09 22:31 - 00280758 _____ C:\Users\yuk\Desktop\Guide-to-Crushing-ICOs (1).pdf
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignbd8d4b30cc7b0a63
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign803a511bf64b2a7b
2017-07-07 08:25 - 2017-07-07 08:25 - 00281255 _____ C:\Users\yuk\Desktop\2016-06-21-dao-meetup.pdf
2017-07-07 06:34 - 2017-07-07 06:34 - 01678520 _____ C:\Users\yuk\Desktop\Swarmwise-2013-by-Rick-Falkvinge-v1.1-2013Sep01.pdf
2017-07-07 03:57 - 2017-07-07 03:57 - 02581058 _____ C:\Users\yuk\Desktop\Ian Balina - Hacking Venture Capital.pdf
2017-07-05 18:48 - 2017-07-05 18:48 - 00000017 _____ C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-07-05 18:47 - 2017-07-05 18:47 - 00000000 ____D C:\Users\yuk\Desktop\NiceHash
2017-07-03 15:42 - 2017-07-03 15:42 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign9a5c28e1286a561b
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95814f4f98e5fd87
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign15bb920bdd8542bc
2017-06-30 22:40 - 2017-06-30 22:40 - 03969909 _____ C:\Users\yuk\Desktop\NDC-TPT-ICO-Whitepaper-v-1-eng.pdf
2017-06-30 17:01 - 2017-07-14 14:21 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-06-28 23:14 - 2017-06-28 23:14 - 00000222 _____ C:\Users\yuk\Desktop\Turok Dinosaur Hunter.url
2017-06-28 14:45 - 2017-07-02 08:23 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-07-02 08:23 - 00000749 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-06-28 14:45 - 00004140 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 14:45 - 2017-06-28 14:45 - 00003962 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 13:44 - 2017-06-28 13:44 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 13:44 - 2017-06-28 13:44 - 00002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign71509ec51adf90ba
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign04fd5c63b38afe12
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign657c088acb6bcc64
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign32243907df5452f1
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne004f0bca1bc0d05
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign84f89191745e24b1
2017-06-27 18:48 - 2017-07-01 06:13 - 00000000 ____D C:\Users\yuk\AppData\Roaming\discord
2017-06-27 18:48 - 2017-06-27 18:48 - 00002260 _____ C:\Users\yuk\Desktop\Discord.lnk
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\SquirrelTemp
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\Discord
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigned85db22ba142d9b
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign74db16fde766e162
2017-06-27 17:53 - 2017-06-27 17:53 - 00000207 _____ C:\Users\yuk\Desktop\Parity.txt
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign87161b0f3dc7f63e
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign5568de062ffd86c3
2017-06-25 18:06 - 2017-06-25 18:06 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-25 18:06 - 2017-06-25 18:06 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-06-24 12:13 - 2017-06-24 12:13 - 00000000 ____D C:\Users\yuk\.ethash
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Local\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Program Files\Ethcore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-18 20:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-18 20:16 - 2017-05-14 11:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 17:56 - 2015-05-19 18:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 17:23 - 2017-05-14 12:05 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{943D6DCB-B6A4-4FD7-980C-69A4C8DFD8CE}
2017-07-18 16:54 - 2017-04-01 15:51 - 00005410 _____ C:\Users\yuk\Desktop\blogPost_1.txt
2017-07-18 16:48 - 2015-09-04 15:51 - 00000000 ___RD C:\Users\yuk\Creative Cloud Files
2017-07-18 16:28 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-18 16:28 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-18 04:27 - 2017-03-28 18:15 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Writefull
2017-07-18 02:00 - 2015-05-24 12:45 - 00000000 ____D C:\Users\yuk\AppData\Local\Adobe
2017-07-17 18:49 - 2015-06-16 13:06 - 00000000 ____D C:\AdwCleaner
2017-07-17 16:00 - 2016-10-22 16:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-17 09:47 - 2017-05-14 21:43 - 00889224 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-17 09:47 - 2017-05-14 21:43 - 00189856 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-17 09:47 - 2017-05-14 21:41 - 00850718 _____ C:\WINDOWS\system32\perfh00A.dat
2017-07-17 09:47 - 2017-05-14 21:41 - 00194366 _____ C:\WINDOWS\system32\perfc00A.dat
2017-07-17 09:47 - 2017-05-14 12:07 - 03078116 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-17 03:04 - 2017-05-14 12:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-17 03:04 - 2017-05-14 11:53 - 04918192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-17 03:04 - 2017-03-18 13:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-07-17 03:04 - 2015-07-28 20:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-17 02:23 - 2015-05-19 21:16 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Skype
2017-07-16 22:39 - 2017-04-01 17:06 - 00003635 _____ C:\Users\yuk\Desktop\MindTrick1.txt
2017-07-16 21:19 - 2015-09-19 09:35 - 00000000 ___RD C:\Users\yuk\OneDrive
2017-07-16 19:47 - 2015-06-16 15:19 - 00000033 _____ C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2017-07-15 15:24 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 14:21 - 2017-05-14 12:05 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432754114
2017-07-14 14:21 - 2015-05-27 21:14 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-13 10:26 - 2015-09-10 07:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-13 10:24 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-13 01:11 - 2015-09-19 09:32 - 00000000 ____D C:\Users\yuk\AppData\Local\Comms
2017-07-13 01:05 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Local\Packages
2017-07-12 22:40 - 2016-04-21 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2017-07-12 22:20 - 2017-04-12 16:47 - 00000789 _____ C:\Users\yuk\Desktop\Neues Textdokument (2).txt
2017-07-12 19:03 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 19:02 - 2015-05-21 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 18:59 - 2015-05-21 18:26 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 17:48 - 2017-05-14 12:05 - 00004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-12 01:28 - 2015-05-20 06:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-11 15:47 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-08 05:06 - 2015-11-20 17:09 - 00000000 ____D C:\Users\yuk\AppData\Roaming\TS3Client
2017-07-08 00:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-07 08:41 - 2013-08-22 17:44 - 00395226 __RSH C:\bootmgr
2017-07-04 00:30 - 2017-05-14 11:57 - 00000000 ____D C:\Users\yuk
2017-06-30 16:47 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 16:47 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 16:01 - 2015-05-26 14:21 - 00000000 ____D C:\Program Files (x86)\Entropia Universe
2017-06-28 13:44 - 2015-05-19 18:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-27 17:45 - 2017-02-17 18:33 - 00000221 _____ C:\Users\yuk\Desktop\Neues Textdokument.txt
2017-06-25 18:06 - 2015-06-16 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-25 18:06 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Adobe
2017-06-19 23:39 - 2016-05-09 17:19 - 00000000 ____D C:\Users\yuk\AppData\Local\SecondLife

==================== Files in the root of some directories =======

2015-06-16 15:19 - 2017-07-16 19:47 - 0000033 _____ () C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 12:34 - 2015-07-30 09:33 - 0000301 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Login.ini
2015-05-24 12:34 - 2015-07-30 10:17 - 0001380 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Options.ini
2017-01-26 18:22 - 2017-01-26 18:36 - 0000200 _____ () C:\Users\yuk\AppData\Roaming\burnaware.ini
2017-07-05 18:48 - 2017-07-05 18:48 - 0000017 _____ () C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-05-14 11:55 - 2017-05-14 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-11 14:40

==================== End of FRST.txt ============================

--- --- ---

[/CODE]

-------------------
TDSS Killer hat eine Bedrohung gefunden. Suspicious, medium risk. Service: HiPatchService
--------------------
Laut

"Szenario 2:
TDSSKiller findet Rootkits
In diesem Fall bitte unbedingt die Anweisungen der Helfer beachten.
In der Regel wird nach dem ersten Scan immer "Skip" ausgewählt und mit "Continue" bestätigt.
Anschließend dem Helfer über "Report" den Scanbericht posten. "

D. h. ich warte jetzt ab was du in dem Fall möchtest? Wegen "In diesem Fall die Anweisungen der Helfer beachten".

woteva · 18.07.2017, 20:14

Addition:

FRST Additions Logfile:

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-07-2017
Ran by yuk (18-07-2017 20:48:37)
Running from C:\Users\yuk\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-14 10:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3843242997-120083883-219807361-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3843242997-120083883-219807361-503 - Limited - Disabled)
Guest (S-1-5-21-3843242997-120083883-219807361-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3843242997-120083883-219807361-1003 - Limited - Enabled)
yuk (S-1-5-21-3843242997-120083883-219807361-1001 - Administrator - Enabled) => C:\Users\yuk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {B3F630BD-538D-1B4A-14FA-14B63235278F}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {0897D159-75B7-14C4-2E4A-2FC449B26D32}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.8.3 - ASUSTek COMPUTER INC.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.36906368.36897376.36906376 - Audible, Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.28.28 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{661C79C2-D156-419C-81CA-D1A2523B0841}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG) Hidden
Avira Connect (HKLM-x32\...\{dd9049b8-31d1-40bd-8c8c-97a7b087a78f}) (Version: 1.2.91.10326 - Avira Operations GmbH & Co. KG)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
BurnAware Free 9.7 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
ComPet (HKLM\...\Steam App 532800) (Version:  - MindArk PE AB)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Endless Space (HKLM\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.2.3.128490 - MindArk PE AB)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Foxhole Pre-Alpha (HKLM\...\Steam App 506770) (Version:  - Clapfoot)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version:  - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version:  - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content (HKLM-x32\...\Native Instruments Maschine Factory Content) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content 1.5 (HKLM-x32\...\Native Instruments Maschine Factory Content 1.5) (Version:  - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version:  - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 46.0.2597.46 (HKLM-x32\...\Opera 46.0.2597.46) (Version: 46.0.2597.46 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{A3C03067-855A-4B5B-B08B-A1BFD68FCAF8}) (Version: 2.8.30000 - Polar Electro Oy)
Project Zomboid Demo (HKLM\...\Steam App 264910) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Ravenfield (HKLM\...\Steam App 636480) (Version:  - SteelRaven7)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.3.324435 - Linden Research, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
State of Decay: Year-One (HKLM\...\Steam App 329430) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version:  - Paradox Development Studio)
Stickman Fighter Epic Battle (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66) (Version: 10.1 - Playtouch)
Stickman School Run (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928) (Version: 10.2 - Playtouch)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Talos Principle (HKLM\...\Steam App 257510) (Version:  - Croteam)
The Witness (HKLM\...\Steam App 210970) (Version:  - Thekla, Inc.)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
TomTom Sports Connect (HKLM-x32\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Turok: Dinosaur Hunter (HKLM\...\Steam App 405820) (Version:  - Iguana Entertainment)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vuze Leap 1.3 (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 1.3 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Writefull 3.0.0-beta14-gem2 (only current user) (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\59079acb-34a2-5644-8b18-af99c519c5e8) (Version: 3.0.0-beta14-gem2 - ThinqLab)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-04A8CD363F3D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers01: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers06: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2017-07-12] (Avira Operations GmbH & Co. KG)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098F85FF-3BC6-4573-9031-5415D3288DCF} - System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {0B132F1D-9625-46B8-A4F6-B6B6EF2ECEE6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {0D3509DE-EEFE-4F7C-B1B8-75AA4F0609E6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {15D012F2-24D8-4E74-BDD4-C42CB0E50187} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {24F506CB-3D93-4F5D-97A2-17AA1900C850} - System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {2888D9A1-CCA5-4869-BE3A-45413E90E92B} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> No File <==== ATTENTION
Task: {28F95D74-D10F-4E79-9995-598EDFF9C7F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B92386C-8A30-4944-A66F-2112F0CF2666} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4ABACFDE-0F29-4669-A751-DAE7E17CBB3A} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Task: {4F6A5EB7-C215-4409-9EFA-11C3ECEB3305} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {5536D0E6-1A75-4D8D-AA28-AA848E6877EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56C94AE4-1DC1-4157-9D8F-C61BF10F2803} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {60F71DE3-2DFC-40FC-BD10-CDA6F1B71173} - System32\Tasks\Opera scheduled Autoupdate 1432754114 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-11] (Opera Software)
Task: {639B4B7D-238D-4859-B5CF-6E1EAD08C1F0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {6AA44469-83FD-453F-8C3C-754355F33176} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA1d2592aff96741f => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {7B64C888-F525-4974-8259-D16391269FCB} - System32\Tasks\EPSON XP-215 217 Series Invitation {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {7CDC4979-16DF-4E21-89E3-82259ACFFB95} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {83967500-6188-4FE7-826F-238C6D6381AC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-deckothewacko@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {9DED8FF7-C583-43B0-8BC7-DE6ADB01F0B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0471086-1550-45AF-98AD-74ED2ED9DFD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {A0DBF880-6708-43C3-965C-90C23D9FF71C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core1d2592aff90a792 => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {A4CC7612-9DC1-4569-91D9-27A3F02DBFE4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {A50B1430-E4AF-4D74-874E-EADE171889D9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-12] (Microsoft Corporation)
Task: {C7774F78-D1D5-4FEE-A219-91163C39301B} - System32\Tasks\EPSON XP-215 217 Series Update {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {CC5FC553-6AFE-490C-8E57-6979586AE2B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D801B8DD-5A63-4655-99F2-B7114D4965B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {E6519F44-A7C8-43DD-A0A3-279C2442E51B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {E8EDF9E6-2538-4D5F-890D-62A624B6FD88} - \WPD\SqmUpload_S-1-5-21-3843242997-120083883-219807361-1001 -> No File <==== ATTENTION
Task: {FFB80892-79A5-4CCC-9716-EE37D3A65641} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} /F:UpdateWORKGROUP\MEISFIT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} /F:UpdateWORKGROUP\MEISFIT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core.job => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA.job => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-04-15 22:13 - 2015-04-15 22:13 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2015-06-14 05:56 - 2015-08-21 20:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-05-23 10:36 - 2017-05-23 10:36 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-22 08:33 - 2017-06-22 08:33 - 00766464 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Vui.dll
2017-06-22 08:33 - 2017-06-22 08:33 - 10628608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2017-06-22 08:33 - 2017-06-22 08:33 - 02640384 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 13188800 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Excel_17.8269.50431.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 02538688 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Excel_17.8269.50431.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Docs.dll
2017-04-07 09:16 - 2017-04-07 09:18 - 01695440 _____ () C:\Program Files\WindowsApps\Microsoft.Office.Excel_17.8269.50431.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 00020480 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-07-15 15:11 - 2017-07-15 15:12 - 27590144 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 00428032 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.AGM.Native.Windows.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 20649984 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\PhotosApp.Windows.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 02305536 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 02856448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\AppCore.Windows.dll
2017-05-23 10:36 - 2017-05-23 10:36 - 03139496 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.UI.Xaml.dll
2017-06-03 13:59 - 2017-06-03 14:01 - 00046080 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.Edit.Services.dll
2016-10-23 14:56 - 2016-10-23 14:57 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-07-15 15:11 - 2017-07-15 15:12 - 01127936 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-05-09 16:12 - 2017-05-09 16:13 - 01062400 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-06-23 13:45 - 2017-06-23 13:46 - 01199816 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41225.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Word.dll
2017-06-23 13:45 - 2017-06-23 13:46 - 13207232 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41225.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
2017-07-18 16:26 - 2017-07-18 16:27 - 00074752 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-07-18 16:26 - 2017-07-18 16:27 - 00203264 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-07-18 16:26 - 2017-07-18 16:27 - 43573248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-07-18 16:26 - 2017-07-18 16:27 - 02435584 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\skypert.dll
2017-07-18 16:26 - 2017-07-18 16:27 - 00139776 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\SkypeHost.Proxies.dll
2017-07-18 16:26 - 2017-07-18 16:27 - 00181248 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\Microsoft.Skype.ImageTool.dll
2017-07-18 16:26 - 2017-07-18 16:27 - 00041472 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.820.0_x64__kzf8qxf38zg5c\TraceProvider.dll
2017-03-18 22:59 - 2017-03-19 04:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-05-30 01:38 - 2017-05-30 01:38 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-06-04 07:47 - 2017-06-04 07:47 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-04 07:43 - 2017-06-04 07:43 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3843242997-120083883-219807361-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\StartupApproved\Run: => "BingSvc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{E1F90289-29AF-412A-B2A5-B50A80684BA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{D928627F-7787-4911-9E13-3B6B71FE8CA3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{02A2A455-8DDE-452D-8376-2D2A57A9F2AD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{516B2190-FA7F-462A-B40A-72992675E2C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{8BACED6C-9D92-41C9-9E1B-5B7A7ADE3879}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{E2284F52-9F88-4796-9AF6-62204E7B5EAE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{F6B2F6FA-7FA2-40DE-A71C-02A1F33A0F7E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{E08A86CD-007C-499E-B03F-C933169FE7F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{5DE6FC3B-5CA6-408A-AE19-868E6625E84A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{CCFCEDE4-EDA1-46CB-9B79-FBE1AB2EB843}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Endless Space\EndlessSpace.exe
FirewallRules: [{07E81FAA-318E-4509-BE2A-0673ACA5CFDB}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{BE43F08C-8CD5-4A47-9237-30FDBF60679C}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{C931AEB3-CC05-4938-AD5B-BC3C61B27A4D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{3ABA62D2-9915-404F-97B8-D6A64CBF7103}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stellaris\stellaris.exe
FirewallRules: [{12B65A5D-9C0D-448E-A2A0-491EAC5FE207}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{8F964DC2-8DB1-480B-8986-4D055C2071E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{F783209E-0DBE-4BC9-8151-5F65751676B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{49EEA915-83A7-48C9-96CE-17AEA17B918C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 4\Fallout4Launcher.exe
FirewallRules: [{1048E8D8-903A-4AF1-BB21-3C92BE44E01B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Zomboid Demo\ProjectZomboid64.exe
FirewallRules: [{C15EE90C-AE02-4EA6-94AC-585550C0C55E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Zomboid Demo\ProjectZomboid64.exe
FirewallRules: [{AA4EF2B3-A84F-4F2A-AFB1-B112687E517D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{528071E9-4232-44C6-B75E-11C83AB4EA19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{EBBBE0A6-B10E-4A04-8863-D3EC903EC748}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{87C7B063-050C-45C3-B3AF-2566E3BEE98B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{D99E83F5-E923-4DF4-A6C1-3F844939D6B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{7A9FBAFD-E6DB-465C-AD6B-4F0D56DEA857}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\insurgency2\insurgency.exe
FirewallRules: [{E5BD08C3-AC12-4630-B115-3526693B939F}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D1A72DB5-44D2-4AD6-B031-C5418F221A7E}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{74432A45-17F3-49D0-966F-01802B3F1F87}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ComPet\ComPet.exe
FirewallRules: [{E8534CD4-42E4-43A9-A10B-D0B33C7EFD7F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ComPet\ComPet.exe
FirewallRules: [{1F5C4623-71AC-4261-A907-8E362D426494}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [{4341E010-B7BB-4D15-BE8F-9BB4B223026E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hammer.exe
FirewallRules: [UDP Query User{D54D0049-329B-48AA-ADBF-62F9D1E74EBE}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [TCP Query User{EB7F05EE-5B59-4BFA-A18B-33A8C9FC1824}C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\smite\binaries\win32\smite.exe
FirewallRules: [{6A48ED59-FDA8-45A9-A96B-C9EFFB7E38C9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hazard Ops\UnrealEngine3\Binaries\Win32\InfernumLogin.exe
FirewallRules: [{BA28C211-21E5-4593-800E-4CFE2DEECA41}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hazard Ops\UnrealEngine3\Binaries\Win32\InfernumLogin.exe
FirewallRules: [UDP Query User{D109F78F-38ED-4C00-96EB-186B86DD884D}C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe
FirewallRules: [TCP Query User{82F99F22-E81F-4E7E-B89B-C0F498728195}C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\magickawizardwars\bitsquid_win32_dev.exe
FirewallRules: [{DBDCF1AA-B3E0-4B8B-ADDD-C7D20158DFA4}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{A347CFA3-ECF6-430C-8A5E-944D9224F335}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{F23091CE-A36A-4A8A-841A-0CFAF4CEA588}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{5EE6BD0D-456B-4246-B01B-AE29A47F045F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{D3B1B0F9-2433-41EA-8FD1-12F1E8043711}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F7141FC4-6A8C-4ADB-91D3-1FC37A2EE068}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{DF590EA5-A9E2-4ED9-9CB4-B4CB2E1D4D1E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{992AA758-2351-4354-85CD-C0C2C7DB72B9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{80401B12-23D4-44BE-BCE0-D72E181B896B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3DDD739D-363A-4C53-BBCD-A99D4DCFDE6B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{CECFF92F-9A5C-42F9-82F3-6ABBFF97C62F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{C6F30AA8-EBBC-4305-8308-C25268336C4B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{CC615EE0-85DF-4311-9983-C80173C2AA8F}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [UDP Query User{0769895C-7B1C-491C-9D20-B7AE25267822}C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\arma 3\arma3.exe
FirewallRules: [TCP Query User{BECCD59A-BA84-414E-8741-C341BC897214}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [UDP Query User{CF2CD5B7-068F-47B3-B7F1-6C07403EF943}C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\america's army\aapg\binaries\win32\aagame.exe
FirewallRules: [TCP Query User{6945A08E-3598-43F4-9E36-A62104C63C2F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{41541911-ED1A-4EB1-8A0D-8457A9225F53}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{112F3514-D8F1-4B32-9872-B618721CA130}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [UDP Query User{EAFD0A81-ECC0-4513-B4C3-C85B7E440F56}C:\program files (x86)\entropia universe\bin64\entropia.exe] => (Allow) C:\program files (x86)\entropia universe\bin64\entropia.exe
FirewallRules: [{74235438-B03C-4E2E-B71C-AEE03F19C862}] => (Allow) C:\Users\yuk\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [{2794801B-A18C-4EE7-A909-4EA0435FEB2A}] => (Allow) C:\Users\yuk\AppData\Roaming\Vuze Leap\VuzeLeap.exe
FirewallRules: [TCP Query User{EDF6C357-17E4-4DAA-A0C8-EDB956E9CC0A}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [UDP Query User{018402DE-8612-458B-9BCB-17A8F625B72B}C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\cry of fear\cof.exe
FirewallRules: [TCP Query User{2B12092A-F8BF-40CC-83BC-6671C13E0B69}C:\program files (x86)\renegade x\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\renegade x\binaries\win32\udk.exe
FirewallRules: [UDP Query User{7AFE1C40-F115-4B78-92A6-C35496FDAC7C}C:\program files (x86)\renegade x\binaries\win32\udk.exe] => (Allow) C:\program files (x86)\renegade x\binaries\win32\udk.exe
FirewallRules: [{FBBD120E-FBDB-464A-A8D0-AAE5DD82CD2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hlmv.exe
FirewallRules: [{7A3191B8-B2CA-46C7-BCB2-284F70F8AC32}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Double Action\bin\hlmv.exe
FirewallRules: [TCP Query User{BFA9E3D4-98EC-4E36-9172-AD784DEB7B67}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [UDP Query User{861A4F14-5D57-4B63-BC30-F0722516A3DB}C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\tribes\binaries\win32\tribesascend.exe
FirewallRules: [TCP Query User{F03A7A34-2144-445D-9E22-FE5ED74E68B3}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [UDP Query User{234AA5DE-32EA-4154-AF16-DFD2BCBBE927}C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe] => (Allow) C:\program files\epic games\unrealtournamentdev\engine\binaries\win64\ue4-win64-test.exe
FirewallRules: [{B9B9A626-92A1-4528-AA3D-FAF506B0F63A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{EAF27F84-61B7-428A-8F37-18A4DAA2B213}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\America's Army\AAPG\Binaries\AALauncher32.exe
FirewallRules: [{4267C2D2-C11B-40B9-819A-6A0DEBA9B87A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{CD937A00-AAC6-4F92-9D42-D9077C610799}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{AE5CA1D5-A946-4F31-962A-4A644ACE0BE9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{3B539977-6AA3-4470-9096-B50BE4D6E2F0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5A2C9959-D2CF-472E-AF3D-C4DE158D339F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{895B170D-82EF-4776-91AE-5EBECAC9777B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{6D1E88EF-034A-4E09-8377-544BEE4C7230}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{B7758529-20A2-4B60-A272-8A77E3C724F8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{6DA6D1F2-BBE4-4C12-A3F3-1815E957A400}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{DE186AB3-ADB9-4CA6-BCEA-842413EDB671}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{14858939-E326-42FD-8936-304E787BC47E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E369280D-2913-4318-B8A4-00AEB7A1CB5C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{26960DD1-7E87-4640-A4BD-FAB8B5D49C74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\killingfloor2\Binaries\Win64\KFGame.exe
FirewallRules: [{5D56DECD-D737-4630-829A-961F3F64B96E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{90B84E21-E64F-4790-97A8-7507D04B5476}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{10E40324-D847-43B0-B250-8D4E8DBC2972}] => (Allow) LPort=5354
FirewallRules: [{0CBFFE0D-9386-4F06-9E08-8D438FD5C306}] => (Allow) LPort=5354
FirewallRules: [{7E1F5DF0-C9FB-498C-BA59-F3B3403D9379}] => (Allow) LPort=5354
FirewallRules: [{2FE16C7B-CFF1-4B32-A904-F72A3D965E21}] => (Allow) LPort=5354
FirewallRules: [{2666A67C-4306-4BCB-8D13-67369A8D246A}] => (Allow) LPort=5354
FirewallRules: [{BCD589C5-D404-42D0-AA2B-861966F3B051}] => (Allow) LPort=5354
FirewallRules: [{20D1D075-68F1-4505-9DD4-80B70261B40C}] => (Allow) LPort=5354
FirewallRules: [{3C5D3DC9-CD3F-4897-83C3-777D3626C8D9}] => (Allow) LPort=5354
FirewallRules: [TCP Query User{DAA898B6-5605-4551-AFDB-9CCF64A27598}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [UDP Query User{49227B38-FBAB-4FDB-95ED-B21E125F5156}C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe] => (Block) C:\program files (x86)\steam\steamapps\common\the vanishing of ethan carter redux\ethancarter\binaries\win64\ethancarter-win64-shipping.exe
FirewallRules: [{63388B20-0BBD-4DD4-9277-D95CA5D40ED8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{50BE8A78-C1E9-4320-A817-7BA52E751ADF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\One Way Heroics\Game.exe
FirewallRules: [{BF90F3F1-E4D0-487C-A313-DDB573E774CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{FA270E20-05CE-4C8C-8E2D-3D0789551B95}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\To the Moon\To the Moon.exe
FirewallRules: [{BCA19579-D306-4206-BEE6-29EADA93BA0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{254C23A3-8335-4E8B-898B-E044B6D4F3D6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_1\Sigmund Holiday Special 1\Siggy - Holiday Special.exe
FirewallRules: [{9DA14F9B-92B4-4726-A333-54C88CA4842D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{069945A6-87F3-4A46-B244-FF3244C685E4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\To the Moon\Minisode_2\Sigmund Holiday Special 2\SigCorp Minisode 2.exe
FirewallRules: [{6AB46472-3EF3-427C-8984-6AE20D54A2B8}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{8DA34845-4708-4F42-BB8A-9AD1B69C3414}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\FarCry4.exe
FirewallRules: [{3439173D-FB0C-4A03-8B75-0098F1FE8C09}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{BBA8AB5B-7283-4634-88BD-1019647ECE72}] => (Allow) C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 4\bin\IGE_WPF64.exe
FirewallRules: [{F2A4DBCF-A1E5-424B-9D90-C6ACED7759E6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle Demo\Bin\Talos_Demo.exe
FirewallRules: [{87B9560E-812A-4696-BFFE-01FD09DBCB0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle Demo\Bin\Talos_Demo.exe
FirewallRules: [{2C77C374-4402-4C28-8BEF-EEFF17292D4A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle Demo\Bin\x64\Talos_Demo.exe
FirewallRules: [{7BC93AAF-588F-41B5-98DB-2C7564AF86CA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle Demo\Bin\x64\Talos_Demo.exe
FirewallRules: [{CD4821E9-747E-4A92-BA9F-F4E5823EFE1E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ball Demo\Binaries\Win32\TheBall.exe
FirewallRules: [{FF9819D1-627F-452C-B34E-FF7E7066575A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Ball Demo\Binaries\Win32\TheBall.exe
FirewallRules: [TCP Query User{59D94F35-3ACD-40BD-8A7B-70F1A89D5709}C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\mind_pathtothalamus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\mind_pathtothalamus.exe
FirewallRules: [UDP Query User{1B84FBB8-9727-4A80-9A73-4A2489193428}C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\mind_pathtothalamus.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\mind_pathtothalamus.exe
FirewallRules: [{9B9B2EB0-9F11-4A9D-A4E6-981E7C35DB99}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{BC3A9794-03AA-46DD-B509-75BB333CD437}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\A Story About My Uncle\Binaries\Win32\ASAMU-Win32-Shipping.exe
FirewallRules: [{A68D4DB3-79F0-4AF7-ADC5-2F4E0B1A0F13}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mind_Path_to_Thalamus\Mind_Pathtothalamus.exe
FirewallRules: [{75AB0B68-6746-40A6-80C9-919ED0D0A37C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mind_Path_to_Thalamus\Mind_Pathtothalamus.exe
FirewallRules: [TCP Query User{A015CE2E-7F9F-4AB8-932D-B0E77ABB1E05}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [UDP Query User{3F066AB5-467C-42DE-B980-FE7B442EDCFD}C:\program files (x86)\secondlifeviewer\slvoice.exe] => (Allow) C:\program files (x86)\secondlifeviewer\slvoice.exe
FirewallRules: [TCP Query User{38F81B48-CD80-48A2-AC2E-1D4DCE34CBFA}C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{688D6888-A7D1-42F4-B3FB-DFB20E7234F3}C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\mind_path_to_thalamus\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{C7B649E1-5417-466C-B743-6345EC17AAAD}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [UDP Query User{EC25D412-C74E-4363-A8B3-F80FCD90D8C5}C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{1CB80502-DF9F-4F34-8BC7-5710174766B6}] => (Block) C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{20E2C07B-3DE7-430B-9F98-F6E671A01EDA}] => (Block) C:\program files (x86)\steam\steamapps\common\trine 2\trine2_32bit.exe
FirewallRules: [{88291A67-12FC-4B6C-A550-5B7B10E4479E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{0B0C60B2-0168-447C-9D73-FCC45C354A05}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{C915BD7A-76C3-4AA2-9D8F-707C67D27C50}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{29359706-E5F7-4972-A101-A011EB5411B1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Don't Starve Together\bin\dontstarve_steam.exe
FirewallRules: [{13E1639C-9894-45DA-AC92-B2450EDBEC12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Teeworlds\teeworlds.exe
FirewallRules: [{D3589EE6-0F82-4A7C-8311-B56C42939B24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Teeworlds\teeworlds.exe
FirewallRules: [{C2D71817-1309-4A41-85F9-E34B50ADAF75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{B63C3089-0DF9-4D00-9878-3E6755DAB914}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{D01CCA21-CA16-4749-83C0-A2340FF47512}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{CF379C59-B059-4B2F-880E-2B145569BFB4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{8EF13208-5366-476A-8539-E5791060F501}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{6AC79393-523E-47BA-A69C-3D5924A44745}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos.exe
FirewallRules: [{DF3DC33E-5546-49C4-AF74-D1B287ACB53F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [{3C9A7118-06D6-4648-869B-5EA1BE2E6E5A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Talos Principle\Bin\x64\Talos_Unrestricted.exe
FirewallRules: [TCP Query User{79424DAB-9B1A-46F0-9EB9-8B669023DC19}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [UDP Query User{809BBDB6-CA18-4808-B9F1-FBBA28E04004}C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\paladins\binaries\win32\paladins.exe
FirewallRules: [TCP Query User{358CCA7D-5AC7-4D71-BE9D-87D79F998FA3}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{C2284F2E-03E0-486B-9934-99BFF7546C88}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{2B45E6DE-7B5F-42DC-8CB2-F9F8D0D13ED3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{DEA871B3-14F8-4469-B199-141B28489FEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Witness\witness_d3d11.exe
FirewallRules: [{ACF77AC0-DACF-4006-AA7C-ED92858F5752}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ravenfield\ravenfield.exe
FirewallRules: [{9B54F0B4-DF94-430B-BA59-B3C0EC21D521}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Ravenfield\ravenfield.exe
FirewallRules: [{C7A5488D-39BE-4E3D-B6EC-F28A6F330DCC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foxhole Prototype\War.exe
FirewallRules: [{86A1C386-EB8F-44E2-8764-131ADF172D67}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Foxhole Prototype\War.exe
FirewallRules: [TCP Query User{293C4236-052D-4AE5-8DE0-3C8E56996EE1}C:\program files (x86)\steam\steamapps\common\foxhole prototype\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole prototype\war\binaries\win64\war-win64-shipping.exe
FirewallRules: [UDP Query User{F2687640-3BF3-4D1E-9365-1AD97FDDCB6B}C:\program files (x86)\steam\steamapps\common\foxhole prototype\war\binaries\win64\war-win64-shipping.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\foxhole prototype\war\binaries\win64\war-win64-shipping.exe
FirewallRules: [{336A05BB-3840-4790-A1B9-4BE8AD922A6F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay YOSE\StateOfDecay.exe
FirewallRules: [{AAE117FF-C69A-41A5-A352-88965E1C9601}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\State of Decay YOSE\StateOfDecay.exe
FirewallRules: [{D8B6A5F2-0C56-46ED-9DEB-26C39BF27834}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{DDC9CC79-88A6-4029-8C12-3FC38DB89DE9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Turok - Dinosaur Hunter\sobek.exe
FirewallRules: [{5B987392-F91A-44ED-BE9F-EA4D191D5B2F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Turok - Dinosaur Hunter\sobek.exe
FirewallRules: [{F9E07BC5-FA19-41F1-AEB8-F0C412BD5688}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Turok - Dinosaur Hunter\editor.exe
FirewallRules: [{0BE45B3C-E36F-48A5-9927-7B8E6F17A286}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Turok - Dinosaur Hunter\editor.exe
FirewallRules: [{5EAD7442-8FE3-4857-A8C8-920C1A3E07CE}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.39\opera.exe
FirewallRules: [{FFEDE7E7-8E6C-4CD1-B9B1-37E6A5E02648}] => (Allow) C:\Program Files (x86)\Opera\46.0.2597.46\opera.exe
FirewallRules: [TCP Query User{9B312B77-655D-4BFB-87AD-160C982830A4}C:\users\yuk\desktop\sia\resources\app\sia\siad.exe] => (Allow) C:\users\yuk\desktop\sia\resources\app\sia\siad.exe
FirewallRules: [UDP Query User{1C2D3045-265E-4FD1-AE15-3E68B200588B}C:\users\yuk\desktop\sia\resources\app\sia\siad.exe] => (Allow) C:\users\yuk\desktop\sia\resources\app\sia\siad.exe
FirewallRules: [TCP Query User{3CB0F5EC-AF3E-43C2-BF50-767761C40052}C:\users\yuk\desktop\chaincoinwallet\chaincoin-0.9.2.4-win64\chaincoin-qt.exe] => (Allow) C:\users\yuk\desktop\chaincoinwallet\chaincoin-0.9.2.4-win64\chaincoin-qt.exe
FirewallRules: [UDP Query User{A321E0A9-C6B4-4CBD-97F0-3E8FEF36462D}C:\users\yuk\desktop\chaincoinwallet\chaincoin-0.9.2.4-win64\chaincoin-qt.exe] => (Allow) C:\users\yuk\desktop\chaincoinwallet\chaincoin-0.9.2.4-win64\chaincoin-qt.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2017 03:21:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/17/2017 02:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000039f1b6
ID des fehlerhaften Prozesses: 0x3958
Startzeit der fehlerhaften Anwendung: 0x01d2fef52fa13ab9
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: 911f258e-bce0-4380-9063-b8a7bf69001a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2017 09:53:10 AM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (10032) {E3C1ABF7-8A7A-4722-9167-47A746484EE5}: Der Versuch, die Datei "C:\Users\yuk\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/17/2017 03:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000002b9389
ID des fehlerhaften Prozesses: 0x4ac
Startzeit der fehlerhaften Anwendung: 0x01d2fe98d5ac9c20
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: 47df9b27-e67a-4d5d-8b12-653facf95235
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2017 03:05:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_TouchUser.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76dd1
Name des fehlerhaften Moduls: Wacom_TouchUser.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76dd1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000020f23e
ID des fehlerhaften Prozesses: 0x17b8
Startzeit der fehlerhaften Anwendung: 0x01d2fe98ac337b22
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Berichtskennung: 784279f7-9a52-4183-bf04-d15b6be2c60b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 05:24:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/15/2017 03:07:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000039f1b6
ID des fehlerhaften Prozesses: 0x126c
Startzeit der fehlerhaften Anwendung: 0x01d2fd6b514393b5
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: fe503bec-c517-47a4-98be-b0e7306860c3
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/15/2017 02:55:57 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (07/15/2017 02:55:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/15/2017 02:55:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "Lsa" in der DLL "C:\Windows\System32\Secur32.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


System errors:
=============
Error: (07/18/2017 05:53:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (07/18/2017 04:28:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80073d02 fehlgeschlagen: Mail and Calendar

Error: (07/18/2017 03:11:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (07/18/2017 10:53:11 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/18/2017 10:37:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (07/18/2017 04:31:17 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (07/18/2017 04:27:33 AM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/17/2017 04:00:14 PM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/17/2017 10:14:48 AM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/17/2017 10:01:37 AM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 40%
Total physical RAM: 8189.55 MB
Available physical RAM: 4853.95 MB
Total Virtual: 13053.55 MB
Available Virtual: 8813.74 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.44 GB) (Free:35.89 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 217868F1)
Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

--- --- ---

Ich habe eben mal geguckt, Hi-REz ist wohl irgendein unabhängiger Spieleentwickler, weiß nicht mehr was ich mir da für ein spiel oder Ähnliches vielleicht installeirt habe, welches das mitgebracht haben könnte. Traue mich keine links anzuklicken ohne wenigstens WOT score zu haben. Diese Erweiterung ist aber nicht installiert im Edge. Und ich soll ja nix isntallieren oder so, so lange ich bei euch in Behandlung bin

M-K-D-B · 18.07.2017, 22:47

Servus,

ich sehe Adware auf deinem Rechner.

Auf zur 1. Bereinigungswelle...

Schritt 1
Downloade Dir bitte AdwCleaner auf deinen Desktop (Bebilderte Anleitung).

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- Image File Execution Options Schlüssel
- Tracing Schlüssel
- Prefetch Dateien
- Proxy
- Winsock
- Firewall
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Klicke am Ende der Bereinigung auf Jetzt neu starten. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Downloade Dir bitte Malwarebytes Anti-Malware 3 (Bebilderte Anleitung)

Installiere das Programm in den vorgegebenen Pfad.
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei von AdwCleaner,
die Logdatei von MBAM,
die zwei neuen Logdateien von FRST.

woteva · 18.07.2017, 23:45

Code:

ATTFilter

Malwarebytes
www.malwarebytes.com

-Protokolldetails-
Scan-Datum: 19.07.17
Scan-Zeit: 00:16
Protokolldatei: mbam.txt
Administrator: Ja

-Softwaredaten-
Version: 3.1.2.1733
Komponentenversion: 1.0.160
Version des Aktualisierungspakets: 1.0.2394
Lizenz: Testversion

-Systemdaten-
Betriebssystem: Windows 10 (Build 15063.483)
CPU: x64
Dateisystem: NTFS
Benutzer: MEISFIT\yuk

-Scan-Übersicht-
Scan-Typ: Bedrohungs-Scan
Ergebnis: Abgeschlossen
Gescannte Objekte: 405626
Erkannte Bedrohungen: 2
In die Quarantäne verschobene Bedrohungen: 2
Abgelaufene Zeit: 3 Min., 8 Sek.

-Scan-Optionen-
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

-Scan-Details-
Prozess: 0
(keine bösartigen Elemente erkannt)

Modul: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
PUP.Optional.CrossRider, HKU\S-1-5-21-3843242997-120083883-219807361-1001\SOFTWARE\HQ Video Pro 3.1cV19.05-nv-ie, In Quarantäne, [251], [237350],1.0.2394

Registrierungswert: 0
(keine bösartigen Elemente erkannt)

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Daten-Stream: 0
(keine bösartigen Elemente erkannt)

Ordner: 0
(keine bösartigen Elemente erkannt)

Datei: 1
PUM.Optional.FireFoxSecurityOverride, C:\USERS\YUK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\WITXCJ5B.DEFAULT\USER.JS, In Quarantäne, [16082], [302435],1.0.2394

Physischer Sektor: 0
(keine bösartigen Elemente erkannt)


(end)

Code:

ATTFilter

# AdwCleaner 7.0.0.0 - Logfile created on Tue Jul 18 22:10:22 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 10 Pro (X64)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

Deleted: C:\ProgramData\7b24ec7cc000461ebe26d116b88142c8
Deleted: C:\ProgramData\Application Data\7b24ec7cc000461ebe26d116b88142c8
Deleted: C:\Users\All Users\7b24ec7cc000461ebe26d116b88142c8


***** [ Files ] *****

Deleted: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\search-provided-by-yahoo.xml


***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\watch4.de
Deleted: [Key] - HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.watch4.de
Deleted: [Key] - HKLM\SOFTWARE\MaxPower
Deleted: [Value] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID|{51D26BB4-4D2C-4AE4-9873-5FF41B6DED1F}
Deleted: [Key] - HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\Installer
Deleted: [Key] - HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
Deleted: [Key] - HKU\.DEFAULT\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted: [Key] - HKU\S-1-5-18\Software\AppDataLow\Software\_CrossriderRegNamePlaceHolder_
Deleted: [Value] - HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|wb.exe
Deleted: [Value] - HKCU\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|wb.exe
Deleted: [Key] - HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
Deleted: [Key] - HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}


***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Image File Execution Options%s keys deleted
::Prefetch files deleted
::Proxy settings cleared
::Firewall rules cleared
::IE policies deleted
::Chrome policies deleted
::Additional Actions: 0



*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [6872 B] - [2015/6/16 11:8:34]
C:/AdwCleaner/AdwCleaner[S1].txt - [1962 B] - [2015/6/16 11:12:1]
C:/AdwCleaner/AdwCleaner[S2].txt - [3475 B] - [2017/7/10 12:45:41]
C:/AdwCleaner/AdwCleaner[S3].txt - [3051 B] - [2017/7/18 22:8:26]


########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ##########

Avira hat dazwischen gefunkt als ich die Malwarebytes 3 die gefundenen Bedrohungen in die Quarantäne verschieben wollte. Irgendwas von Registry wurde von Avira angezeigt (?) Sie wurden trotzdem in der Quarantäne angezeigt. jetzt nochmal durchlaufen lassen? Daraufhin glaubte ich Avira beendet zu haben, aber Pustekuchen: FRST wurde beim starten auch geblockt, Irgendwas von "HEUR/APC (Cloud) wurde gesperrt". daraufhin Avira komplett deinstalliert und FRST erneut durchgeführt, mit Erfolg. Hoffe ich habe das jetzt richtig zusammenbekommen

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by yuk (19-07-2017 00:32:24)
Running from C:\Users\yuk\Downloads\FRST-OlderVersion\FRST-OlderVersion
Windows 10 Pro Version 1703 (X64) (2017-05-14 10:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3843242997-120083883-219807361-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3843242997-120083883-219807361-503 - Limited - Disabled)
Guest (S-1-5-21-3843242997-120083883-219807361-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3843242997-120083883-219807361-1003 - Limited - Enabled)
yuk (S-1-5-21-3843242997-120083883-219807361-1001 - Administrator - Enabled) => C:\Users\yuk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.8.3 - ASUSTek COMPUTER INC.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.36906368.36897376.36906376 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
BurnAware Free 9.7 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
ComPet (HKLM\...\Steam App 532800) (Version:  - MindArk PE AB)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Discord (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Endless Space (HKLM\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.2.3.128490 - MindArk PE AB)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Foxhole Pre-Alpha (HKLM\...\Steam App 506770) (Version:  - Clapfoot)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version:  - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version:  - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content (HKLM-x32\...\Native Instruments Maschine Factory Content) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content 1.5 (HKLM-x32\...\Native Instruments Maschine Factory Content 1.5) (Version:  - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version:  - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 46.0.2597.46 (HKLM-x32\...\Opera 46.0.2597.46) (Version: 46.0.2597.46 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{A3C03067-855A-4B5B-B08B-A1BFD68FCAF8}) (Version: 2.8.30000 - Polar Electro Oy)
Project Zomboid Demo (HKLM\...\Steam App 264910) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Ravenfield (HKLM\...\Steam App 636480) (Version:  - SteelRaven7)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.3.324435 - Linden Research, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
State of Decay: Year-One (HKLM\...\Steam App 329430) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version:  - Paradox Development Studio)
Stickman Fighter Epic Battle (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66) (Version: 10.1 - Playtouch)
Stickman Fighter Epic Battle (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66) (Version: 10.1 - Playtouch)
Stickman Fighter Epic Battle (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66) (Version: 10.1 - Playtouch)
Stickman School Run (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928) (Version: 10.2 - Playtouch)
Stickman School Run (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928) (Version: 10.2 - Playtouch)
Stickman School Run (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928) (Version: 10.2 - Playtouch)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Talos Principle (HKLM\...\Steam App 257510) (Version:  - Croteam)
The Witness (HKLM\...\Steam App 210970) (Version:  - Thekla, Inc.)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
TomTom Sports Connect (HKLM-x32\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Turok: Dinosaur Hunter (HKLM\...\Steam App 405820) (Version:  - Iguana Entertainment)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vuze Leap 1.3 (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 1.3 - Azureus Software, Inc.)
Vuze Leap 1.3 (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 1.3 - Azureus Software, Inc.)
Vuze Leap 1.3 (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 1.3 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Writefull 3.0.0-beta14-gem2 (only current user) (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\59079acb-34a2-5644-8b18-af99c519c5e8) (Version: 3.0.0-beta14-gem2 - ThinqLab)
Writefull 3.0.0-beta14-gem2 (only current user) (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\59079acb-34a2-5644-8b18-af99c519c5e8) (Version: 3.0.0-beta14-gem2 - ThinqLab)
Writefull 3.0.0-beta14-gem2 (only current user) (HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\59079acb-34a2-5644-8b18-af99c519c5e8) (Version: 3.0.0-beta14-gem2 - ThinqLab)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-04A8CD363F3D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098F85FF-3BC6-4573-9031-5415D3288DCF} - System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {0B132F1D-9625-46B8-A4F6-B6B6EF2ECEE6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {0D3509DE-EEFE-4F7C-B1B8-75AA4F0609E6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {15D012F2-24D8-4E74-BDD4-C42CB0E50187} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {24F506CB-3D93-4F5D-97A2-17AA1900C850} - System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {2888D9A1-CCA5-4869-BE3A-45413E90E92B} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> No File <==== ATTENTION
Task: {28F95D74-D10F-4E79-9995-598EDFF9C7F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {3B92386C-8A30-4944-A66F-2112F0CF2666} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4ABACFDE-0F29-4669-A751-DAE7E17CBB3A} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Task: {4F6A5EB7-C215-4409-9EFA-11C3ECEB3305} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {5536D0E6-1A75-4D8D-AA28-AA848E6877EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {56C94AE4-1DC1-4157-9D8F-C61BF10F2803} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {60F71DE3-2DFC-40FC-BD10-CDA6F1B71173} - System32\Tasks\Opera scheduled Autoupdate 1432754114 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-11] (Opera Software)
Task: {639B4B7D-238D-4859-B5CF-6E1EAD08C1F0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {6AA44469-83FD-453F-8C3C-754355F33176} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA1d2592aff96741f => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {7B64C888-F525-4974-8259-D16391269FCB} - System32\Tasks\EPSON XP-215 217 Series Invitation {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {7CDC4979-16DF-4E21-89E3-82259ACFFB95} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {83967500-6188-4FE7-826F-238C6D6381AC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-deckothewacko@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {9DED8FF7-C583-43B0-8BC7-DE6ADB01F0B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A0471086-1550-45AF-98AD-74ED2ED9DFD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {A0DBF880-6708-43C3-965C-90C23D9FF71C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core1d2592aff90a792 => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {A4CC7612-9DC1-4569-91D9-27A3F02DBFE4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {A50B1430-E4AF-4D74-874E-EADE171889D9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-12] (Microsoft Corporation)
Task: {C7774F78-D1D5-4FEE-A219-91163C39301B} - System32\Tasks\EPSON XP-215 217 Series Update {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {CC5FC553-6AFE-490C-8E57-6979586AE2B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {D801B8DD-5A63-4655-99F2-B7114D4965B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {E6519F44-A7C8-43DD-A0A3-279C2442E51B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {E8EDF9E6-2538-4D5F-890D-62A624B6FD88} - \WPD\SqmUpload_S-1-5-21-3843242997-120083883-219807361-1001 -> No File <==== ATTENTION
Task: {FFB80892-79A5-4CCC-9716-EE37D3A65641} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} /F:UpdateWORKGROUP\MEISFIT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} /F:UpdateWORKGROUP\MEISFIT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core.job => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA.job => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-06-14 05:56 - 2015-08-21 20:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2015-06-10 10:00 - 2015-06-10 10:00 - 06217728 _____ () C:\Program Files (x86)\Polar\WebSync\WebSync.exe
2017-05-15 02:38 - 2017-05-15 02:38 - 34957896 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2017-07-19 00:15 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:59 - 2017-03-19 04:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2015-05-21 19:54 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-22 10:21 - 2017-02-22 10:21 - 00135680 _____ () C:\Program Files (x86)\TomTom\MySportsConnect\quazip5.dll
2017-03-28 18:15 - 2017-01-19 10:35 - 01943040 _____ () C:\Users\yuk\AppData\Local\Programs\Writefull\ffmpeg.dll
2017-07-19 00:12 - 2017-07-19 00:12 - 00139264 _____ () \\?\C:\Users\yuk\AppData\Local\Temp\B2D5.tmp.node
2017-03-28 18:15 - 2017-01-19 10:35 - 02263040 _____ () C:\Users\yuk\AppData\Local\Programs\Writefull\libglesv2.dll
2017-03-28 18:15 - 2017-01-19 10:35 - 00080896 _____ () C:\Users\yuk\AppData\Local\Programs\Writefull\libegl.dll
2017-07-19 00:12 - 2017-07-19 00:12 - 00139264 _____ () \\?\C:\Users\yuk\AppData\Local\Temp\B8FF.tmp.node
2017-03-28 18:15 - 2017-03-24 16:07 - 00402944 _____ () \\?\C:\Users\yuk\AppData\Local\Programs\Writefull\resources\app.asar.unpacked\node_modules\spellchecker\build\Release\spellchecker.node
2017-06-27 18:48 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\yuk\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-06-27 18:48 - 2017-06-27 18:48 - 01082880 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-06-27 18:48 - 2017-06-27 18:48 - 03750400 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-06-27 18:48 - 2017-06-27 18:48 - 00914432 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-06-27 18:48 - 2017-06-27 18:48 - 01127424 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-06-27 18:48 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\yuk\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-06-27 18:48 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\yuk\AppData\Local\Discord\app-0.0.297\libegl.dll
2015-06-10 09:47 - 2015-06-10 09:47 - 00104448 _____ () C:\Program Files (x86)\Polar\WebSync\PTransform.dll
2010-02-10 16:06 - 2010-02-10 16:06 - 00334848 _____ () C:\Program Files (x86)\Polar\WebSync\QtXml4.dll
2010-02-10 16:22 - 2010-02-10 16:22 - 07971840 _____ () C:\Program Files (x86)\Polar\WebSync\QtGui4.dll
2010-02-10 16:07 - 2010-02-10 16:07 - 00929280 _____ () C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll
2011-01-14 16:01 - 2011-01-14 16:01 - 02142720 _____ () C:\Program Files (x86)\Polar\WebSync\QtCore4.dll
2015-06-10 09:46 - 2015-06-10 09:46 - 03717632 _____ () C:\Program Files (x86)\Polar\WebSync\libpolar.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00025600 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00119808 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll
2017-06-04 07:19 - 2017-06-04 07:19 - 52051552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-07-19 00:12 - 2017-07-19 00:12 - 00148992 _____ () \\?\C:\Users\yuk\AppData\Local\Temp\D8EB.tmp.node
2017-06-27 18:48 - 2017-06-27 18:49 - 02658296 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-06-27 18:51 - 2017-06-27 18:51 - 02665976 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-03-20 11:57 - 2017-03-20 11:57 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-05-30 01:38 - 2017-05-30 01:38 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-06-04 07:47 - 2017-06-04 07:47 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-04 07:43 - 2017-06-04 07:43 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655387\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724731\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655415\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724768\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-3843242997-120083883-219807361-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\StartupApproved\Run: => "BingSvc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{468E16C3-51BF-4A41-84CE-EE5C8DE8D532}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F0A40087-CA0D-43C0-94DB-B0D03C4BFEAE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{04919C7A-FCE8-48CB-9719-D38FC38C4164}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C7BE2EB3-8817-49E7-B29A-2D3B8B54DFC4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2017 12:30:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.28.21 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2b4c

Startzeit: 01d300154762aa91

Beendigungszeit: 12

Anwendungspfad: C:\Program Files (x86)\Avira\Antivirus\avscan.exe

Berichts-ID: fa5de21c-7031-4ea3-abbb-15726e391ec8

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (07/18/2017 03:21:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/17/2017 02:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000039f1b6
ID des fehlerhaften Prozesses: 0x3958
Startzeit der fehlerhaften Anwendung: 0x01d2fef52fa13ab9
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: 911f258e-bce0-4380-9063-b8a7bf69001a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2017 09:53:10 AM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (10032) {E3C1ABF7-8A7A-4722-9167-47A746484EE5}: Der Versuch, die Datei "C:\Users\yuk\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/17/2017 03:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000002b9389
ID des fehlerhaften Prozesses: 0x4ac
Startzeit der fehlerhaften Anwendung: 0x01d2fe98d5ac9c20
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: 47df9b27-e67a-4d5d-8b12-653facf95235
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2017 03:05:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_TouchUser.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76dd1
Name des fehlerhaften Moduls: Wacom_TouchUser.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76dd1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000020f23e
ID des fehlerhaften Prozesses: 0x17b8
Startzeit der fehlerhaften Anwendung: 0x01d2fe98ac337b22
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Berichtskennung: 784279f7-9a52-4183-bf04-d15b6be2c60b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 05:24:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/15/2017 03:07:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000039f1b6
ID des fehlerhaften Prozesses: 0x126c
Startzeit der fehlerhaften Anwendung: 0x01d2fd6b514393b5
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: fe503bec-c517-47a4-98be-b0e7306860c3
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/15/2017 02:55:57 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.

Error: (07/15/2017 02:55:56 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "MSDTC" in der DLL "C:\WINDOWS\system32\msdtcuiu.DLL" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.


System errors:
=============
Error: (07/19/2017 12:30:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (07/19/2017 12:24:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (07/19/2017 12:20:54 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (07/19/2017 12:11:38 AM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "MEISFIT" auf Transport "NetBT_Tcpip_{D5FFB703-501B-4FDB-82DA-CC5480365EDB}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (07/19/2017 12:11:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/19/2017 12:11:04 AM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/19/2017 12:10:42 AM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/19/2017 12:10:40 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (07/19/2017 12:10:38 AM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/19/2017 12:10:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 37%
Total physical RAM: 8189.55 MB
Available physical RAM: 5100.49 MB
Total Virtual: 13309.55 MB
Available Virtual: 9921.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.44 GB) (Free:36.36 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 217868F1)
Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

woteva · 18.07.2017, 23:46

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by yuk (administrator) on MEISFIT (19-07-2017 00:31:47)
Running from C:\Users\yuk\Downloads\FRST-OlderVersion\FRST-OlderVersion
Loaded Profiles: yuk &  (Available Profiles: yuk)
Platform: Windows 10 Pro Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(TomTom) C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [BingSvc] => C:\Users\yuk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Google Update] => C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Writefull] => C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe [64315392 2017-03-24] (ThinqLab)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Discord] => C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Run: [BingSvc] => C:\Users\yuk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Run: [Google Update] => C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Run: [Writefull] => C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe [64315392 2017-03-24] (ThinqLab)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\...\Run: [Discord] => C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Run: [BingSvc] => C:\Users\yuk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Run: [Google Update] => C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Run: [Writefull] => C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe [64315392 2017-03-24] (ThinqLab)
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\...\Run: [Discord] => C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-09-12]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-20]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d5ffb703-501b-4fdb-82da-cc5480365edb}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-01] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-01] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 3qisvbq9.default
FF DefaultProfile: xqo7hp7f.default
FF DefaultProfile: witxcj5b.default
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928\Profiles\3qisvbq9.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66\Profiles\xqo7hp7f.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default [2017-07-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\witxcj5b.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\witxcj5b.default -> startpage.com
FF Extension: (Avira Browser Safety) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\abs@avira.com [2016-04-21]
FF Extension: (Lightbeam) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-10-05]
FF Extension: (S3.Google Translator) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\s3google@translator.xpi [2015-10-08]
FF Extension: (WOT) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10]
FF Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-images.xml [2015-10-12]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-maps.xml [2015-10-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/O1DPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=3 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=9 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456: @talk.google.com/GoogleTalkPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456: @talk.google.com/O1DPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456: @tools.google.com/Google Update;version=3 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001655456: @tools.google.com/Google Update;version=9 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799: @talk.google.com/GoogleTalkPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799: @talk.google.com/O1DPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799: @tools.google.com/Google Update;version=3 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-07192017001724799: @tools.google.com/Google Update;version=9 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default [2017-07-19]
CHR Extension: (Google Präsentationen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15]
CHR Extension: (Google Docs) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-15]
CHR Extension: (Readlang) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-11-15]
CHR Extension: (Google Drive) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-06-24]
CHR Extension: (YouTube) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google-Suche) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Bliu Bliu) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmhflbdkpnkjpomcjofacekggdgmlfh [2015-11-15]
CHR Extension: (Byrd IRC client) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\endimfdcgfnlmoankhocnkhgohmoecoi [2017-06-27]
CHR Extension: (Google Tabellen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15]
CHR Extension: (HTTPS Everywhere) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (AdBlock) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (Avast Online Security) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-08]
CHR Extension: (MetaMask) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2017-07-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Google Mail) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Buffer) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbbfjmllpkjhkmljjeahemghjhkecfae [2017-07-16]
OPR Extension: (Translator) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2016-12-14]
OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2017-03-18]
OPR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

"avgntflt" => service could not be unlocked. <==== ATTENTION

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-05-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 gbxavs; C:\WINDOWS\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\WINDOWS\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-19] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TASCAM_US122144; C:\WINDOWS\System32\Drivers\tascusb2.sys [409664 2010-06-18] (TASCAM)
S3 TASCAM_US122L_WDM; C:\WINDOWS\system32\drivers\tscusb2a.sys [50240 2010-06-18] (TASCAM)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 X6va060; C:\WINDOWS\SysWOW64\Drivers\X6va060 [21208 2015-11-21] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 00:23 - 2017-07-19 00:30 - 00000000 ____D C:\Users\yuk\Downloads\FRST-OlderVersion
2017-07-19 00:23 - 2017-07-19 00:23 - 00001563 _____ C:\Users\yuk\Desktop\mbam.txt
2017-07-19 00:15 - 2017-07-19 00:16 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-19 00:15 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-19 00:13 - 2017-07-19 00:13 - 00003164 _____ C:\Users\yuk\Desktop\AdwCleaner[C0].txt
2017-07-19 00:01 - 2017-07-19 00:01 - 65033984 _____ (Malwarebytes ) C:\Users\yuk\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-18 23:59 - 2017-07-18 23:59 - 08162248 _____ (Malwarebytes) C:\Users\yuk\Downloads\adwcleaner_7.0.0.0.exe
2017-07-18 21:10 - 2017-07-19 00:10 - 00173122 _____ C:\Users\yuk\Desktop\Neues Textdokument (3).txt
2017-07-18 20:59 - 2017-07-19 00:02 - 00273782 _____ C:\TDSSKiller.3.1.0.15_18.07.2017_20.59.39_log.txt
2017-07-18 20:58 - 2017-07-18 20:58 - 04922400 _____ (AO Kaspersky Lab) C:\Users\yuk\Downloads\tdsskiller.exe
2017-07-18 20:48 - 2017-07-18 20:48 - 00090646 _____ C:\Users\yuk\Downloads\FRST.txt
2017-07-18 20:48 - 2017-07-18 20:48 - 00076773 _____ C:\Users\yuk\Downloads\Addition.txt
2017-07-18 20:47 - 2017-07-19 00:31 - 00000000 ____D C:\FRST
2017-07-18 18:54 - 2017-07-18 18:54 - 00000000 ____D C:\Users\yuk\Documents\FeedbackHub
2017-07-18 16:35 - 2017-07-18 16:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignd320c6188b0c3a3e
2017-07-18 15:41 - 2017-07-18 17:14 - 00000484 _____ C:\Users\yuk\Desktop\blogging IDeas.txt
2017-07-18 10:52 - 2017-07-18 10:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignef9162340afc81e7
2017-07-18 03:58 - 2017-07-18 03:58 - 00001666 _____ C:\Users\yuk\Desktop\VINIPOARS.txt
2017-07-18 01:25 - 2017-07-18 01:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign8d0021bddd45850f
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndbdfcd33d6e8acea
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb641b4b9cbdaa7f3
2017-07-17 23:34 - 2017-07-17 23:36 - 00014330 _____ C:\Users\yuk\Desktop\recapNeverdieDiscord.txt
2017-07-17 19:03 - 2017-07-17 23:34 - 00007466 _____ C:\Users\yuk\Desktop\sttembloggentry.txt
2017-07-17 18:51 - 2017-07-17 18:51 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne70c98b4cd02912f
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf4200db89f9632ff
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna93330d847d30df6
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna659908c3c042600
2017-07-17 14:36 - 2017-07-17 14:36 - 00182700 _____ C:\Users\yuk\Desktop\MEWwallet.pdf
2017-07-15 01:26 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Chaincoin
2017-07-15 01:26 - 2017-07-15 01:26 - 00000000 ____D C:\Users\yuk\Desktop\ChaincoinWallet
2017-07-15 00:11 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Sia-UI
2017-07-15 00:11 - 2017-07-15 00:11 - 00000000 ____D C:\Users\yuk\Desktop\Sia
2017-07-13 21:55 - 2017-07-13 21:55 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign22b248e799dcec20
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb3c26d14701f90fd
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign18d4b9f127dffb93
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignc5fa6dc60df608fe
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign930cff8b7f6e3f4e
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign10ab782c206575ee
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndf8526185b5d544d
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95dd2b0ed413f2c2
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign1298faa7ae0ffb34
2017-07-12 18:58 - 2017-07-07 09:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 18:58 - 2017-07-07 09:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 09:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 09:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 18:58 - 2017-07-07 09:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 18:58 - 2017-07-07 09:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 18:58 - 2017-07-07 08:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 18:58 - 2017-07-07 08:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 18:58 - 2017-07-07 08:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 18:58 - 2017-07-07 08:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 18:58 - 2017-07-07 08:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 18:58 - 2017-07-07 08:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 18:58 - 2017-07-07 08:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 18:58 - 2017-07-07 08:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 18:58 - 2017-07-07 08:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 18:58 - 2017-07-07 08:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 18:58 - 2017-07-07 08:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 18:58 - 2017-07-07 08:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 18:58 - 2017-07-07 08:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 18:58 - 2017-07-07 08:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 18:58 - 2017-07-07 08:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 18:58 - 2017-07-07 08:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 18:58 - 2017-07-07 08:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 18:58 - 2017-07-07 08:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 18:58 - 2017-07-07 08:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 18:58 - 2017-07-07 08:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 18:58 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 18:58 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 18:58 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 18:58 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 18:58 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 18:58 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 18:58 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 18:58 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 18:58 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 18:58 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:58 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 18:58 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 18:58 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 18:58 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 18:58 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 18:58 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 18:57 - 2017-07-07 16:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 18:57 - 2017-07-07 09:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 18:57 - 2017-07-07 09:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 18:57 - 2017-07-07 09:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 18:57 - 2017-07-07 09:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 18:57 - 2017-07-07 09:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 18:57 - 2017-07-07 09:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 18:57 - 2017-07-07 09:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 18:57 - 2017-07-07 09:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 18:57 - 2017-07-07 09:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 18:57 - 2017-07-07 09:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 18:57 - 2017-07-07 09:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 18:57 - 2017-07-07 09:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 18:57 - 2017-07-07 09:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 18:57 - 2017-07-07 09:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 18:57 - 2017-07-07 08:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 18:57 - 2017-07-07 08:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 18:57 - 2017-07-07 08:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 18:57 - 2017-07-07 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 18:57 - 2017-07-07 08:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 18:57 - 2017-07-07 08:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 18:57 - 2017-07-07 08:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 18:57 - 2017-07-07 08:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-07 08:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 18:57 - 2017-07-07 08:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 18:57 - 2017-07-07 08:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 18:57 - 2017-07-07 08:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 18:57 - 2017-07-07 08:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 18:57 - 2017-07-07 08:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-02 00:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 18:57 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 18:57 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 18:57 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 18:57 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 18:57 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 18:57 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 18:57 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 18:57 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 18:57 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 18:57 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 18:57 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 18:57 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 18:57 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 18:57 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 18:57 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 18:57 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 18:57 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 18:57 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 18:57 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 18:57 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 18:57 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 18:57 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 18:57 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 18:57 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 18:57 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 18:57 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 18:57 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 18:57 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 18:57 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 18:57 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 18:57 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 18:57 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 18:57 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 18:57 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 15:25 - 2017-07-11 15:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign691e163531e0b57f
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf7398b9b18fb737a
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign3fedaf8a159f6dbe
2017-07-09 22:31 - 2017-07-09 22:31 - 00280758 _____ C:\Users\yuk\Desktop\Guide-to-Crushing-ICOs (1).pdf
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignbd8d4b30cc7b0a63
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign803a511bf64b2a7b
2017-07-07 08:25 - 2017-07-07 08:25 - 00281255 _____ C:\Users\yuk\Desktop\2016-06-21-dao-meetup.pdf
2017-07-07 06:34 - 2017-07-07 06:34 - 01678520 _____ C:\Users\yuk\Desktop\Swarmwise-2013-by-Rick-Falkvinge-v1.1-2013Sep01.pdf
2017-07-07 03:57 - 2017-07-07 03:57 - 02581058 _____ C:\Users\yuk\Desktop\Ian Balina - Hacking Venture Capital.pdf
2017-07-05 18:48 - 2017-07-05 18:48 - 00000017 _____ C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-07-05 18:47 - 2017-07-05 18:47 - 00000000 ____D C:\Users\yuk\Desktop\NiceHash
2017-07-03 15:42 - 2017-07-03 15:42 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign9a5c28e1286a561b
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95814f4f98e5fd87
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign15bb920bdd8542bc
2017-06-30 22:40 - 2017-06-30 22:40 - 03969909 _____ C:\Users\yuk\Desktop\NDC-TPT-ICO-Whitepaper-v-1-eng.pdf
2017-06-30 17:01 - 2017-07-14 14:21 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-06-28 23:14 - 2017-06-28 23:14 - 00000222 _____ C:\Users\yuk\Desktop\Turok Dinosaur Hunter.url
2017-06-28 14:45 - 2017-07-02 08:23 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-07-02 08:23 - 00000749 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-06-28 14:45 - 00004140 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 14:45 - 2017-06-28 14:45 - 00003962 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 13:44 - 2017-06-28 13:44 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 13:44 - 2017-06-28 13:44 - 00002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign71509ec51adf90ba
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign04fd5c63b38afe12
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign657c088acb6bcc64
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign32243907df5452f1
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne004f0bca1bc0d05
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign84f89191745e24b1
2017-06-27 18:48 - 2017-07-01 06:13 - 00000000 ____D C:\Users\yuk\AppData\Roaming\discord
2017-06-27 18:48 - 2017-06-27 18:48 - 00002260 _____ C:\Users\yuk\Desktop\Discord.lnk
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\SquirrelTemp
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\Discord
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigned85db22ba142d9b
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign74db16fde766e162
2017-06-27 17:53 - 2017-06-27 17:53 - 00000207 _____ C:\Users\yuk\Desktop\Parity.txt
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign87161b0f3dc7f63e
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign5568de062ffd86c3
2017-06-25 18:06 - 2017-06-25 18:06 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-25 18:06 - 2017-06-25 18:06 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-06-24 12:13 - 2017-06-24 12:13 - 00000000 ____D C:\Users\yuk\.ethash
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Local\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Program Files\Ethcore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 00:30 - 2017-05-14 12:05 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{943D6DCB-B6A4-4FD7-980C-69A4C8DFD8CE}
2017-07-19 00:25 - 2016-04-21 16:41 - 00000000 ____D C:\Program Files (x86)\Avira
2017-07-19 00:25 - 2015-05-20 06:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-19 00:16 - 2017-05-14 21:43 - 00902752 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-19 00:16 - 2017-05-14 21:43 - 00194042 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-19 00:16 - 2017-05-14 21:41 - 00854970 _____ C:\WINDOWS\system32\perfh00A.dat
2017-07-19 00:16 - 2017-05-14 21:41 - 00198426 _____ C:\WINDOWS\system32\perfc00A.dat
2017-07-19 00:16 - 2017-05-14 12:07 - 03112590 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-19 00:12 - 2017-03-28 18:15 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Writefull
2017-07-19 00:12 - 2015-09-04 15:51 - 00000000 ___RD C:\Users\yuk\Creative Cloud Files
2017-07-19 00:12 - 2015-05-24 12:45 - 00000000 ____D C:\Users\yuk\AppData\Local\Adobe
2017-07-19 00:11 - 2017-05-14 12:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-19 00:11 - 2017-05-14 11:53 - 04918192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-19 00:11 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-19 00:11 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-19 00:11 - 2017-03-18 13:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-07-19 00:11 - 2016-10-22 16:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-19 00:11 - 2015-07-28 20:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-19 00:10 - 2015-11-15 15:20 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-19 00:10 - 2015-06-16 13:06 - 00000000 ____D C:\AdwCleaner
2017-07-18 23:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-18 23:14 - 2017-05-14 11:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 20:48 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-18 17:56 - 2015-05-19 18:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 16:54 - 2017-04-01 15:51 - 00005410 _____ C:\Users\yuk\Desktop\blogPost_1.txt
2017-07-17 02:23 - 2015-05-19 21:16 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Skype
2017-07-16 22:39 - 2017-04-01 17:06 - 00003635 _____ C:\Users\yuk\Desktop\MindTrick1.txt
2017-07-16 21:19 - 2015-09-19 09:35 - 00000000 ___RD C:\Users\yuk\OneDrive
2017-07-16 19:47 - 2015-06-16 15:19 - 00000033 _____ C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2017-07-15 15:24 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 14:21 - 2017-05-14 12:05 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432754114
2017-07-14 14:21 - 2015-05-27 21:14 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-13 10:26 - 2015-09-10 07:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-13 01:11 - 2015-09-19 09:32 - 00000000 ____D C:\Users\yuk\AppData\Local\Comms
2017-07-13 01:05 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Local\Packages
2017-07-12 22:20 - 2017-04-12 16:47 - 00000789 _____ C:\Users\yuk\Desktop\Neues Textdokument (2).txt
2017-07-12 19:03 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 19:02 - 2015-05-21 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 18:59 - 2015-05-21 18:26 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 17:48 - 2017-05-14 12:05 - 00004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 15:47 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-08 05:06 - 2015-11-20 17:09 - 00000000 ____D C:\Users\yuk\AppData\Roaming\TS3Client
2017-07-08 00:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-07 08:41 - 2013-08-22 17:44 - 00395226 __RSH C:\bootmgr
2017-07-04 00:30 - 2017-05-14 11:57 - 00000000 ____D C:\Users\yuk
2017-06-30 16:47 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 16:47 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 16:01 - 2015-05-26 14:21 - 00000000 ____D C:\Program Files (x86)\Entropia Universe
2017-06-28 13:44 - 2015-05-19 18:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-27 17:45 - 2017-02-17 18:33 - 00000221 _____ C:\Users\yuk\Desktop\Neues Textdokument.txt
2017-06-25 18:06 - 2015-06-16 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-25 18:06 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Adobe
2017-06-19 23:39 - 2016-05-09 17:19 - 00000000 ____D C:\Users\yuk\AppData\Local\SecondLife

==================== Files in the root of some directories =======

2015-06-16 15:19 - 2017-07-16 19:47 - 0000033 _____ () C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 12:34 - 2015-07-30 09:33 - 0000301 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Login.ini
2015-05-24 12:34 - 2015-07-30 10:17 - 0001380 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Options.ini
2017-01-26 18:22 - 2017-01-26 18:36 - 0000200 _____ () C:\Users\yuk\AppData\Roaming\burnaware.ini
2017-07-05 18:48 - 2017-07-05 18:48 - 0000017 _____ () C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-05-14 11:55 - 2017-05-14 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-11 14:40

==================== End of FRST.txt ============================

--- --- ---

Mein Kopf explodiert gleich. Hoffe man kann eines Tages mehr Zeichen zu posten. Habe nämlich vor zu bleiben

M-K-D-B · 19.07.2017, 08:59

Servus,

ja, manchmal ist Avira nervig, weil es eigentlich nur stört.

Schritt 1

Kopiere den Inhalt der folgenden Code-Box:

Code:

ATTFilter

Start::
CloseProcesses:
Task: {15D012F2-24D8-4E74-BDD4-C42CB0E50187} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {28F95D74-D10F-4E79-9995-598EDFF9C7F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION
Task: {3B92386C-8A30-4944-A66F-2112F0CF2666} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5536D0E6-1A75-4D8D-AA28-AA848E6877EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DED8FF7-C583-43B0-8BC7-DE6ADB01F0B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CC5FC553-6AFE-490C-8E57-6979586AE2B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E8EDF9E6-2538-4D5F-890D-62A624B6FD88} - \WPD\SqmUpload_S-1-5-21-3843242997-120083883-219807361-1001 -> No File <==== ATTENTION
Unlock: C:\Windows\System32\Tasks\UEUEUFX1
CMD: type "C:\Windows\System32\Tasks\UEUEUFX1"
Task: {4ABACFDE-0F29-4669-A751-DAE7E17CBB3A} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Unlock: C:\WINDOWS\Tasks\UEUEUFX1.job
CMD: type "C:\WINDOWS\Tasks\UEUEUFX1.job"
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
C:\ProgramData\SecurityUtility
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:
End::

Starte nun FRST und klicke den Entfernen Button.
Das Tool führt die gewünschten Schritte aus und erstellt eine fixlog.txt im selben Verzeichnis, in dem sich die FRST/FRST64.exe befindet.
Gegebenenfalls muss dein Rechner dafür neu gestartet werden.
Poste mir den Inhalt der fixlog.txt mit deiner nächsten Antwort.

Schritt 2

Starte FRST erneut.
Kopiere den Inhalt der folgenden Code-Box in die Zeile "Suche":
Code:
ATTFilter
```
Crossrider;MaxPower;SecurityUtility;
         
```
Drücke auf Registry-Suche.
FRST beginnt mit dem Suchlauf. Dies kann einige Zeit dauern.
Am Ende erstellt FRST eine Textdatei SearchReg.txt.
Poste mir deren Inhalt mit deiner nächsten Antwort.

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Bitte poste mit deiner nächsten Antwort

die Logdatei des FRST-Fix,
die Logdatei der Registry-Suche von FRST (RegSearch.txt),
die beiden neuen Logdateien von FRST (FRST.txt und Addition.txt).

woteva · 19.07.2017, 14:30

Code:

ATTFilter

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by yuk (19-07-2017 15:13:13) Run:2
Running from C:\Users\yuk\Downloads
Loaded Profiles: yuk &  (Available Profiles: yuk)
Boot Mode: Normal
==============================================

fixlist content:
*****************

CloseProcesses:
Task: {15D012F2-24D8-4E74-BDD4-C42CB0E50187} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {28F95D74-D10F-4E79-9995-598EDFF9C7F1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle -> No File <==== ATTENTION
Task: {3B92386C-8A30-4944-A66F-2112F0CF2666} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5536D0E6-1A75-4D8D-AA28-AA848E6877EC} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DED8FF7-C583-43B0-8BC7-DE6ADB01F0B8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {CC5FC553-6AFE-490C-8E57-6979586AE2B3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E8EDF9E6-2538-4D5F-890D-62A624B6FD88} - \WPD\SqmUpload_S-1-5-21-3843242997-120083883-219807361-1001 -> No File <==== ATTENTION
Unlock: C:\Windows\System32\Tasks\UEUEUFX1
CMD: type "C:\Windows\System32\Tasks\UEUEUFX1"
Task: {4ABACFDE-0F29-4669-A751-DAE7E17CBB3A} - System32\Tasks\UEUEUFX1 => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
Unlock: C:\WINDOWS\Tasks\UEUEUFX1.job
CMD: type "C:\WINDOWS\Tasks\UEUEUFX1.job"
Task: C:\WINDOWS\Tasks\UEUEUFX1.job => C:\ProgramData\SecurityUtility\SecurityUtility.exe <==== ATTENTION
C:\ProgramData\SecurityUtility
CMD: dir "%ProgramFiles%"
CMD: dir "%ProgramFiles(x86)%"
CMD: dir "%ProgramData%"
CMD: dir "%Appdata%"
CMD: dir "%LocalAppdata%"
CMD: dir "%CommonProgramFiles(x86)%"
CMD: dir "%CommonProgramW6432%"
CMD: dir "%UserProfile%"
CMD: dir "C:\"
RemoveProxy:
CMD: ipconfig /flushdns
CMD: netsh winsock reset
EmptyTemp:

*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15D012F2-24D8-4E74-BDD4-C42CB0E50187} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28F95D74-D10F-4E79-9995-598EDFF9C7F1} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B92386C-8A30-4944-A66F-2112F0CF2666} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5536D0E6-1A75-4D8D-AA28-AA848E6877EC} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9DED8FF7-C583-43B0-8BC7-DE6ADB01F0B8} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC5FC553-6AFE-490C-8E57-6979586AE2B3} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8EDF9E6-2538-4D5F-890D-62A624B6FD88} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD\SqmUpload_S-1-5-21-3843242997-120083883-219807361-1001 => key not found. 
"C:\Windows\System32\Tasks\UEUEUFX1" => not found.

========= type "C:\Windows\System32\Tasks\UEUEUFX1" =========

Das System kann die angegebene Datei nicht finden.

========= End of CMD: =========

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ABACFDE-0F29-4669-A751-DAE7E17CBB3A} => key not found. 
C:\WINDOWS\System32\Tasks\UEUEUFX1 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UEUEUFX1 => key not found. 
"C:\WINDOWS\Tasks\UEUEUFX1.job" => not found.

========= type "C:\WINDOWS\Tasks\UEUEUFX1.job" =========

Das System kann die angegebene Datei nicht finden.

========= End of CMD: =========

C:\WINDOWS\Tasks\UEUEUFX1.job => not found.
"C:\ProgramData\SecurityUtility" => not found.

========= dir "%ProgramFiles%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Program Files

19.07.2017  00:15    <DIR>          .
19.07.2017  00:15    <DIR>          ..
22.04.2017  12:43    <DIR>          Adobe
08.09.2015  04:31    <DIR>          Bonjour
14.05.2017  11:58    <DIR>          Common Files
19.05.2015  19:44    <DIR>          DAEMON Tools Lite
04.09.2015  18:08    <DIR>          Epic Games
24.06.2017  12:05    <DIR>          Ethcore
14.06.2017  02:20    <DIR>          Internet Explorer
19.05.2015  18:25    <DIR>          KMSpico
19.07.2017  00:15    <DIR>          Malwarebytes
13.09.2015  15:57    <DIR>          Microsoft Mouse and Keyboard Center
20.09.2015  16:01    <DIR>          Microsoft Silverlight
14.05.2017  21:37    <DIR>          MSBuild
09.10.2015  16:49    <DIR>          Native Instruments
01.06.2017  14:14    <DIR>          NVIDIA Corporation
14.05.2017  11:55    <DIR>          Realtek
14.05.2017  21:37    <DIR>          Reference Assemblies
12.09.2015  18:43    <DIR>          Tablet
14.06.2015  05:56    <DIR>          TabletPlugins
18.10.2016  17:10    <DIR>          TeamSpeak 3 Client
12.05.2017  09:16    <DIR>          UNP
13.07.2017  06:01    <DIR>          Windows Defender
14.05.2017  21:43    <DIR>          Windows Defender Advanced Threat Protection
19.03.2017  04:28    <DIR>          Windows Mail
14.05.2017  21:43    <DIR>          Windows Media Player
18.03.2017  23:03    <DIR>          Windows Multimedia Platform
18.03.2017  23:03    <DIR>          Windows NT
13.07.2017  06:01    <DIR>          Windows Photo Viewer
18.03.2017  23:03    <DIR>          Windows Portable Devices
18.03.2017  23:03    <DIR>          Windows Security
18.03.2017  23:03    <DIR>          WindowsPowerShell
09.10.2015  16:04    <DIR>          WinRAR
12.09.2015  17:38    <DIR>          WinZip
               0 Datei(en),              0 Bytes
              34 Verzeichnis(se), 39.613.358.080 Bytes frei

========= End of CMD: =========


========= dir "%ProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Program Files (x86)

28.06.2017  13:44    <DIR>          .
28.06.2017  13:44    <DIR>          ..
25.06.2017  18:06    <DIR>          Adobe
22.05.2015  23:10    <DIR>          AMD
15.04.2016  07:35    <DIR>          Anki
20.05.2015  06:47    <DIR>          ASUS
27.01.2016  17:13    <DIR>          Audible
19.07.2017  00:25    <DIR>          Avira
26.10.2016  18:31    <DIR>          Battle.net
08.09.2015  04:31    <DIR>          Bonjour
26.01.2017  18:21    <DIR>          BurnAware Free
14.05.2017  11:58    <DIR>          Common Files
28.06.2017  16:01    <DIR>          Entropia Universe
10.04.2017  19:50    <DIR>          epson
10.04.2017  19:50    <DIR>          EPSON Software
20.05.2015  21:07    <DIR>          Evernote
05.04.2017  13:07    <DIR>          FreeMind
16.04.2016  07:54    <DIR>          GameSpy Arcade
28.06.2017  13:44    <DIR>          Google
19.07.2017  00:11    <DIR>          Hi-Rez Studios
14.06.2017  02:20    <DIR>          Internet Explorer
28.01.2017  10:19    <DIR>          JAM Software
01.04.2016  04:41    <DIR>          Java
29.07.2015  10:50    <DIR>          Microsoft Chart Controls
20.09.2015  16:01    <DIR>          Microsoft Silverlight
12.02.2016  14:37    <DIR>          Microsoft XNA
18.03.2017  23:03    <DIR>          Microsoft.NET
14.05.2017  21:37    <DIR>          MSBuild
07.07.2015  16:45    <DIR>          My Company Name
24.05.2015  07:59    <DIR>          Notepad++
01.06.2017  14:14    <DIR>          NVIDIA Corporation
20.05.2015  21:04    <DIR>          OpenAL
14.07.2017  14:21    <DIR>          Opera
25.10.2016  15:18    <DIR>          Overwatch
26.01.2017  19:02    <DIR>          PokerStars.EU
12.09.2015  09:27    <DIR>          Polar
14.05.2017  21:37    <DIR>          Reference Assemblies
01.01.2016  18:57    <DIR>          Renegade X
24.03.2017  17:29    <DIR>          SecondLifeViewer
20.03.2017  17:00    <DIR>          Skype
25.05.2015  12:54    <DIR>          SpeedFan
18.07.2017  17:56    <DIR>          Steam
14.06.2015  05:56    <DIR>          TabletPlugins
06.12.2016  15:55    <DIR>          TomTom
07.10.2016  12:57    <DIR>          TomTom International B.V
23.05.2015  13:27    <DIR>          Ubisoft
01.06.2017  14:14    <DIR>          VulkanRT
13.07.2017  06:01    <DIR>          Windows Defender
19.03.2017  04:28    <DIR>          Windows Mail
14.05.2017  21:43    <DIR>          Windows Media Player
18.03.2017  23:03    <DIR>          Windows Multimedia Platform
18.03.2017  23:03    <DIR>          Windows NT
13.07.2017  06:01    <DIR>          Windows Photo Viewer
18.03.2017  23:03    <DIR>          Windows Portable Devices
18.03.2017  23:03    <DIR>          WindowsPowerShell
               0 Datei(en),              0 Bytes
              55 Verzeichnis(se), 39.613.300.736 Bytes frei

========= End of CMD: =========


========= dir "%ProgramData%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\ProgramData

11.11.2015  12:57    <DIR>          .mono
10.05.2017  20:44    <DIR>          Ableton
22.04.2017  12:43    <DIR>          Adobe
08.09.2015  04:31    <DIR>          Apple
19.09.2016  18:04    <DIR>          Battle.net
19.09.2016  18:05    <DIR>          Blizzard Entertainment
20.05.2015  06:49    <DIR>          Bohemia Interactive
11.05.2017  08:14    <DIR>          boost_interprocess
17.01.2017  18:30    <DIR>          Caphyon
16.07.2016  13:47    <DIR>          Comms
19.05.2015  19:43    <DIR>          DAEMON Tools Lite
10.04.2017  19:50    <DIR>          EPSON
18.09.2016  14:49    <DIR>          Hi-Rez Studios
28.06.2016  21:44    <DIR>          LogMeIn
19.07.2017  00:15    <DIR>          Malwarebytes
14.05.2017  12:40    <DIR>          Microsoft OneDrive
12.09.2015  16:17    <DIR>          Native Instruments
19.07.2017  15:11    <DIR>          NVIDIA
01.06.2017  14:14    <DIR>          NVIDIA Corporation
01.04.2016  04:41    <DIR>          Oracle
19.07.2017  00:25    <DIR>          Package Cache
14.05.2017  12:01    <DIR>          regid.1986-12.com.adobe
14.05.2017  12:06    <DIR>          regid.1991-06.com.microsoft
19.05.2015  20:18    <DIR>          RELOADED
20.03.2017  17:00    <DIR>          Skype
18.03.2017  23:03    <DIR>          SoftwareDistribution
12.09.2015  17:34    <DIR>          UniqueId
14.05.2017  12:08    <DIR>          USOPrivate
14.05.2017  12:08    <DIR>          USOShared
19.03.2017  04:31    <DIR>          WindowsHolographicDevices
12.09.2015  17:49    <DIR>          WinZip
               0 Datei(en),              0 Bytes
              31 Verzeichnis(se), 39.613.251.584 Bytes frei

========= End of CMD: =========


========= dir "%Appdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Users\yuk\AppData\Roaming

19.07.2017  00:30    <DIR>          .
19.07.2017  00:30    <DIR>          ..
11.11.2015  12:57    <DIR>          .mono
09.02.2016  17:37    <DIR>          A Bird Story
10.02.2017  17:16    <DIR>          Ableton
25.06.2017  18:06    <DIR>          Adobe
16.07.2017  19:47                33 AdobeWLCMCache.dat
13.02.2016  20:10    <DIR>          Arrowhead
18.08.2015  18:55    <DIR>          Awesomium
19.09.2016  18:06    <DIR>          Battle.net
28.06.2016  21:39    <DIR>          Bloody Trapland
22.11.2015  14:11    <DIR>          BrawlhallaAir
30.07.2015  09:33               301 BreakingPoint_Login.ini
30.07.2015  10:17             1.380 BreakingPoint_Options.ini
26.01.2017  18:36               200 burnaware.ini
20.04.2016  06:21    <DIR>          cef-cache
15.07.2017  02:57    <DIR>          Chaincoin
30.05.2015  15:07    <DIR>          DAEMON Tools Lite
01.07.2017  06:13    <DIR>          discord
10.04.2017  19:50    <DIR>          Epson
23.05.2015  17:47    <DIR>          Identities
28.01.2017  10:19    <DIR>          JAM Software
19.05.2015  18:24    <DIR>          Macromedia
16.12.2015  07:18    <DIR>          Mozilla
24.05.2015  08:00    <DIR>          Notepad++
29.05.2015  06:34    <DIR>          NVIDIA
27.05.2015  21:15    <DIR>          Opera Software
24.06.2017  12:05    <DIR>          Parity
07.09.2016  09:13    <DIR>          Polar WebSync
20.04.2016  06:21    <DIR>          PPNetDE
06.07.2015  20:26    <DIR>          Publish Providers
03.02.2016  04:27    <DIR>          reprisal
24.03.2017  17:30    <DIR>          SecondLife
28.07.2015  09:24    <DIR>          Shooter
15.07.2017  02:57    <DIR>          Sia-UI
17.07.2017  02:23    <DIR>          Skype
06.07.2015  20:26    <DIR>          Sony
21.11.2015  23:49    <DIR>          SpaceEngineers
04.10.2015  11:21    <DIR>          stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66
04.10.2015  11:24    <DIR>          stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928
10.02.2016  05:07    <DIR>          Sun
22.05.2017  15:28    <DIR>          Talisman
22.08.2016  13:14    <DIR>          Teeworlds
28.01.2017  12:32    <DIR>          The Witness
17.01.2017  18:30    <DIR>          The Zombie Infection
10.02.2016  13:23    <DIR>          To the Moon - Freebird Games
29.06.2016  13:40    <DIR>          Trine2
28.07.2015  08:52    <DIR>          Trove
08.07.2017  05:06    <DIR>          TS3Client
13.08.2015  22:27    <DIR>          Tunngle
06.06.2015  17:56    <DIR>          Vuze Leap
09.10.2015  16:04    <DIR>          WinRAR
13.11.2015  14:44    <DIR>          WizardWars
19.07.2017  15:11    <DIR>          Writefull
14.06.2015  05:57    <DIR>          WTablet
               4 Datei(en),          1.914 Bytes
              51 Verzeichnis(se), 39.613.186.048 Bytes frei

========= End of CMD: =========


========= dir "%LocalAppdata%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Users\yuk\AppData\Local

19.07.2017  15:11    <DIR>          .
19.07.2017  15:11    <DIR>          ..
06.09.2015  10:16    <DIR>          4A Games
11.12.2015  15:22    <DIR>          ActiveSync
19.07.2017  15:00    <DIR>          Adobe
26.01.2017  18:33    <DIR>          Apps
17.01.2017  19:02    <DIR>          Arma 3
17.01.2017  19:22    <DIR>          Arma 3 Launcher
07.02.2016  10:43    <DIR>          arma3launcher
26.10.2016  18:32    <DIR>          Battle.net
19.09.2016  18:06    <DIR>          Blizzard Entertainment
20.05.2015  06:44    <DIR>          Bohemia_Interactive
29.07.2015  12:28    <DIR>          BoringManGame
22.07.2015  16:07    <DIR>          CEF
13.12.2016  07:57    <DIR>          Chromium
11.11.2015  12:57    <DIR>          Colossal Order
13.07.2017  01:11    <DIR>          Comms
14.05.2017  12:38    <DIR>          ConnectedDevicesPlatform
27.04.2017  17:45    <DIR>          CrashDumps
26.05.2017  23:49    <DIR>          DBG
30.06.2017  11:02    <DIR>          Diagnostics
27.06.2017  18:48    <DIR>          Discord
22.05.2015  23:10    <DIR>          Downloaded Installations
03.07.2016  12:10    <DIR>          ElevatedDiagnostics
16.01.2016  19:33    <DIR>          EthanCarter
20.05.2015  21:08    <DIR>          Evernote
17.01.2016  06:17    <DIR>          Fallout4
23.05.2017  22:23    <DIR>          Foxhole
20.02.2016  18:19    <DIR>          Game Dev Tycoon - Steam
03.12.2016  09:12    <DIR>          Google
16.06.2015  12:29    <DIR>          GWX
17.04.2016  15:57    <DIR>          Harebrained Schemes
18.09.2016  14:46    <DIR>          HirezLauncherUI
20.11.2015  23:47    <DIR>          Infernum_Productions
26.06.2016  09:18    <DIR>          IsolatedStorage
17.02.2016  18:46    <DIR>          KADOKAWA
27.07.2015  13:17    <DIR>          LauncherTwo
28.06.2016  21:44    <DIR>          LogMeIn
19.09.2015  12:27    <DIR>          Macromedia
28.05.2017  21:34    <DIR>          Microsoft
09.06.2016  16:26    <DIR>          MicrosoftEdge
20.02.2016  17:40    <DIR>          Mind_Pathtothalamus
19.09.2015  12:21    <DIR>          Mozilla
06.02.2016  15:29    <DIR>          mslug3
25.07.2015  15:10    <DIR>          My Games
12.09.2015  16:06    <DIR>          Native Instruments
19.10.2016  06:35    <DIR>          NVIDIA
19.10.2016  06:35    <DIR>          NVIDIA Corporation
27.05.2015  21:15    <DIR>          Opera Software
13.07.2017  01:05    <DIR>          Packages
23.10.2016  14:34    <DIR>          PackageStaging
24.06.2017  12:05    <DIR>          Parity
28.05.2016  12:45    <DIR>          PAYDAY 2
20.09.2015  09:39    <DIR>          PeerDistRepub
26.01.2017  19:02    <DIR>          PokerStars.EU
28.03.2017  18:15    <DIR>          Programs
19.09.2015  09:33    <DIR>          Publishers
20.05.2015  21:29    <DIR>          PunkBuster
21.11.2015  00:31    <DIR>          QQSM
05.07.2017  18:48                17 resmon.resmoncfg
19.06.2017  23:39    <DIR>          SecondLife
28.12.2015  17:36    <DIR>          Skype
12.07.2015  12:54    <DIR>          Sony
27.06.2017  18:48    <DIR>          SquirrelTemp
13.12.2016  07:57    <DIR>          Steam
04.10.2015  11:21    <DIR>          stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66
04.10.2015  11:24    <DIR>          stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928
19.07.2017  15:11    <DIR>          Temp
17.04.2017  15:22    <DIR>          Tempzxpsign003931aa4060e12c
14.02.2017  19:00    <DIR>          Tempzxpsign00d8fa9552f5c3d8
15.02.2017  17:17    <DIR>          Tempzxpsign0189117735ba7c3d
12.03.2017  22:47    <DIR>          Tempzxpsign01f56dceb6e2f7e6
24.02.2017  20:50    <DIR>          Tempzxpsign021f00e5ad5f1317
17.04.2017  15:03    <DIR>          Tempzxpsign02c350f3f0b41bc1
17.04.2017  13:32    <DIR>          Tempzxpsign02faa8d1c3fb7301
25.03.2017  10:30    <DIR>          Tempzxpsign0368bcdaaddf8a05
28.02.2017  20:58    <DIR>          Tempzxpsign049eab72128a7349
28.06.2017  13:29    <DIR>          Tempzxpsign04fd5c63b38afe12
19.04.2017  21:02    <DIR>          Tempzxpsign0578b81cc82017a8
01.04.2017  22:28    <DIR>          Tempzxpsign05c9da0712e8f808
24.03.2017  17:14    <DIR>          Tempzxpsign06186195ee16cfb4
24.04.2017  16:12    <DIR>          Tempzxpsign064cb941f15c9594
18.02.2017  17:12    <DIR>          Tempzxpsign07069e78c452f57e
01.04.2017  15:19    <DIR>          Tempzxpsign0791c2ed8910ca6a
18.04.2017  20:06    <DIR>          Tempzxpsign08b2d605d954836a
25.02.2017  15:58    <DIR>          Tempzxpsign08efa1d1af8caf5d
15.02.2017  08:46    <DIR>          Tempzxpsign09bca95d9f01a135
17.04.2017  11:36    <DIR>          Tempzxpsign0a62d6c7cb3a0115
25.02.2017  15:38    <DIR>          Tempzxpsign0afccc990c7f3fa1
25.02.2017  15:57    <DIR>          Tempzxpsign0b219f81b1a58de9
15.02.2017  08:21    <DIR>          Tempzxpsign0be441308005263a
01.03.2017  21:03    <DIR>          Tempzxpsign0c846ccac455a0e3
16.02.2017  16:49    <DIR>          Tempzxpsign0cb8e8470e049ba3
26.04.2017  16:56    <DIR>          Tempzxpsign0dcb7d4189937eae
13.03.2017  19:56    <DIR>          Tempzxpsign0ea5b307d0e80b4b
16.02.2017  16:49    <DIR>          Tempzxpsign0ea9aa8d99623d0a
04.04.2017  21:32    <DIR>          Tempzxpsign105274e0c064a3e0
01.03.2017  20:04    <DIR>          Tempzxpsign1059e246ac0546ff
13.07.2017  21:40    <DIR>          Tempzxpsign10ab782c206575ee
13.07.2017  21:39    <DIR>          Tempzxpsign1298faa7ae0ffb34
23.04.2017  19:17    <DIR>          Tempzxpsign12eb9d1e40f73247
21.04.2017  16:20    <DIR>          Tempzxpsign13adaa6c5fc60e10
15.04.2017  10:44    <DIR>          Tempzxpsign1435eafbd10704b9
03.07.2017  15:39    <DIR>          Tempzxpsign15bb920bdd8542bc
24.02.2017  20:32    <DIR>          Tempzxpsign172f5b8f205a0b75
01.03.2017  22:14    <DIR>          Tempzxpsign17b399d751c9a657
23.04.2017  11:28    <DIR>          Tempzxpsign18978c1d6a286697
13.07.2017  21:52    <DIR>          Tempzxpsign18d4b9f127dffb93
15.03.2017  18:28    <DIR>          Tempzxpsign19b81278377dbdef
01.04.2017  23:04    <DIR>          Tempzxpsign19c1d42447434eb5
17.02.2017  09:41    <DIR>          Tempzxpsign1a099b6203702d8a
25.02.2017  15:38    <DIR>          Tempzxpsign1b02070970cd7a35
25.02.2017  11:15    <DIR>          Tempzxpsign1b4961e7c7a8db46
24.02.2017  21:03    <DIR>          Tempzxpsign1b7782318c78b334
18.02.2017  14:23    <DIR>          Tempzxpsign1c4943ed62c2dfe6
12.03.2017  16:18    <DIR>          Tempzxpsign1c79726c6646b551
13.03.2017  18:36    <DIR>          Tempzxpsign1c8362d7772953df
12.03.2017  16:27    <DIR>          Tempzxpsign1ca47d9fbc687366
01.04.2017  20:13    <DIR>          Tempzxpsign1cf29e61916bef1b
13.03.2017  17:34    <DIR>          Tempzxpsign1d541a06d3852150
24.02.2017  21:11    <DIR>          Tempzxpsign1e4b2b3205f68ac1
15.02.2017  23:04    <DIR>          Tempzxpsign1e9b768e2a3f79c3
16.02.2017  16:16    <DIR>          Tempzxpsign1eae6a96064db313
24.02.2017  21:12    <DIR>          Tempzxpsign1ece226aaa04947a
15.02.2017  17:17    <DIR>          Tempzxpsign20ab0c11e3571e3c
10.05.2017  18:33    <DIR>          Tempzxpsign20af566f1e894879
26.02.2017  01:35    <DIR>          Tempzxpsign21163b5589ee99fe
01.03.2017  20:04    <DIR>          Tempzxpsign21b4f421f7119573
26.04.2017  16:56    <DIR>          Tempzxpsign224273c2931482a7
21.04.2017  16:22    <DIR>          Tempzxpsign2247fbb140227914
13.07.2017  21:55    <DIR>          Tempzxpsign22b248e799dcec20
25.04.2017  16:38    <DIR>          Tempzxpsign22f7eba9fa9cc1ba
10.03.2017  09:21    <DIR>          Tempzxpsign254dbf4a18ba79df
25.02.2017  16:43    <DIR>          Tempzxpsign25c980f61a79c703
01.04.2017  23:13    <DIR>          Tempzxpsign25cbde1170ad5146
18.04.2017  08:34    <DIR>          Tempzxpsign267aa1029fd98913
20.04.2017  22:16    <DIR>          Tempzxpsign275bed0cd510f541
04.04.2017  15:09    <DIR>          Tempzxpsign27931ca3f9d8a11e
26.02.2017  01:34    <DIR>          Tempzxpsign27e5eda32a6a563e
19.04.2017  21:21    <DIR>          Tempzxpsign27f63392a5631e28
20.04.2017  08:09    <DIR>          Tempzxpsign2a0197d615026e0c
12.03.2017  16:18    <DIR>          Tempzxpsign2a18f1bd46e11673
24.02.2017  21:03    <DIR>          Tempzxpsign2a656a7a35eee5e5
22.04.2017  16:56    <DIR>          Tempzxpsign2a7c7ebad521b451
02.03.2017  18:06    <DIR>          Tempzxpsign2a816e4a1c82dfbd
19.04.2017  15:52    <DIR>          Tempzxpsign2beff888a7c48eba
13.03.2017  17:34    <DIR>          Tempzxpsign2cc363f874b06530
25.02.2017  16:43    <DIR>          Tempzxpsign2d560fb8b6ef1129
15.02.2017  08:55    <DIR>          Tempzxpsign2ed5d53184db0e56
13.03.2017  19:56    <DIR>          Tempzxpsign2f085a9f2dff8b74
23.04.2017  11:43    <DIR>          Tempzxpsign3122dd26e3364b55
22.04.2017  12:44    <DIR>          Tempzxpsign314798a481a0f339
15.04.2017  10:49    <DIR>          Tempzxpsign317493246edd82c3
28.06.2017  11:16    <DIR>          Tempzxpsign32243907df5452f1
01.03.2017  22:16    <DIR>          Tempzxpsign334a376b51693541
24.03.2017  17:14    <DIR>          Tempzxpsign338e436e8cac4992
24.02.2017  09:43    <DIR>          Tempzxpsign35368ecf4a80795b
20.03.2017  18:21    <DIR>          Tempzxpsign3594221191d04d6a
10.03.2017  16:57    <DIR>          Tempzxpsign363b1da99158b6e5
20.03.2017  18:20    <DIR>          Tempzxpsign372e095b445db305
15.02.2017  23:04    <DIR>          Tempzxpsign37d26da47b2248a4
15.02.2017  08:46    <DIR>          Tempzxpsign37ea7d9bbb9a3965
10.03.2017  09:21    <DIR>          Tempzxpsign384f81a7a20b2ae5
14.02.2017  18:12    <DIR>          Tempzxpsign3a6426ab7b02ab63
01.03.2017  22:14    <DIR>          Tempzxpsign3ae01937d1a3a17c
20.04.2017  22:16    <DIR>          Tempzxpsign3ba1f4ce634ea18a
17.04.2017  14:38    <DIR>          Tempzxpsign3cc6b7a4711cab44
24.02.2017  16:59    <DIR>          Tempzxpsign3cdd46fcd77619a7
17.04.2017  15:26    <DIR>          Tempzxpsign3d21aa2fbb647716
24.03.2017  12:03    <DIR>          Tempzxpsign3d572392159a5fb9
25.02.2017  16:43    <DIR>          Tempzxpsign3de223059e20a4c1
20.04.2017  21:13    <DIR>          Tempzxpsign3f09f2736647d070
22.04.2017  13:59    <DIR>          Tempzxpsign3f48cf6dd417805e
10.05.2017  18:33    <DIR>          Tempzxpsign3fae63e8e2ed5901
11.07.2017  15:22    <DIR>          Tempzxpsign3fedaf8a159f6dbe
15.03.2017  18:26    <DIR>          Tempzxpsign4013d6bb74da7b6c
21.04.2017  16:27    <DIR>          Tempzxpsign40d2ac0382ce9fe2
17.02.2017  23:15    <DIR>          Tempzxpsign417bf1fe52d16b22
21.04.2017  15:02    <DIR>          Tempzxpsign41adf23e10f68b78
25.03.2017  10:29    <DIR>          Tempzxpsign4251cc56a18ac3b4
13.03.2017  17:35    <DIR>          Tempzxpsign42652c205eebe1ba
24.02.2017  21:04    <DIR>          Tempzxpsign42bcaf9280a7736c
16.02.2017  16:12    <DIR>          Tempzxpsign43842570bb5daa23
24.02.2017  20:50    <DIR>          Tempzxpsign43b0523204d06b51
10.03.2017  17:00    <DIR>          Tempzxpsign441b7abd127ce7d9
21.04.2017  21:48    <DIR>          Tempzxpsign444f04a46b0c964a
02.03.2017  21:04    <DIR>          Tempzxpsign44c4139688962ecf
24.03.2017  13:09    <DIR>          Tempzxpsign45ad2f8f4aef3ef4
23.04.2017  19:17    <DIR>          Tempzxpsign45d5f1a5e6309878
15.02.2017  08:20    <DIR>          Tempzxpsign46528644891165c3
17.02.2017  15:52    <DIR>          Tempzxpsign4735a7b5c6079d23
24.02.2017  20:34    <DIR>          Tempzxpsign485b3c77f751acd1
16.02.2017  16:12    <DIR>          Tempzxpsign48be0d7b40720513
24.02.2017  21:15    <DIR>          Tempzxpsign4a28833e42c01935
22.04.2017  12:45    <DIR>          Tempzxpsign4a8e6fea622ea773
17.04.2017  14:52    <DIR>          Tempzxpsign4b01407453cf7c18
04.03.2017  12:41    <DIR>          Tempzxpsign4b4a6fff76576a62
17.04.2017  14:38    <DIR>          Tempzxpsign4b538c130537910d
01.04.2017  20:13    <DIR>          Tempzxpsign4b7f1087c95ebb7e
28.02.2017  20:59    <DIR>          Tempzxpsign4becd31206bdc578
23.04.2017  15:06    <DIR>          Tempzxpsign4c89a825d280eebc
25.02.2017  17:22    <DIR>          Tempzxpsign4ce3b91ecb043bcc
26.04.2017  16:53    <DIR>          Tempzxpsign4ce62002b31690e2
04.04.2017  21:33    <DIR>          Tempzxpsign4e477382a7fbb9c2
22.04.2017  16:44    <DIR>          Tempzxpsign4ea63f1e07a9fd48
28.02.2017  20:57    <DIR>          Tempzxpsign4fbe4db6016d595c
01.04.2017  17:54    <DIR>          Tempzxpsign5061dc86d421edee
25.02.2017  15:58    <DIR>          Tempzxpsign52683955b5fc0ef2
12.04.2017  16:11    <DIR>          Tempzxpsign54726875763ac0fa
19.04.2017  21:02    <DIR>          Tempzxpsign54ba44580e89b0b1
13.03.2017  17:34    <DIR>          Tempzxpsign54eeca2d81b5d6c2
25.06.2017  19:35    <DIR>          Tempzxpsign5568de062ffd86c3
17.02.2017  23:22    <DIR>          Tempzxpsign5574a8e444d22e80
13.03.2017  19:59    <DIR>          Tempzxpsign56e8bfd3ac9a806f
12.03.2017  22:48    <DIR>          Tempzxpsign5722697e127cfb64
25.02.2017  15:58    <DIR>          Tempzxpsign57cf28c92b073628
26.04.2017  20:35    <DIR>          Tempzxpsign587093f05e6c0b3b
15.03.2017  09:28    <DIR>          Tempzxpsign5918a50041475da9
24.04.2017  17:04    <DIR>          Tempzxpsign5991698f7cd66e3e
26.04.2017  16:53    <DIR>          Tempzxpsign5a16ba6d45af4328
25.02.2017  15:58    <DIR>          Tempzxpsign5a9ad23822efa59f
10.03.2017  16:57    <DIR>          Tempzxpsign5ad7c6991f3f6d7f
18.02.2017  12:51    <DIR>          Tempzxpsign5bf2710e39b15d81
27.02.2017  18:32    <DIR>          Tempzxpsign5c30dc8121d61aa8
02.03.2017  21:04    <DIR>          Tempzxpsign5c9005b1e42bebdd
17.02.2017  15:52    <DIR>          Tempzxpsign5cbbaf45440a340b
27.02.2017  18:32    <DIR>          Tempzxpsign5dec7c8958fc5177
15.02.2017  08:20    <DIR>          Tempzxpsign5e1b7e98e3e5a954
26.04.2017  16:54    <DIR>          Tempzxpsign5e23f69c3d4e3632
13.03.2017  18:36    <DIR>          Tempzxpsign5e469e5a2ba4331c
27.02.2017  18:32    <DIR>          Tempzxpsign5ebb49e03627a931
20.04.2017  16:59    <DIR>          Tempzxpsign5fd2d52c455dee12
24.02.2017  21:11    <DIR>          Tempzxpsign601720547b23da0e
21.04.2017  16:22    <DIR>          Tempzxpsign602d2e7967a32845
26.02.2017  01:34    <DIR>          Tempzxpsign611fb1fecd50ec5d
17.04.2017  13:32    <DIR>          Tempzxpsign616bcd859ceead41
22.04.2017  12:45    <DIR>          Tempzxpsign623782425b8627ac
20.04.2017  08:09    <DIR>          Tempzxpsign62f02f0d4c08de3e
25.02.2017  11:15    <DIR>          Tempzxpsign6317f937ee9975c7
28.06.2017  11:16    <DIR>          Tempzxpsign657c088acb6bcc64
24.04.2017  17:04    <DIR>          Tempzxpsign658fc89d3af52ab4
04.04.2017  21:33    <DIR>          Tempzxpsign65a4668f1a4a8bc0
18.04.2017  08:34    <DIR>          Tempzxpsign666022039ec9b437
24.02.2017  19:59    <DIR>          Tempzxpsign670c945ff9a1981c
24.02.2017  09:43    <DIR>          Tempzxpsign6768f04ee7492097
20.04.2017  22:16    <DIR>          Tempzxpsign67dc7fcf80732c8c
17.04.2017  14:57    <DIR>          Tempzxpsign68c4f93462bd6119
21.04.2017  16:22    <DIR>          Tempzxpsign68d5cb56c254a393
17.04.2017  11:36    <DIR>          Tempzxpsign68dd9ac1ce7b7185
11.07.2017  15:25    <DIR>          Tempzxpsign691e163531e0b57f
18.04.2017  20:06    <DIR>          Tempzxpsign6b13b3ebedd2f500
21.04.2017  18:11    <DIR>          Tempzxpsign6c21a16d00c07ab7
22.04.2017  16:56    <DIR>          Tempzxpsign6c4f4ea7e623897b
11.04.2017  16:23    <DIR>          Tempzxpsign6d3d05538216a277
17.04.2017  14:56    <DIR>          Tempzxpsign6d7f6440aff7fa15
15.03.2017  18:26    <DIR>          Tempzxpsign6e4cfd970bf1b8d6
04.04.2017  15:14    <DIR>          Tempzxpsign6ed2f4356c7d30ab
28.06.2017  13:29    <DIR>          Tempzxpsign71509ec51adf90ba
02.03.2017  21:04    <DIR>          Tempzxpsign7396a884325c05ae
17.02.2017  09:40    <DIR>          Tempzxpsign74710f6949ac7067
27.06.2017  18:06    <DIR>          Tempzxpsign74db16fde766e162
28.02.2017  21:00    <DIR>          Tempzxpsign7501fd26d19b81bf
17.04.2017  14:38    <DIR>          Tempzxpsign77a692337767ceb6
15.03.2017  18:25    <DIR>          Tempzxpsign77ca21057f2a7d0e
21.04.2017  21:48    <DIR>          Tempzxpsign785a9d870a716d82
20.04.2017  17:08    <DIR>          Tempzxpsign799e2fa7b736c580
19.04.2017  15:56    <DIR>          Tempzxpsign7a19af29b9a16c8c
18.04.2017  20:08    <DIR>          Tempzxpsign7a420971fc2234bd
20.04.2017  21:13    <DIR>          Tempzxpsign7c10cced5bc07a9e
01.03.2017  22:16    <DIR>          Tempzxpsign7d61d528017ef18d
02.03.2017  21:04    <DIR>          Tempzxpsign7dbc4face2b614d8
24.04.2017  17:08    <DIR>          Tempzxpsign7de8af33ee01e7b1
17.04.2017  15:22    <DIR>          Tempzxpsign7e7cb86dd1654e46
26.02.2017  01:40    <DIR>          Tempzxpsign7e850b9110caacb9
18.04.2017  22:12    <DIR>          Tempzxpsign7f7ec933e36953e5
22.04.2017  12:48    <DIR>          Tempzxpsign7fa106d48998065f
08.07.2017  04:15    <DIR>          Tempzxpsign803a511bf64b2a7b
26.02.2017  01:40    <DIR>          Tempzxpsign80cf2706e8e6653d
01.03.2017  22:16    <DIR>          Tempzxpsign83723862d84f1f29
28.06.2017  03:20    <DIR>          Tempzxpsign84f89191745e24b1
24.02.2017  21:10    <DIR>          Tempzxpsign8658b7da505522e4
25.06.2017  19:35    <DIR>          Tempzxpsign87161b0f3dc7f63e
22.04.2017  16:44    <DIR>          Tempzxpsign8797843acd16d0da
21.04.2017  16:22    <DIR>          Tempzxpsign87b6367effd630a7
13.03.2017  17:37    <DIR>          Tempzxpsign8811d75cc7c123f6
25.04.2017  16:29    <DIR>          Tempzxpsign8822cb1ecaba5a4e
17.04.2017  13:49    <DIR>          Tempzxpsign886b622c0c266eff
24.02.2017  20:32    <DIR>          Tempzxpsign89eb7fefa7820b59
17.02.2017  09:40    <DIR>          Tempzxpsign8a1c0a4236a61ffc
26.04.2017  16:22    <DIR>          Tempzxpsign8ae2740d7a67989c
24.02.2017  19:59    <DIR>          Tempzxpsign8bfaf00ce60af9fc
20.03.2017  18:20    <DIR>          Tempzxpsign8cb7c9845be5618c
18.07.2017  01:25    <DIR>          Tempzxpsign8d0021bddd45850f
18.04.2017  22:07    <DIR>          Tempzxpsign8d0b74ceec55ccca
01.03.2017  22:26    <DIR>          Tempzxpsign8ea2ecaae0371d74
24.02.2017  16:59    <DIR>          Tempzxpsign8f33e4e81eb87cd3
02.03.2017  18:06    <DIR>          Tempzxpsign9099c339ecc633b4
17.04.2017  14:48    <DIR>          Tempzxpsign915a89e80005a861
12.03.2017  16:19    <DIR>          Tempzxpsign92169e45ac6ced18
01.03.2017  22:16    <DIR>          Tempzxpsign92ddc41adcd15860
13.07.2017  21:40    <DIR>          Tempzxpsign930cff8b7f6e3f4e
25.02.2017  15:56    <DIR>          Tempzxpsign952ff4f1b1d9d767
21.04.2017  21:13    <DIR>          Tempzxpsign95419bf1e0e7f990
03.07.2017  15:39    <DIR>          Tempzxpsign95814f4f98e5fd87
13.07.2017  21:39    <DIR>          Tempzxpsign95dd2b0ed413f2c2
16.02.2017  16:12    <DIR>          Tempzxpsign96f062c8d2ae2165
15.03.2017  18:25    <DIR>          Tempzxpsign974496c6ae4271ef
04.04.2017  15:09    <DIR>          Tempzxpsign97db82959aca2ec1
18.04.2017  22:12    <DIR>          Tempzxpsign98e08635dfb997c4
18.04.2017  22:12    <DIR>          Tempzxpsign99585a0677e84690
12.03.2017  22:47    <DIR>          Tempzxpsign99989f04503dbd87
17.02.2017  23:15    <DIR>          Tempzxpsign99e2e015d9e046f1
03.07.2017  15:42    <DIR>          Tempzxpsign9a5c28e1286a561b
28.02.2017  20:57    <DIR>          Tempzxpsign9add68d75ee74c82
28.02.2017  20:57    <DIR>          Tempzxpsign9ae25c98dff89b1e
24.04.2017  21:03    <DIR>          Tempzxpsign9b0c412529b0e9d2
25.03.2017  10:29    <DIR>          Tempzxpsign9b71249b4774d667
21.04.2017  14:51    <DIR>          Tempzxpsign9b9113d3609e82d2
12.03.2017  16:18    <DIR>          Tempzxpsign9c16e68504d53466
23.04.2017  11:28    <DIR>          Tempzxpsign9ce81215c028db1d
21.04.2017  21:48    <DIR>          Tempzxpsign9e12154d17620071
18.04.2017  22:07    <DIR>          Tempzxpsign9e8eea873edb6f05
24.02.2017  21:17    <DIR>          Tempzxpsign9ea43cb98ac4ea7f
13.03.2017  17:35    <DIR>          Tempzxpsign9ef6254c970ed5f5
17.04.2017  14:57    <DIR>          Tempzxpsign9f84e80843b567f8
25.02.2017  10:33    <DIR>          Tempzxpsign9fcc0e292bd1be91
01.04.2017  23:15    <DIR>          Tempzxpsigna013d5e3f33a9466
23.04.2017  19:17    <DIR>          Tempzxpsigna1fb79666b28c6f7
15.02.2017  23:04    <DIR>          Tempzxpsigna26ebdcfb67a62ac
25.02.2017  15:58    <DIR>          Tempzxpsigna28d47dea666a6ce
20.04.2017  16:36    <DIR>          Tempzxpsigna32b0dc9fe8c6e95
21.04.2017  16:20    <DIR>          Tempzxpsigna4689f62af7b5c9a
24.02.2017  21:15    <DIR>          Tempzxpsigna4e6008c3d2e380d
11.03.2017  13:09    <DIR>          Tempzxpsigna531e651a7270957
15.03.2017  09:28    <DIR>          Tempzxpsigna5a4a2bda9c18cbf
17.07.2017  18:49    <DIR>          Tempzxpsigna659908c3c042600
11.03.2017  13:09    <DIR>          Tempzxpsigna6bfbb13f8bb088f
24.02.2017  16:59    <DIR>          Tempzxpsigna6f1586d9a615759
17.07.2017  18:49    <DIR>          Tempzxpsigna93330d847d30df6
12.04.2017  16:11    <DIR>          Tempzxpsigna98fab010a9ff871
18.02.2017  13:42    <DIR>          Tempzxpsigna9f05769eb9d190c
16.02.2017  16:50    <DIR>          Tempzxpsignab0232c09163a7db
26.02.2017  01:43    <DIR>          Tempzxpsignabcfc5af46285c77
22.04.2017  12:44    <DIR>          Tempzxpsignaca7e87ada3e50b0
15.02.2017  08:46    <DIR>          Tempzxpsignacc059fb68eda83d
18.04.2017  08:36    <DIR>          Tempzxpsignae2afc026c2c0b4e
17.04.2017  14:48    <DIR>          Tempzxpsignae57b5cfd22b1a12
28.02.2017  20:58    <DIR>          Tempzxpsignae7ea3b2be91f513
18.02.2017  13:40    <DIR>          Tempzxpsignaf054d4056e5577d
02.03.2017  21:04    <DIR>          Tempzxpsignaf629eb5fa95656d
17.04.2017  15:15    <DIR>          Tempzxpsignaf943e14cf7cfd90
15.02.2017  08:55    <DIR>          Tempzxpsignaf9e73179f3e459a
25.02.2017  16:46    <DIR>          Tempzxpsignb02fe959a580aedd
26.04.2017  16:17    <DIR>          Tempzxpsignb0fcb26aab5b1ada
27.02.2017  18:37    <DIR>          Tempzxpsignb1a98437f4080438
01.03.2017  22:14    <DIR>          Tempzxpsignb215412af5c36d8e
26.02.2017  01:40    <DIR>          Tempzxpsignb28edb80e5262bbd
21.04.2017  16:22    <DIR>          Tempzxpsignb3ab6e7fab3d95ce
13.07.2017  21:52    <DIR>          Tempzxpsignb3c26d14701f90fd
12.03.2017  22:47    <DIR>          Tempzxpsignb4068ada791ffd75
17.04.2017  14:52    <DIR>          Tempzxpsignb4cda04f232592a1
22.04.2017  16:48    <DIR>          Tempzxpsignb5d2c206bfddf4ab
18.07.2017  01:20    <DIR>          Tempzxpsignb641b4b9cbdaa7f3
17.02.2017  09:40    <DIR>          Tempzxpsignb72712ff140ccc90
17.04.2017  11:36    <DIR>          Tempzxpsignb74f86c0134e5c9d
19.04.2017  21:02    <DIR>          Tempzxpsignb82169dfffa6da4e
26.04.2017  20:35    <DIR>          Tempzxpsignba1adae49669688c
01.04.2017  23:13    <DIR>          Tempzxpsignbabbe55eaae5d705
08.07.2017  04:15    <DIR>          Tempzxpsignbd8d4b30cc7b0a63
15.02.2017  08:46    <DIR>          Tempzxpsignbde9f435d634f3bd
19.04.2017  15:52    <DIR>          Tempzxpsignbf17cc9cbc2901b1
15.02.2017  17:19    <DIR>          Tempzxpsignbf433ddcc321e469
15.03.2017  18:25    <DIR>          Tempzxpsignc0a2a1644ca8cfe4
19.04.2017  21:21    <DIR>          Tempzxpsignc0e590825ac79185
15.02.2017  17:17    <DIR>          Tempzxpsignc13fd9ac8d65bbf7
20.04.2017  16:36    <DIR>          Tempzxpsignc27a2f6053581d20
14.04.2017  17:26    <DIR>          Tempzxpsignc2b51c248ed6c0d9
18.04.2017  22:08    <DIR>          Tempzxpsignc2de059b921f7b39
15.03.2017  18:25    <DIR>          Tempzxpsignc3324a43a6284ba6
14.04.2017  13:55    <DIR>          Tempzxpsignc371ba3989d28ffa
10.03.2017  09:21    <DIR>          Tempzxpsignc58480bd0d2c2af3
18.02.2017  13:40    <DIR>          Tempzxpsignc5bdf4af020a9469
13.07.2017  21:40    <DIR>          Tempzxpsignc5fa6dc60df608fe
20.04.2017  08:09    <DIR>          Tempzxpsignc62272805e705abc
28.02.2017  21:03    <DIR>          Tempzxpsignc7540fc9862b1235
28.02.2017  20:58    <DIR>          Tempzxpsignc7a355a9370a3f86
14.04.2017  13:55    <DIR>          Tempzxpsignc7ac4f8ee8f878cb
21.04.2017  21:09    <DIR>          Tempzxpsignc81f783457318593
13.03.2017  19:56    <DIR>          Tempzxpsignc90c79323a3cba85
14.02.2017  18:11    <DIR>          Tempzxpsignc94086e8a98a26cd
23.04.2017  15:06    <DIR>          Tempzxpsignca0e2d0468e8a6e2
13.03.2017  17:34    <DIR>          Tempzxpsigncb39489cd8497431
02.03.2017  21:04    <DIR>          Tempzxpsigncb863b2f3f4af8ff
11.04.2017  16:23    <DIR>          Tempzxpsigncc5b999351b2df52
25.04.2017  16:29    <DIR>          Tempzxpsignccfbe9bccb5b08a9
11.03.2017  13:09    <DIR>          Tempzxpsignceaf596a5fcd2c66
17.04.2017  15:15    <DIR>          Tempzxpsigncf55122d505a2cb6
18.02.2017  12:51    <DIR>          Tempzxpsignd24c0d8b1a2f1621
18.07.2017  16:35    <DIR>          Tempzxpsignd320c6188b0c3a3e
24.03.2017  12:03    <DIR>          Tempzxpsignd3859e7910e39adc
02.03.2017  18:06    <DIR>          Tempzxpsignd5bc2160fefb9059
01.04.2017  15:19    <DIR>          Tempzxpsignd5d04a3ec9f2859e
26.04.2017  16:17    <DIR>          Tempzxpsignd67791fc0f95383d
22.04.2017  12:35    <DIR>          Tempzxpsignd6c86ebfe4bee366
10.03.2017  16:57    <DIR>          Tempzxpsignd6ce15d84ea4dc65
02.03.2017  21:04    <DIR>          Tempzxpsignd7c8108ee1795658
13.03.2017  17:34    <DIR>          Tempzxpsignd854d7c9716d6811
20.04.2017  16:59    <DIR>          Tempzxpsignd89d4354409bddac
15.04.2017  10:44    <DIR>          Tempzxpsignd8ac36cace653102
16.02.2017  16:49    <DIR>          Tempzxpsigndb0e7c62e8868fb2
02.03.2017  21:31    <DIR>          Tempzxpsigndb17e604eb58a002
02.03.2017  18:08    <DIR>          Tempzxpsigndb20ac7c7c90fa50
18.07.2017  01:20    <DIR>          Tempzxpsigndbdfcd33d6e8acea
15.02.2017  08:55    <DIR>          Tempzxpsigndc8fc75d165996b4
17.04.2017  14:49    <DIR>          Tempzxpsigndcee95e9715b0efb
25.02.2017  15:39    <DIR>          Tempzxpsigndd20e2c512e31056
14.04.2017  13:55    <DIR>          Tempzxpsignde87ade60bcff076
22.04.2017  12:45    <DIR>          Tempzxpsigndf242ffa158e719a
20.03.2017  18:20    <DIR>          Tempzxpsigndf6f7fc2ccd31749
13.07.2017  21:39    <DIR>          Tempzxpsigndf8526185b5d544d
28.06.2017  03:20    <DIR>          Tempzxpsigne004f0bca1bc0d05
04.03.2017  12:41    <DIR>          Tempzxpsigne058e79c355cef6c
01.04.2017  23:05    <DIR>          Tempzxpsigne095f7386702a7de
25.02.2017  15:56    <DIR>          Tempzxpsigne1c205574c0213d6
11.04.2017  16:23    <DIR>          Tempzxpsigne37cc268b2f66e07
17.04.2017  15:15    <DIR>          Tempzxpsigne42d44b786f4b323
22.04.2017  12:35    <DIR>          Tempzxpsigne545b3fa91a3522f
24.02.2017  21:16    <DIR>          Tempzxpsigne6f58526a3471d62
17.07.2017  18:51    <DIR>          Tempzxpsigne70c98b4cd02912f
28.02.2017  21:00    <DIR>          Tempzxpsigne7b58d2e7004b19a
13.03.2017  19:56    <DIR>          Tempzxpsigne80c04ef88bdd1b2
24.02.2017  20:00    <DIR>          Tempzxpsigne850e8507dba868b
28.02.2017  20:58    <DIR>          Tempzxpsigne955823740217de1
16.04.2017  03:10    <DIR>          Tempzxpsigne9b56f29570db782
19.04.2017  21:21    <DIR>          Tempzxpsignea6ea97adc755014
20.04.2017  21:13    <DIR>          Tempzxpsigneadc8c9dd6200b5a
24.02.2017  21:10    <DIR>          Tempzxpsigneb18e40bcf949210
22.04.2017  12:35    <DIR>          Tempzxpsignebbac84d144fe4e9
24.02.2017  09:43    <DIR>          Tempzxpsignec07a1bf144068e8
24.02.2017  21:16    <DIR>          Tempzxpsignecabcbbe7f3d3c17
17.02.2017  15:52    <DIR>          Tempzxpsigned6f17b3bd7211bd
27.06.2017  18:06    <DIR>          Tempzxpsigned85db22ba142d9b
18.07.2017  10:52    <DIR>          Tempzxpsignef9162340afc81e7
14.02.2017  18:11    <DIR>          Tempzxpsignf0535b6aa0fedc84
15.02.2017  08:20    <DIR>          Tempzxpsignf1cc043ade2c4428
15.02.2017  08:58    <DIR>          Tempzxpsignf1d423148e1b3c2a
11.03.2017  13:09    <DIR>          Tempzxpsignf2d016f5ba7204e0
01.04.2017  23:04    <DIR>          Tempzxpsignf2dd0b9d1fffaf59
17.07.2017  18:49    <DIR>          Tempzxpsignf4200db89f9632ff
20.04.2017  16:49    <DIR>          Tempzxpsignf52d995103ddddfc
17.02.2017  09:40    <DIR>          Tempzxpsignf573340562c8562e
16.02.2017  16:28    <DIR>          Tempzxpsignf69d793cd58e58c3
25.02.2017  10:33    <DIR>          Tempzxpsignf6a097c0c9855c82
24.02.2017  21:16    <DIR>          Tempzxpsignf6e8305b38232747
11.07.2017  15:22    <DIR>          Tempzxpsignf7398b9b18fb737a
21.04.2017  21:09    <DIR>          Tempzxpsignf8c871307990955e
21.04.2017  14:51    <DIR>          Tempzxpsignf8d48ac20ddc91e2
24.02.2017  21:11    <DIR>          Tempzxpsignfa2cc6938dc8970f
24.03.2017  17:14    <DIR>          Tempzxpsignfa4a49a52edfbce6
25.02.2017  16:46    <DIR>          Tempzxpsignfa4f1962ef65ac04
18.02.2017  12:51    <DIR>          Tempzxpsignfa859aa3b9e266fe
14.02.2017  18:13    <DIR>          Tempzxpsignfb8f374ecd3a2f2e
26.02.2017  01:34    <DIR>          Tempzxpsignfc7f165d160ae755
01.03.2017  20:06    <DIR>          Tempzxpsignfd8f0b0ab9d9969b
10.03.2017  09:21    <DIR>          Tempzxpsignfdd730ef384f5b9a
24.04.2017  16:12    <DIR>          Tempzxpsignfdec3525313fa282
12.04.2017  16:14    <DIR>          Tempzxpsignfefbf8ff335a4522
19.09.2015  09:32    <DIR>          TileDataLayer
07.10.2016  12:57    <DIR>          TomTom
18.10.2016  15:22    <DIR>          Ubisoft Game Launcher
12.05.2017  16:43    <DIR>          UNP
23.05.2017  22:23    <DIR>          UnrealEngine
29.07.2015  19:04    <DIR>          UnrealEngineLauncher
29.07.2015  19:43    <DIR>          UnrealTournament
13.12.2016  07:47    <DIR>          UWKProcess
13.08.2015  22:10    <DIR>          VirtualStore
14.06.2015  05:57    <DIR>          Wacom
08.10.2015  16:46    <DIR>          WinZip
22.08.2015  21:08    <DIR>          Zombie Army Trilogy
               1 Datei(en),             17 Bytes
             478 Verzeichnis(se), 39.613.095.936 Bytes frei

========= End of CMD: =========


========= dir "%CommonProgramFiles(x86)%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Program Files (x86)\Common Files

14.05.2017  11:58    <DIR>          .
14.05.2017  11:58    <DIR>          ..
25.06.2017  18:06    <DIR>          Adobe
17.01.2017  19:22    <DIR>          BattlEye
09.10.2015  16:49    <DIR>          Digidesign
19.05.2015  18:34    <DIR>          InstallShield
01.04.2016  04:41    <DIR>          Java
14.05.2017  11:58    <DIR>          Microsoft Shared
12.09.2015  17:17    <DIR>          PX Storage Engine
18.03.2017  23:03    <DIR>          Services
20.03.2017  17:00    <DIR>          Skype
07.07.2015  16:45    <DIR>          Sonic Shared
12.06.2017  14:20    <DIR>          Steam
14.05.2017  21:43    <DIR>          System
28.07.2015  19:03    <DIR>          Wise Installation Wizard
               0 Datei(en),              0 Bytes
              15 Verzeichnis(se), 39.613.038.592 Bytes frei

========= End of CMD: =========


========= dir "%CommonProgramW6432%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Program Files\Common Files

14.05.2017  11:58    <DIR>          .
14.05.2017  11:58    <DIR>          ..
22.04.2017  12:29    <DIR>          Adobe
10.06.2015  19:39    <DIR>          EPSON
14.05.2017  11:58    <DIR>          microsoft shared
19.09.2015  09:42    <DIR>          Native Instruments
12.09.2015  17:54    <DIR>          Propellerhead Software
18.03.2017  23:03    <DIR>          Services
14.05.2017  21:43    <DIR>          System
               0 Datei(en),              0 Bytes
               9 Verzeichnis(se), 39.612.985.344 Bytes frei

========= End of CMD: =========


========= dir "%UserProfile%" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\Users\yuk

04.07.2017  00:30    <DIR>          .
04.07.2017  00:30    <DIR>          ..
14.06.2015  05:57    <DIR>          .android
24.06.2017  12:13    <DIR>          .ethash
21.04.2017  09:14    <DIR>          .freemind
14.06.2015  09:38    <DIR>          .idlerc
01.04.2016  04:40    <DIR>          .oracle_jre_usage
14.12.2015  04:30    <DIR>          3D Objects
29.11.2015  19:05    <DIR>          BrawlhallaReplays
13.07.2017  10:26    <DIR>          Contacts
19.07.2017  15:00    <DIR>          Creative Cloud Files
04.09.2015  15:51    <DIR>          Creative Cloud Files (1)
19.07.2017  00:34    <DIR>          Desktop
18.07.2017  18:54    <DIR>          Documents
19.07.2017  15:11    <DIR>          Downloads
04.02.2017  14:54    <DIR>          Evernote
13.07.2017  10:26    <DIR>          Favorites
13.07.2017  10:27    <DIR>          Links
13.07.2017  10:26    <DIR>          Music
16.07.2017  21:19    <DIR>          OneDrive
13.07.2017  10:26    <DIR>          Pictures
13.07.2017  10:27    <DIR>          Saved Games
13.07.2017  10:26    <DIR>          Searches
13.06.2017  23:53    <DIR>          SkyDrive
17.09.2015  04:20    <DIR>          SkyDrive.old
20.03.2017  16:53                 0 Sti_Trace.log
08.10.2016  09:34    <DIR>          TomTom Sports
19.05.2015  21:18    <DIR>          Tracing
13.07.2017  10:26    <DIR>          Videos
17.01.2017  20:09    <DIR>          Zomboid
               1 Datei(en),              0 Bytes
              29 Verzeichnis(se), 39.612.928.000 Bytes frei

========= End of CMD: =========


========= dir "C:\" =========

 Volume in Laufwerk C: hat keine Bezeichnung.
 Volumeseriennummer: F820-E497

 Verzeichnis von C:\

19.07.2017  00:10    <DIR>          AdwCleaner
17.01.2017  18:40    <DIR>          Breaking Point
07.11.2007  08:00            17.734 eula.1028.txt
07.11.2007  08:00            17.734 eula.1031.txt
07.11.2007  08:00            10.134 eula.1033.txt
07.11.2007  08:00            17.734 eula.1036.txt
07.11.2007  08:00            17.734 eula.1040.txt
07.11.2007  08:00               118 eula.1041.txt
07.11.2007  08:00            17.734 eula.1042.txt
07.11.2007  08:00            17.734 eula.2052.txt
07.11.2007  08:00            17.734 eula.3082.txt
24.03.2017  20:09    <DIR>          found.000
19.07.2017  15:13    <DIR>          FRST
07.11.2007  08:00             1.110 globdata.ini
02.06.2015  17:29    <DIR>          HQGM
07.11.2007  08:03           562.688 install.exe
07.11.2007  08:00               843 install.ini
07.11.2007  08:03            76.304 install.res.1028.dll
07.11.2007  08:03            96.272 install.res.1031.dll
07.11.2007  08:03            91.152 install.res.1033.dll
07.11.2007  08:03            97.296 install.res.1036.dll
07.11.2007  08:03            95.248 install.res.1040.dll
07.11.2007  08:03            81.424 install.res.1041.dll
07.11.2007  08:03            79.888 install.res.1042.dll
07.11.2007  08:03            75.792 install.res.2052.dll
07.11.2007  08:03            96.272 install.res.3082.dll
10.11.2015  13:47    <DIR>          Logs
01.12.2006  23:37           904.704 msdia80.dll
19.05.2015  18:57    <DIR>          NVIDIA
18.03.2017  23:03    <DIR>          PerfLogs
19.07.2017  00:15    <DIR>          Program Files
28.06.2017  13:44    <DIR>          Program Files (x86)
20.04.2016  06:20    <DIR>          Programs
15.06.2015  05:11    <DIR>          Python
14.06.2015  08:22    <DIR>          Python27
19.05.2015  18:34                32 setup.log
19.07.2017  00:02           273.782 TDSSKiller.3.1.0.15_18.07.2017_20.59.39_log.txt
14.05.2017  11:58    <DIR>          Users
07.11.2007  08:00             5.686 vcredist.bmp
07.11.2007  08:09         1.442.522 VC_RED.cab
07.11.2007  08:12           232.960 VC_RED.MSI
19.07.2017  00:32    <DIR>          Windows
              27 Datei(en),      4.348.365 Bytes
              15 Verzeichnis(se), 39.612.870.656 Bytes frei

========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3843242997-120083883-219807361-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3843242997-120083883-219807361-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


========= ipconfig /flushdns =========


Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

========= End of CMD: =========


========= netsh winsock reset =========


Der Winsock-Katalog wurde zurckgesetzt.
Sie mssen den Computer neu starten, um den Vorgang abzuschlieáen.


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8675328 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => -14952 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 268598906 B
Edge => 282765724 B
Chrome => 491540194 B
Firefox => 11173251 B
Opera => 586627692 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 15582 B
NetworkService => 32760 B
yuk => 1474828707 B

RecycleBin => 0 B
EmptyTemp: => 2.9 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 15:14:10 ====

Code:

ATTFilter

Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by yuk (19-07-2017 15:27:46)
Running from C:\Users\yuk\Downloads
Boot Mode: Normal

================== Search Registry: "Crossrider;MaxPower;SecurityUtility" ===========


===================== Search result for "SecurityUtility" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ADsSecurityUtility]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\ProgID]
""="ADsSecurityUtility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{a63251b2-5f21-474b-ab52-4a8efad10895}]
""="IADsSecurityUtility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{f270c64a-ffb8-4ae4-85fe-3a75e5347966}\ProgID]
""="ADsSecurityUtility"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{a63251b2-5f21-474b-ab52-4a8efad10895}]
""="IADsSecurityUtility"

====== End of Search ======

woteva · 19.07.2017, 14:34

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by yuk (administrator) on MEISFIT (19-07-2017 15:29:12)
Running from C:\Users\yuk\Downloads
Loaded Profiles: yuk (Available Profiles: yuk)
Platform: Windows 10 Pro Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Windows\SysWOW64\ASGT.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(TomTom) C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [BingSvc] => C:\Users\yuk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Google Update] => C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Writefull] => C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe [64315392 2017-03-24] (ThinqLab)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Discord] => C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-09-12]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-20]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d5ffb703-501b-4fdb-82da-cc5480365edb}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-01] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-01] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 3qisvbq9.default
FF DefaultProfile: xqo7hp7f.default
FF DefaultProfile: witxcj5b.default
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928\Profiles\3qisvbq9.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66\Profiles\xqo7hp7f.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default [2017-07-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\witxcj5b.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\witxcj5b.default -> startpage.com
FF Extension: (Avira Browser Safety) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\abs@avira.com [2016-04-21]
FF Extension: (Lightbeam) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-10-05]
FF Extension: (S3.Google Translator) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\s3google@translator.xpi [2015-10-08]
FF Extension: (WOT) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10]
FF Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-images.xml [2015-10-12]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-maps.xml [2015-10-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/O1DPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=3 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=9 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default [2017-07-19]
CHR Extension: (Google Präsentationen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15]
CHR Extension: (Google Docs) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-15]
CHR Extension: (Readlang) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-11-15]
CHR Extension: (Google Drive) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-06-24]
CHR Extension: (YouTube) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google-Suche) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Bliu Bliu) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmhflbdkpnkjpomcjofacekggdgmlfh [2015-11-15]
CHR Extension: (Byrd IRC client) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\endimfdcgfnlmoankhocnkhgohmoecoi [2017-06-27]
CHR Extension: (Google Tabellen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15]
CHR Extension: (HTTPS Everywhere) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (AdBlock) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (Avast Online Security) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-08]
CHR Extension: (MetaMask) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2017-07-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Google Mail) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Buffer) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbbfjmllpkjhkmljjeahemghjhkecfae [2017-07-16]
OPR Extension: (Translator) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2016-12-14]
OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2017-03-18]
OPR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-05-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 gbxavs; C:\WINDOWS\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\WINDOWS\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-19] (Malwarebytes)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TASCAM_US122144; C:\WINDOWS\System32\Drivers\tascusb2.sys [409664 2010-06-18] (TASCAM)
S3 TASCAM_US122L_WDM; C:\WINDOWS\system32\drivers\tscusb2a.sys [50240 2010-06-18] (TASCAM)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 X6va060; C:\WINDOWS\SysWOW64\Drivers\X6va060 [21208 2015-11-21] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 15:28 - 2017-07-19 15:28 - 00000887 _____ C:\Users\yuk\Desktop\SearchReg.txt
2017-07-19 15:27 - 2017-07-19 15:27 - 00000887 _____ C:\Users\yuk\Downloads\SearchReg.txt
2017-07-19 15:18 - 2017-07-19 15:18 - 00000002 _____ C:\Users\yuk\Downloads\fixlist.txt
2017-07-19 15:11 - 2017-07-19 15:14 - 00052666 _____ C:\Users\yuk\Desktop\Fixlog.txt
2017-07-19 15:08 - 2017-07-19 15:08 - 02382336 _____ (Farbar) C:\Users\yuk\Downloads\FRST64.exe
2017-07-19 00:32 - 2017-07-19 00:32 - 00053811 _____ C:\Users\yuk\Desktop\Addition.txt
2017-07-19 00:31 - 2017-07-19 00:32 - 00097291 _____ C:\Users\yuk\Desktop\FRST.txt
2017-07-19 00:23 - 2017-07-19 00:30 - 00000000 ____D C:\Users\yuk\Downloads\FRST-OlderVersion
2017-07-19 00:23 - 2017-07-19 00:23 - 00001563 _____ C:\Users\yuk\Desktop\mbam.txt
2017-07-19 00:15 - 2017-07-19 15:25 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-19 00:15 - 2017-07-19 15:18 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-19 00:15 - 2017-07-19 15:18 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-19 00:15 - 2017-07-19 15:18 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-19 00:15 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-19 00:13 - 2017-07-19 00:13 - 00003164 _____ C:\Users\yuk\Desktop\AdwCleaner[C0].txt
2017-07-19 00:01 - 2017-07-19 00:01 - 65033984 _____ (Malwarebytes ) C:\Users\yuk\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-18 23:59 - 2017-07-18 23:59 - 08162248 _____ (Malwarebytes) C:\Users\yuk\Downloads\adwcleaner_7.0.0.0.exe
2017-07-18 21:10 - 2017-07-19 00:10 - 00173122 _____ C:\Users\yuk\Desktop\Neues Textdokument (3).txt
2017-07-18 20:59 - 2017-07-19 00:02 - 00273782 _____ C:\TDSSKiller.3.1.0.15_18.07.2017_20.59.39_log.txt
2017-07-18 20:58 - 2017-07-18 20:58 - 04922400 _____ (AO Kaspersky Lab) C:\Users\yuk\Downloads\tdsskiller.exe
2017-07-18 20:48 - 2017-07-19 15:29 - 00024606 _____ C:\Users\yuk\Downloads\FRST.txt
2017-07-18 20:48 - 2017-07-18 20:48 - 00076773 _____ C:\Users\yuk\Downloads\Addition.txt
2017-07-18 20:47 - 2017-07-19 15:29 - 00000000 ____D C:\FRST
2017-07-18 18:54 - 2017-07-18 18:54 - 00000000 ____D C:\Users\yuk\Documents\FeedbackHub
2017-07-18 16:35 - 2017-07-18 16:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignd320c6188b0c3a3e
2017-07-18 15:41 - 2017-07-18 17:14 - 00000484 _____ C:\Users\yuk\Desktop\blogging IDeas.txt
2017-07-18 10:52 - 2017-07-18 10:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignef9162340afc81e7
2017-07-18 03:58 - 2017-07-18 03:58 - 00001666 _____ C:\Users\yuk\Desktop\VINIPOARS.txt
2017-07-18 01:25 - 2017-07-18 01:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign8d0021bddd45850f
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndbdfcd33d6e8acea
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb641b4b9cbdaa7f3
2017-07-17 23:34 - 2017-07-17 23:36 - 00014330 _____ C:\Users\yuk\Desktop\recapNeverdieDiscord.txt
2017-07-17 19:03 - 2017-07-17 23:34 - 00007466 _____ C:\Users\yuk\Desktop\sttembloggentry.txt
2017-07-17 18:51 - 2017-07-17 18:51 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne70c98b4cd02912f
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf4200db89f9632ff
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna93330d847d30df6
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna659908c3c042600
2017-07-17 14:36 - 2017-07-17 14:36 - 00182700 _____ C:\Users\yuk\Desktop\MEWwallet.pdf
2017-07-15 01:26 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Chaincoin
2017-07-15 01:26 - 2017-07-15 01:26 - 00000000 ____D C:\Users\yuk\Desktop\ChaincoinWallet
2017-07-15 00:11 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Sia-UI
2017-07-15 00:11 - 2017-07-15 00:11 - 00000000 ____D C:\Users\yuk\Desktop\Sia
2017-07-13 21:55 - 2017-07-13 21:55 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign22b248e799dcec20
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb3c26d14701f90fd
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign18d4b9f127dffb93
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignc5fa6dc60df608fe
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign930cff8b7f6e3f4e
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign10ab782c206575ee
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndf8526185b5d544d
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95dd2b0ed413f2c2
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign1298faa7ae0ffb34
2017-07-12 18:58 - 2017-07-07 09:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 18:58 - 2017-07-07 09:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 09:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 09:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 18:58 - 2017-07-07 09:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 18:58 - 2017-07-07 09:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 18:58 - 2017-07-07 08:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 18:58 - 2017-07-07 08:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 18:58 - 2017-07-07 08:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 18:58 - 2017-07-07 08:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 18:58 - 2017-07-07 08:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 18:58 - 2017-07-07 08:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 18:58 - 2017-07-07 08:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 18:58 - 2017-07-07 08:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 18:58 - 2017-07-07 08:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 18:58 - 2017-07-07 08:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 18:58 - 2017-07-07 08:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 18:58 - 2017-07-07 08:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 18:58 - 2017-07-07 08:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 18:58 - 2017-07-07 08:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 18:58 - 2017-07-07 08:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 18:58 - 2017-07-07 08:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 18:58 - 2017-07-07 08:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 18:58 - 2017-07-07 08:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 18:58 - 2017-07-07 08:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 18:58 - 2017-07-07 08:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 18:58 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 18:58 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 18:58 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 18:58 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 18:58 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 18:58 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 18:58 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 18:58 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 18:58 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 18:58 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:58 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 18:58 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 18:58 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 18:58 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 18:58 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 18:58 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 18:57 - 2017-07-07 16:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 18:57 - 2017-07-07 09:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 18:57 - 2017-07-07 09:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 18:57 - 2017-07-07 09:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 18:57 - 2017-07-07 09:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 18:57 - 2017-07-07 09:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 18:57 - 2017-07-07 09:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 18:57 - 2017-07-07 09:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 18:57 - 2017-07-07 09:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 18:57 - 2017-07-07 09:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 18:57 - 2017-07-07 09:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 18:57 - 2017-07-07 09:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 18:57 - 2017-07-07 09:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 18:57 - 2017-07-07 09:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 18:57 - 2017-07-07 09:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 18:57 - 2017-07-07 08:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 18:57 - 2017-07-07 08:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 18:57 - 2017-07-07 08:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 18:57 - 2017-07-07 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 18:57 - 2017-07-07 08:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 18:57 - 2017-07-07 08:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 18:57 - 2017-07-07 08:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 18:57 - 2017-07-07 08:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-07 08:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 18:57 - 2017-07-07 08:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 18:57 - 2017-07-07 08:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 18:57 - 2017-07-07 08:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 18:57 - 2017-07-07 08:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 18:57 - 2017-07-07 08:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-02 00:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 18:57 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 18:57 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 18:57 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 18:57 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 18:57 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 18:57 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 18:57 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 18:57 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 18:57 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 18:57 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 18:57 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 18:57 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 18:57 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 18:57 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 18:57 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 18:57 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 18:57 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 18:57 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 18:57 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 18:57 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 18:57 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 18:57 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 18:57 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 18:57 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 18:57 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 18:57 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 18:57 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 18:57 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 18:57 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 18:57 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 18:57 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 18:57 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 18:57 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 18:57 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 15:25 - 2017-07-11 15:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign691e163531e0b57f
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf7398b9b18fb737a
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign3fedaf8a159f6dbe
2017-07-09 22:31 - 2017-07-09 22:31 - 00280758 _____ C:\Users\yuk\Desktop\Guide-to-Crushing-ICOs (1).pdf
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignbd8d4b30cc7b0a63
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign803a511bf64b2a7b
2017-07-07 08:25 - 2017-07-07 08:25 - 00281255 _____ C:\Users\yuk\Desktop\2016-06-21-dao-meetup.pdf
2017-07-07 06:34 - 2017-07-07 06:34 - 01678520 _____ C:\Users\yuk\Desktop\Swarmwise-2013-by-Rick-Falkvinge-v1.1-2013Sep01.pdf
2017-07-07 03:57 - 2017-07-07 03:57 - 02581058 _____ C:\Users\yuk\Desktop\Ian Balina - Hacking Venture Capital.pdf
2017-07-05 18:48 - 2017-07-05 18:48 - 00000017 _____ C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-07-05 18:47 - 2017-07-05 18:47 - 00000000 ____D C:\Users\yuk\Desktop\NiceHash
2017-07-03 15:42 - 2017-07-03 15:42 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign9a5c28e1286a561b
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95814f4f98e5fd87
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign15bb920bdd8542bc
2017-06-30 22:40 - 2017-06-30 22:40 - 03969909 _____ C:\Users\yuk\Desktop\NDC-TPT-ICO-Whitepaper-v-1-eng.pdf
2017-06-30 17:01 - 2017-07-14 14:21 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-06-28 23:14 - 2017-06-28 23:14 - 00000222 _____ C:\Users\yuk\Desktop\Turok Dinosaur Hunter.url
2017-06-28 14:45 - 2017-07-02 08:23 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-07-02 08:23 - 00000749 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-06-28 14:45 - 00004140 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 14:45 - 2017-06-28 14:45 - 00003962 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 13:44 - 2017-06-28 13:44 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 13:44 - 2017-06-28 13:44 - 00002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign71509ec51adf90ba
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign04fd5c63b38afe12
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign657c088acb6bcc64
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign32243907df5452f1
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne004f0bca1bc0d05
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign84f89191745e24b1
2017-06-27 18:48 - 2017-07-01 06:13 - 00000000 ____D C:\Users\yuk\AppData\Roaming\discord
2017-06-27 18:48 - 2017-06-27 18:48 - 00002260 _____ C:\Users\yuk\Desktop\Discord.lnk
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\SquirrelTemp
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\Discord
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigned85db22ba142d9b
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign74db16fde766e162
2017-06-27 17:53 - 2017-06-27 17:53 - 00000207 _____ C:\Users\yuk\Desktop\Parity.txt
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign87161b0f3dc7f63e
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign5568de062ffd86c3
2017-06-25 18:06 - 2017-06-25 18:06 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-25 18:06 - 2017-06-25 18:06 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-06-24 12:13 - 2017-06-24 12:13 - 00000000 ____D C:\Users\yuk\.ethash
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Local\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Program Files\Ethcore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 15:23 - 2017-05-14 21:43 - 00916280 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-19 15:23 - 2017-05-14 21:43 - 00198228 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-19 15:23 - 2017-05-14 21:41 - 00859222 _____ C:\WINDOWS\system32\perfh00A.dat
2017-07-19 15:23 - 2017-05-14 21:41 - 00202486 _____ C:\WINDOWS\system32\perfc00A.dat
2017-07-19 15:23 - 2017-05-14 12:07 - 03147936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-19 15:22 - 2015-05-21 13:18 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-19 15:21 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-19 15:19 - 2017-03-28 18:15 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Writefull
2017-07-19 15:19 - 2015-09-04 15:51 - 00000000 ___RD C:\Users\yuk\Creative Cloud Files
2017-07-19 15:19 - 2015-05-24 12:45 - 00000000 ____D C:\Users\yuk\AppData\Local\Adobe
2017-07-19 15:18 - 2017-05-14 12:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-19 15:18 - 2017-05-14 11:53 - 04918192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-19 15:18 - 2017-03-18 13:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-07-19 15:18 - 2016-10-22 16:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-19 15:18 - 2015-07-28 20:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-19 15:13 - 2016-02-09 04:58 - 00000000 ____D C:\Users\yuk\AppData\LocalLow\Temp
2017-07-19 15:02 - 2017-05-14 12:05 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{943D6DCB-B6A4-4FD7-980C-69A4C8DFD8CE}
2017-07-19 15:02 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-19 02:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-19 00:25 - 2015-05-20 06:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-19 00:11 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-19 00:10 - 2015-11-15 15:20 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-19 00:10 - 2015-06-16 13:06 - 00000000 ____D C:\AdwCleaner
2017-07-18 23:14 - 2017-05-14 11:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-18 20:48 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-18 17:56 - 2015-05-19 18:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 16:54 - 2017-04-01 15:51 - 00005410 _____ C:\Users\yuk\Desktop\blogPost_1.txt
2017-07-17 02:23 - 2015-05-19 21:16 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Skype
2017-07-16 22:39 - 2017-04-01 17:06 - 00003635 _____ C:\Users\yuk\Desktop\MindTrick1.txt
2017-07-16 21:19 - 2015-09-19 09:35 - 00000000 ___RD C:\Users\yuk\OneDrive
2017-07-16 19:47 - 2015-06-16 15:19 - 00000033 _____ C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2017-07-15 15:24 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 14:21 - 2017-05-14 12:05 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432754114
2017-07-14 14:21 - 2015-05-27 21:14 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-13 10:26 - 2015-09-10 07:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-13 01:11 - 2015-09-19 09:32 - 00000000 ____D C:\Users\yuk\AppData\Local\Comms
2017-07-13 01:05 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Local\Packages
2017-07-12 22:20 - 2017-04-12 16:47 - 00000789 _____ C:\Users\yuk\Desktop\Neues Textdokument (2).txt
2017-07-12 19:03 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 19:02 - 2015-05-21 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 18:59 - 2015-05-21 18:26 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 17:48 - 2017-05-14 12:05 - 00004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 15:47 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-08 05:06 - 2015-11-20 17:09 - 00000000 ____D C:\Users\yuk\AppData\Roaming\TS3Client
2017-07-08 00:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-07 08:41 - 2013-08-22 17:44 - 00395226 __RSH C:\bootmgr
2017-07-04 00:30 - 2017-05-14 11:57 - 00000000 ____D C:\Users\yuk
2017-06-30 16:47 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 16:47 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 16:01 - 2015-05-26 14:21 - 00000000 ____D C:\Program Files (x86)\Entropia Universe
2017-06-28 13:44 - 2015-05-19 18:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-27 17:45 - 2017-02-17 18:33 - 00000221 _____ C:\Users\yuk\Desktop\Neues Textdokument.txt
2017-06-25 18:06 - 2015-06-16 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-25 18:06 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Adobe
2017-06-19 23:39 - 2016-05-09 17:19 - 00000000 ____D C:\Users\yuk\AppData\Local\SecondLife

==================== Files in the root of some directories =======

2015-06-16 15:19 - 2017-07-16 19:47 - 0000033 _____ () C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 12:34 - 2015-07-30 09:33 - 0000301 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Login.ini
2015-05-24 12:34 - 2015-07-30 10:17 - 0001380 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Options.ini
2017-01-26 18:22 - 2017-01-26 18:36 - 0000200 _____ () C:\Users\yuk\AppData\Roaming\burnaware.ini
2017-07-05 18:48 - 2017-07-05 18:48 - 0000017 _____ () C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-05-14 11:55 - 2017-05-14 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-11 14:40

==================== End of FRST.txt ============================

--- --- ---

woteva · 19.07.2017, 14:38

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-07-2017
Ran by yuk (19-07-2017 15:30:25)
Running from C:\Users\yuk\Downloads
Windows 10 Pro Version 1703 (X64) (2017-05-14 10:08:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3843242997-120083883-219807361-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3843242997-120083883-219807361-503 - Limited - Disabled)
Guest (S-1-5-21-3843242997-120083883-219807361-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3843242997-120083883-219807361-1003 - Limited - Enabled)
yuk (S-1-5-21-3843242997-120083883-219807361-1001 - Administrator - Enabled) => C:\Users\yuk

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ableton Live 9 Suite (HKLM\...\{99C4D476-0AF0-4045-998F-E11CA4957BDB}) (Version: 9.0.0.0 - Ableton)
Adobe Animate CC 2017 (HKLM-x32\...\FLPR_16_1) (Version: 16.1 - Adobe Systems Incorporated)
Adobe Bridge CC 2017 (HKLM-x32\...\KBRG_7_0) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 4.1.1.202 - Adobe Systems Incorporated)
Adobe Flash Player 26 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Flash Player 26 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 26.0.0.137 - Adobe Systems Incorporated)
Adobe Illustrator CC 2017 (HKLM-x32\...\ILST_21_1_0) (Version: 21.1.0 - Adobe Systems Incorporated)
Adobe Media Encoder CC 2017 (HKLM-x32\...\AME_11_0_2) (Version: 11.0.2 - Adobe Systems Incorporated)
Adobe Photoshop CC 2017 (HKLM-x32\...\PHSP_18_1) (Version: 18.1.0 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Ansel (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Ansel) (Version: 382.05 - NVIDIA Corporation) Hidden
ASUS GPU Tweak (HKLM-x32\...\{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.8.3 - ASUSTek COMPUTER INC.) Hidden
ASUS GPU Tweak (HKLM-x32\...\InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}) (Version: 2.5.8.3 - ASUSTek COMPUTER INC.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 508.36906368.36897376.36906376 - Audible, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
bl (HKLM-x32\...\{2A075BB4-E976-4278-BF3F-E5C6945D84C0}) (Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}) (Version: 2.0.4.0 - Apple Inc.)
Breaking Point (HKLM-x32\...\{D94AC775-62AF-4630-8292-7EB26691AAAE}) (Version: 5.0.2.9 - The Zombie Infection) Hidden
Breaking Point (HKLM-x32\...\Breaking Point 5.0.2.9) (Version: 5.0.2.9 - The Zombie Infection)
BurnAware Free 9.7 (HKLM-x32\...\BurnAware Free_is1) (Version:  - Burnaware)
ComPet (HKLM\...\Steam App 532800) (Version:  - MindArk PE AB)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Discord (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Endless Space (HKLM\...\Steam App 208140) (Version:  - AMPLITUDE Studios)
Entropia Universe (HKLM-x32\...\Entropia Universe) (Version: 15.2.3.128490 - MindArk PE AB)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM-x32\...\{7BAC3F7A-B963-468E-982E-B5608A87408D}) (Version: 4.4.4 - SEIKO EPSON CORPORATION)
EPSON XP-215 217 Series Printer Uninstall (HKLM\...\EPSON XP-215 217 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
Fallout 4 (HKLM\...\Steam App 377160) (Version:  - Bethesda Game Studios)
Foxhole Pre-Alpha (HKLM\...\Steam App 506770) (Version:  - Clapfoot)
FreeMind (HKLM-x32\...\B991B020-2968-11D8-AF23-444553540000_is1) (Version: 1.0.1 - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
HiPatch (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF000}) (Version: 5.0.5.5 - Hi-Rez Studios)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Malwarebytes Version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (HKLM-x32\...\{41785C66-90F2-40CE-8CB5-1C94BFC97280}) (Version: 3.5.0.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.5.166.0 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\OneDriveSetup.exe) (Version: 17.3.6917.0607 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
MyEpson Portal (HKLM-x32\...\{3361D415-BA35-4143-B301-661991BA6219}) (Version: 1.1.2.2 - SEIKO EPSON CORPORATION) Hidden
MyEpson Portal (HKLM-x32\...\MyEpson Portal) (Version:  - SEIKO EPSON Corporation)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: 1.8.2.281 - Native Instruments)
Native Instruments Maschine (HKLM-x32\...\Native Instruments Maschine) (Version:  - Native Instruments)
Native Instruments Maschine Controller Driver (HKLM-x32\...\Native Instruments Maschine Controller Driver) (Version:  - Native Instruments)
Native Instruments Maschine Controller MK2 Driver (HKLM-x32\...\Native Instruments Maschine Controller MK2 Driver) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content (HKLM-x32\...\Native Instruments Maschine Factory Content) (Version:  - Native Instruments)
Native Instruments Maschine Factory Content 1.5 (HKLM-x32\...\Native Instruments Maschine Factory Content 1.5) (Version:  - Native Instruments)
Native Instruments Maschine Mikro Driver (HKLM-x32\...\Native Instruments Maschine Mikro Driver) (Version:  - Native Instruments)
Native Instruments Maschine Mikro MK2 Driver (HKLM-x32\...\Native Instruments Maschine Mikro MK2 Driver) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: 2.6.0.137 - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.7.8.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 382.05 - NVIDIA Corporation)
NVIDIA Graphics Driver 382.05 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 382.05 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.26 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.26 - NVIDIA Corporation)
NVIDIA Miracast Virtual Audio 352.86 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 352.86 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
One Way Heroics (HKLM-x32\...\Steam App 266210) (Version:  - Smoking WOLF)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Opera Stable 46.0.2597.46 (HKLM-x32\...\Opera 46.0.2597.46) (Version: 46.0.2597.46 - Opera Software)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
ph (HKLM-x32\...\{185F9795-9663-4F13-9EF9-307A282ADB5A}) (Version: 1.0.0 - Your Company Name) Hidden
Polar Daemon (HKLM-x32\...\{2BA9320D-E061-4C71-ACCB-AC0E9D4FC82B}) (Version: 2.2.20000 - Polar Electro Oy)
Polar WebSync (HKLM-x32\...\{A3C03067-855A-4B5B-B08B-A1BFD68FCAF8}) (Version: 2.8.30000 - Polar Electro Oy)
Project Zomboid Demo (HKLM\...\Steam App 264910) (Version:  - Indie Stone Studios)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Python 2.7.10 (HKLM-x32\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Ravenfield (HKLM\...\Steam App 636480) (Version:  - SteelRaven7)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7572 - Realtek Semiconductor Corp.)
SecondLifeViewer (HKLM-x32\...\SecondLifeViewer) (Version: 5.0.3.324435 - Linden Research, Inc.)
SHIELD Streaming (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv) (Version: 7.1.0280 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShieldWirelessController) (Version: 2.11.4.0 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (HKLM\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 7.33 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
State of Decay: Year-One (HKLM\...\Steam App 329430) (Version:  - Undead Labs)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stellaris (HKLM\...\Steam App 281990) (Version:  - Paradox Development Studio)
Stickman Fighter Epic Battle (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66) (Version: 10.1 - Playtouch)
Stickman School Run (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928) (Version: 10.2 - Playtouch)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.18 - TeamSpeak Systems GmbH)
The Talos Principle (HKLM\...\Steam App 257510) (Version:  - Croteam)
The Witness (HKLM\...\Steam App 210970) (Version:  - Thekla, Inc.)
To the Moon (HKLM-x32\...\Steam App 206440) (Version:  - Freebird Games)
TomTom Sports Connect (HKLM-x32\...\TomTom Sports Connect) (Version: 3.2.9.0 - TomTom International B.V.)
TreeSize Free V3.4.5 (HKLM-x32\...\TreeSize Free_is1) (Version: 3.4.5 - JAM Software)
Turok: Dinosaur Hunter (HKLM\...\Steam App 405820) (Version:  - Iguana Entertainment)
US-122 MKII / US-144 MKII (HKLM\...\USB_AUDIO_DEusb-audio.deTascam) (Version:  - )
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Vulkan Run Time Libraries 1.0.42.1 (HKLM\...\VulkanRT1.0.42.1) (Version: 1.0.42.1 - LunarG, Inc.)
Vuze Leap 1.3 (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\{a9a27088-7578-499d-ad2b-67ba95a4def4}) (Version: 1.3 - Azureus Software, Inc.)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.14-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows 10 Update and Privacy Settings (HKLM\...\{293F2009-0145-450B-B4AA-063D43FB368C}) (Version: 1.0.13.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240ED}) (Version: 19.5.11532 - WinZip Computing, S.L. )
Writefull 3.0.0-beta14-gem2 (only current user) (HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\59079acb-34a2-5644-8b18-af99c519c5e8) (Version: 3.0.0-beta14-gem2 - ThinqLab)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-04A8CD363F3D}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-3843242997-120083883-219807361-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers01: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Notepad++\NppShell_06.dll [2015-04-15] ()
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers01: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers03: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers04: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)
ContextMenuHandlers05: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\system32\nvshext.dll [2017-05-01] (NVIDIA Corporation)
ContextMenuHandlers06: [AccExt] -> {2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2017-05-26] ()
ContextMenuHandlers06: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-02-20] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers06: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshls64.dll [2015-06-16] (WinZip Computing, S.L.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {098F85FF-3BC6-4573-9031-5415D3288DCF} - System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {0B132F1D-9625-46B8-A4F6-B6B6EF2ECEE6} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-07-08] (Microsoft)
Task: {0D3509DE-EEFE-4F7C-B1B8-75AA4F0609E6} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {24F506CB-3D93-4F5D-97A2-17AA1900C850} - System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {2888D9A1-CCA5-4869-BE3A-45413E90E92B} - \Microsoft\Windows\Setup\GWXTriggers\Logon -> No File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\WINDOWS\System32\AutoWorkplace.exe
Task: {4F6A5EB7-C215-4409-9EFA-11C3ECEB3305} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {56C94AE4-1DC1-4157-9D8F-C61BF10F2803} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {60F71DE3-2DFC-40FC-BD10-CDA6F1B71173} - System32\Tasks\Opera scheduled Autoupdate 1432754114 => C:\Program Files (x86)\Opera\launcher.exe [2017-07-11] (Opera Software)
Task: {639B4B7D-238D-4859-B5CF-6E1EAD08C1F0} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-07-08] (Microsoft Corporation)
Task: {6AA44469-83FD-453F-8C3C-754355F33176} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA1d2592aff96741f => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {7B64C888-F525-4974-8259-D16391269FCB} - System32\Tasks\EPSON XP-215 217 Series Invitation {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {7CDC4979-16DF-4E21-89E3-82259ACFFB95} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {83967500-6188-4FE7-826F-238C6D6381AC} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-deckothewacko@gmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2016-07-01] (Adobe Systems Incorporated)
Task: {A0471086-1550-45AF-98AD-74ED2ED9DFD9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {A0DBF880-6708-43C3-965C-90C23D9FF71C} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core1d2592aff90a792 => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe [2015-05-25] (Google Inc.)
Task: {A4CC7612-9DC1-4569-91D9-27A3F02DBFE4} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)
Task: {A50B1430-E4AF-4D74-874E-EADE171889D9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2017-07-12] (Microsoft Corporation)
Task: {C7774F78-D1D5-4FEE-A219-91163C39301B} - System32\Tasks\EPSON XP-215 217 Series Update {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE [2014-12-03] (SEIKO EPSON CORPORATION)
Task: {D801B8DD-5A63-4655-99F2-B7114D4965B7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-15] (Google Inc.)
Task: {E6519F44-A7C8-43DD-A0A3-279C2442E51B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2017-07-12] (Adobe Systems Incorporated)
Task: {FFB80892-79A5-4CCC-9716-EE37D3A65641} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-07-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{7660D75B-BC2E-4AC2-96C2-7E0E2A82D544} /F:UpdateWORKGROUP\MEISFIT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLGE.EXE:/EXE:{77F526F6-BBF7-40E8-9FEE-4B3480B2F3A1} /F:UpdateWORKGROUP\MEISFIT$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001Core.job => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3843242997-120083883-219807361-1001UA.job => C:\Users\yuk\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2012-01-17 11:24 - 2012-01-17 11:24 - 00055296 _____ () C:\Windows\SysWOW64\ASGT.exe
2012-12-12 15:20 - 2012-12-12 15:20 - 00419536 _____ () C:\Program Files (x86)\Polar\Daemon\polard.exe
2017-07-19 00:15 - 2017-06-27 12:06 - 02260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 22:58 - 2017-03-18 22:58 - 00138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2015-06-14 05:56 - 2015-08-21 20:33 - 01347264 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2017-05-26 03:18 - 2017-05-26 03:18 - 00492112 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2017-03-18 22:59 - 2017-03-19 04:30 - 01731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-06-10 10:00 - 2015-06-10 10:00 - 06217728 _____ () C:\Program Files (x86)\Polar\WebSync\WebSync.exe
2017-05-15 02:38 - 2017-05-15 02:38 - 34957896 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2012-12-12 15:20 - 2012-12-12 15:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll
2015-05-21 19:54 - 2016-06-14 22:03 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-02-22 10:21 - 2017-02-22 10:21 - 00135680 _____ () C:\Program Files (x86)\TomTom\MySportsConnect\quazip5.dll
2017-03-28 18:15 - 2017-01-19 10:35 - 01943040 _____ () C:\Users\yuk\AppData\Local\Programs\Writefull\ffmpeg.dll
2017-07-19 15:19 - 2017-07-19 15:19 - 00139264 _____ () \\?\C:\Users\yuk\AppData\Local\Temp\B3CF.tmp.node
2017-03-28 18:15 - 2017-01-19 10:35 - 02263040 _____ () C:\Users\yuk\AppData\Local\Programs\Writefull\libglesv2.dll
2017-03-28 18:15 - 2017-01-19 10:35 - 00080896 _____ () C:\Users\yuk\AppData\Local\Programs\Writefull\libegl.dll
2017-07-19 15:19 - 2017-07-19 15:19 - 00139264 _____ () \\?\C:\Users\yuk\AppData\Local\Temp\BA95.tmp.node
2017-03-28 18:15 - 2017-03-24 16:07 - 00402944 _____ () \\?\C:\Users\yuk\AppData\Local\Programs\Writefull\resources\app.asar.unpacked\node_modules\spellchecker\build\Release\spellchecker.node
2017-06-27 18:48 - 2017-01-04 15:28 - 01958912 _____ () C:\Users\yuk\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-06-27 18:48 - 2017-06-27 18:48 - 01082880 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-06-27 18:48 - 2017-06-27 18:48 - 03750400 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-06-27 18:48 - 2017-06-27 18:48 - 00914432 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-06-27 18:48 - 2017-06-27 18:48 - 01127424 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-06-27 18:48 - 2017-01-04 15:28 - 02278912 _____ () C:\Users\yuk\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-06-27 18:48 - 2017-01-04 15:28 - 00096768 _____ () C:\Users\yuk\AppData\Local\Discord\app-0.0.297\libegl.dll
2015-06-10 09:47 - 2015-06-10 09:47 - 00104448 _____ () C:\Program Files (x86)\Polar\WebSync\PTransform.dll
2010-02-10 16:06 - 2010-02-10 16:06 - 00334848 _____ () C:\Program Files (x86)\Polar\WebSync\QtXml4.dll
2011-01-14 16:01 - 2011-01-14 16:01 - 02142720 _____ () C:\Program Files (x86)\Polar\WebSync\QtCore4.dll
2010-02-10 16:07 - 2010-02-10 16:07 - 00929280 _____ () C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll
2015-06-10 09:46 - 2015-06-10 09:46 - 03717632 _____ () C:\Program Files (x86)\Polar\WebSync\libpolar.dll
2010-02-10 16:22 - 2010-02-10 16:22 - 07971840 _____ () C:\Program Files (x86)\Polar\WebSync\QtGui4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00025600 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll
2010-02-10 18:45 - 2010-02-10 18:45 - 00119808 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll
2017-06-04 07:19 - 2017-06-04 07:19 - 52051552 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 00321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-07-19 15:19 - 2017-07-19 15:19 - 00148992 _____ () \\?\C:\Users\yuk\AppData\Local\Temp\EADD.tmp.node
2017-06-27 18:48 - 2017-06-27 18:49 - 02658296 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-06-27 18:51 - 2017-06-27 18:51 - 02665976 _____ () \\?\C:\Users\yuk\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-05-30 01:38 - 2017-05-30 01:38 - 00117248 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2017-05-30 01:39 - 2017-05-30 01:39 - 00125952 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-06-04 07:47 - 2017-06-04 07:47 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-30 01:39 - 2017-05-30 01:39 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\fs-ext\build\Release\fs-ext.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00117760 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ref\build\Release\binding.node
2017-05-19 23:49 - 2017-05-19 23:49 - 00125440 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\ffi\build\Release\ffi_bindings.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00214528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2017-06-04 07:43 - 2017-06-04 07:43 - 00099424 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2017-05-19 23:49 - 2017-05-19 23:49 - 00098816 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\bufferutil\build\Release\bufferutil.node
2017-05-19 23:50 - 2017-05-19 23:50 - 00086528 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\js\node_modules\idle-gc\build\Release\idle-gc.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3843242997-120083883-219807361-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\StartupApproved\Run: => "BingSvc"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{468E16C3-51BF-4A41-84CE-EE5C8DE8D532}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [UDP Query User{F0A40087-CA0D-43C0-94DB-B0D03C4BFEAE}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{04919C7A-FCE8-48CB-9719-D38FC38C4164}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{C7BE2EB3-8817-49E7-B29A-2D3B8B54DFC4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/19/2017 03:11:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 18.7.2017.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2618

Startzeit: 01d3009063671726

Beendigungszeit: 4294967295

Anwendungspfad: C:\Users\yuk\Downloads\FRST64.exe

Berichts-ID: 5fa7ee07-c494-4ce7-8afb-f647758b7803

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (07/19/2017 12:30:52 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm avscan.exe, Version 15.0.28.21 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 2b4c

Startzeit: 01d300154762aa91

Beendigungszeit: 12

Anwendungspfad: C:\Program Files (x86)\Avira\Antivirus\avscan.exe

Berichts-ID: fa5de21c-7031-4ea3-abbb-15726e391ec8

Vollständiger Name des fehlerhaften Pakets: 

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (07/18/2017 03:21:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/17/2017 02:06:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000039f1b6
ID des fehlerhaften Prozesses: 0x3958
Startzeit der fehlerhaften Anwendung: 0x01d2fef52fa13ab9
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: 911f258e-bce0-4380-9063-b8a7bf69001a
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2017 09:53:10 AM) (Source: ESENT) (EventID: 489) (User: )
Description: SettingSyncHost (10032) {E3C1ABF7-8A7A-4722-9167-47A746484EE5}: Der Versuch, die Datei "C:\Users\yuk\AppData\Local\Microsoft\Windows\SettingSync\metastore\meta.edb" für den Lesezugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.

Error: (07/17/2017 03:05:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000002b9389
ID des fehlerhaften Prozesses: 0x4ac
Startzeit der fehlerhaften Anwendung: 0x01d2fe98d5ac9c20
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: 47df9b27-e67a-4d5d-8b12-653facf95235
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/17/2017 03:05:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_TouchUser.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76dd1
Name des fehlerhaften Moduls: Wacom_TouchUser.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76dd1
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000020f23e
ID des fehlerhaften Prozesses: 0x17b8
Startzeit der fehlerhaften Anwendung: 0x01d2fe98ac337b22
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
Berichtskennung: 784279f7-9a52-4183-bf04-d15b6be2c60b
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/16/2017 05:24:20 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (07/15/2017 03:07:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Name des fehlerhaften Moduls: Wacom_Tablet.exe, Version: 6.3.14.1, Zeitstempel: 0x55d76d2d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000039f1b6
ID des fehlerhaften Prozesses: 0x126c
Startzeit der fehlerhaften Anwendung: 0x01d2fd6b514393b5
Pfad der fehlerhaften Anwendung: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Pfad des fehlerhaften Moduls: C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
Berichtskennung: fe503bec-c517-47a4-98be-b0e7306860c3
Vollständiger Name des fehlerhaften Pakets: 
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (07/15/2017 02:55:57 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: Das Serverdienst-Leistungsobjekt kann nicht geöffnet werden. Die ersten vier Bytes (DWORD) des Datenabschnitts enthalten den Statuscode.


System errors:
=============
Error: (07/19/2017 03:18:43 PM) (Source: bowser) (EventID: 8016) (User: )
Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "MEISFIT" auf Transport "NetBT_Tcpip_{D5FFB703-501B-4FDB-82DA-CC5480365EDB}". Das Datagramm steht in den Daten.
Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist.

Error: (07/19/2017 03:18:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "CldFlt" wurde aufgrund folgenden Fehlers nicht gestartet: 
Die Anforderung wird nicht unterstützt.

Error: (07/19/2017 03:18:03 PM) (Source: DCOM) (EventID: 10010) (User: MEISFIT)
Description: Der Server "{9BA05972-F6A8-11CF-A442-00A0C90A8F39}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (07/19/2017 03:13:44 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (07/19/2017 03:13:17 PM) (Source: DCOM) (EventID: 10000) (User: MEISFIT)
Description: Ein DCOM-Server konnte nicht gestartet werden: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}. Fehler:
"5"
Aufgetreten beim Start dieses Befehls:
C:\WINDOWS\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (07/19/2017 03:13:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Restart the service.

Error: (07/19/2017 03:13:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Print Spooler" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (07/19/2017 03:13:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "NVIDIA Display Container LS" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Restart the service.

Error: (07/19/2017 03:11:34 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Restart the service) durchzuführen, ist fehlgeschlagen. Fehler: 
Es wird bereits eine Instanz des Dienstes ausgeführt.

Error: (07/19/2017 03:11:18 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: Durch die Berechtigungseinstellungen für "application-specific" wird dem Benutzer "NT AUTHORITY\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (Using LRPC)" keine Berechtigung vom Typ "Local Activation" für die COM-Serveranwendung mit der CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 und der APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 im Anwendungscontainer "Unavailable" (SID: Unavailable) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.


CodeIntegrity:
===================================
  Date: 2017-07-19 15:28:51.098
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:28:51.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:26:10.195
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:26:10.193
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:26:08.309
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:26:08.306
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:22:24.133
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:22:24.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:22:21.261
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-19 15:22:21.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume1\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 38%
Total physical RAM: 8189.55 MB
Available physical RAM: 5060.74 MB
Total Virtual: 13309.55 MB
Available Virtual: 10019.87 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.44 GB) (Free:39.72 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 217868F1)
Partition 1: (Active) - (Size=232.4 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

==================== End of Addition.txt ============================

Bei mir ist FRST auf englisch (fix, scan). Viellicht möchtet ihr das in Klammern in der Anleitung anmerken?

Ach so, in Schritt 1, nur kopieren, nirgends einfügen? So habe ich es jetzt gemacht. Oder hätte ich es vorher noch in dem FRST search fenster einfügen sollen?

M-K-D-B · 19.07.2017, 15:05

Servus,

Zitat:

Bei mir ist FRST auf englisch (fix, scan). Viellicht möchtet ihr das in Klammern in der Anleitung anmerken?

Bei mir ist FRST in deutsch, schon immer. Liegt an deinem PC:

Zitat:

Platform: Windows 10 Pro Version 1703 (X64) Language: Englisch (Vereinigte Staaten)

Zitat:

Ach so, in Schritt 1, nur kopieren, nirgends einfügen? So habe ich es jetzt gemacht. Oder hätte ich es vorher noch in dem FRST search fenster einfügen sollen?

Du hast alles richtig gemacht.

Wir kontrollieren nochmal alles.

Hinweis: Der Suchlauf mit ESET kann länger dauern.

Schritt 1
Downloade dir die passende Version von HitmanPro auf deinen Desktop: HitmanPro - 32 Bit | HitmanPro - 64 Bit.

Starte die HitmanPro.exe
Klicke auf
Entferne den Haken bei
Klicke auf
und
Akzeptiere die Lizenzbedingungen und klicke auf
Klicke auf

und auf
Wenn der Scan beendet wurde, nichts löschen lassen etc. sondern wähle unten links auf der Button-Leiste
und speichere die Logdatei auf Deinem Desktop.
Schließe HitmanPro und poste mir das Log.

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 3

Starte die FRST.exe erneut. Vergewissere dich, dass vor Addition.txt ein Haken gesetzt ist und drücke auf Untersuchen.
FRST erstellt wieder zwei Logdateien (FRST.txt und Addition.txt).
Poste mir beide Logdateien mit deiner nächsten Antwort.

Gibt es jetzt noch Probleme mit dem PC oder mit deinen Internet Browsern? Wenn ja, welche?

Bitte poste mit deiner nächsten Antwort

die Logdatei von HitmanPro,
die Logdatei von ESET,
die beiden neuen Logdateien von FRST,
die Beantwortung der gestellten Fragen.

woteva · 19.07.2017, 17:35

Code:

ATTFilter

HitmanPro 3.7.20.286
www.hitmanpro.com

   Computer name . . . . : MEISFIT
   Windows . . . . . . . : 10.0.0.15063.X64/4
   User name . . . . . . : MEISFIT\yuk
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-07-19 16:08:17
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 2
   Traces  . . . . . . . : 14

   Objects scanned . . . : 2.140.986
   Files scanned . . . . : 89.753
   Remnants scanned  . . : 657.899 files / 1.393.334 keys

Malware _____________________________________________________________________

   C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\nheqminer.exe
      Size . . . . . . . : 643.072 bytes
      Age  . . . . . . . : 13.9 days (2017-07-05 18:47:43)
      Entropy  . . . . . : 6.1
      SHA-256  . . . . . : 8787D5D5E0C52183B60769DCA03087593870356AF632ADCABFFC2ACDFADBBD3A
    > Bitdefender  . . . : Application.BitCoinMiner.OR
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win64.BitCoinMiner.cgi
    > HitmanPro  . . . . : App/Bitcoin-DR
      Fuzzy  . . . . . . : 107.0
      Forensic Cluster
         -0.1s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\
         -0.1s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cpu_tromp_AVX.dll
         -0.1s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cpu_tromp_SSE2.dll
         -0.1s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cuda_djezo.dll
         -0.1s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cuda_tromp.dll
         -0.0s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cuda_tromp_75.dll
         -0.0s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cudart32_75.dll
         -0.0s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cudart32_80.dll
         -0.0s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cudart64_75.dll
         -0.0s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\cudart64_80.dll
          0.0s C:\Users\yuk\Desktop\NiceHash\Windows_x64_nheqminer-5c\nheqminer.exe

   C:\Users\yuk\Desktop\Ravenfield - CHIP-Installer.exe
      Size . . . . . . . : 1.496.584 bytes
      Age  . . . . . . . : 60.2 days (2017-05-20 12:17:43)
      Entropy  . . . . . : 7.1
      SHA-256  . . . . . : 802DBAD92A1AD13C4C2DCCB976460C24306ADC0780599734082E5BA93A198FD4
      Needs elevation  . : Yes
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:HEUR:Downloader.MSIL.DownloadSponsor.gen
      Fuzzy  . . . . . . : 103.0


Suspicious files ____________________________________________________________

   C:\Users\yuk\AppData\Local\PunkBuster\PG\pb\pbcl.dll
      Size . . . . . . . : 965.880 bytes
      Age  . . . . . . . : 790.8 days (2015-05-20 21:29:43)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 9D84C917D9E747EDCBB23A765E2D70C8AE9E629556BB19613136B4C7598062BE
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\yuk\AppData\Local\PunkBuster\PG\pb\PnkBstrK.sys
      Size . . . . . . . : 140.160 bytes
      Age  . . . . . . . : 790.8 days (2015-05-20 21:30:10)
      Entropy  . . . . . : 7.8
      SHA-256  . . . . . : C5FF96EF8AC37C5B02579173DBA6BC9E8148381BC9817C426600968A7BAAF168
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The .reloc (relocation) section in this program contains code. This is an indication of malware infection.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Program contains PE structure anomalies. This is not typical for most programs.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.

   C:\Users\yuk\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.435.584 bytes
      Age  . . . . . . . : 0.8 days (2017-07-18 20:46:55)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : BA7EA1AB41A9E5D73B0D7BFB56F7DBE199AA62C694C883A33F6555810B05FC41
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.

   C:\Users\yuk\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2.382.336 bytes
      Age  . . . . . . . : 0.7 days (2017-07-19 00:31:26)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 70CEDEBEB419B734436F839E9301CB8664D74E57A3FC8C419E27112FDDE006CD
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -37.5s C:\Windows\appcompat\Programs\Amcache.hve
         -36.7s C:\Windows\SysWOW64\config\systemprofile\AppData\Local\DBG\
         -34.7s C:\Windows\Prefetch\WERFAULT.EXE-0897AE09.pf
         -32.6s C:\Windows\Prefetch\LICMGR.EXE-96971C46.pf
         -31.9s C:\Windows\Prefetch\DRVINSTALL64.EXE-D1C70EE1.pf
         -30.1s C:\Windows\System32\winevt\Logs\Microsoft-Windows-Regsvr32%4Operational.evtx
         -28.2s C:\Windows\Prefetch\SVCHOST.EXE-3730D147.pf
         -26.2s C:\Windows\Prefetch\SVCHOST.EXE-3B697F0E.pf
         -19.8s C:\Windows\Prefetch\AVRESTART.EXE-2B4770F4.pf
          0.0s C:\Users\yuk\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST64.exe
          1.7s C:\Users\yuk\Downloads\FRST-OlderVersion\FRST-OlderVersion\FRST-OlderVersion\
          3.4s C:\Windows\Prefetch\FRST64.EXE-0FBAB641.pf
          7.1s C:\Users\yuk\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\URL6CDC.tmp

   C:\WINDOWS\SysWOW64\Drivers\X6va060
      Size . . . . . . . : 21.208 bytes
      Age  . . . . . . . : 606.7 days (2015-11-21 00:30:52)
      Entropy  . . . . . : 6.7
      SHA-256  . . . . . : CA02DD1FA868882054F6801721210D1BFBB335D8CF29FB0D0976198B125FEBFC
      RSA Key Size . . . : 2048
      Service  . . . . . : X6va060
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 23.0
         The file name extension of this program is not common.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         The file is a device driver. Device drivers run as trusted (highly privileged) code.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\X6va060\


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\AppID\{30c5da9e-621a-4acf-8ec2-edb77d72f800}\ (TreasureTrack)
   HKLM\SOFTWARE\Classes\AppID\{b02b78d8-abf1-4319-bacb-296a60a2690c}\ (TreasureTrack)
   HKLM\SOFTWARE\Classes\WOW6432Node\AppID\{30c5da9e-621a-4acf-8ec2-edb77d72f800}\ (TreasureTrack)
   HKLM\SOFTWARE\Classes\WOW6432Node\AppID\{b02b78d8-abf1-4319-bacb-296a60a2690c}\ (TreasureTrack)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger)
   HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger)

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9d431b199156234dbd8fa2e59067e83d
# end=init
# utc_time=2017-07-19 02:12:38
# local_time=2017-07-19 04:12:38 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 34107
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=9d431b199156234dbd8fa2e59067e83d
# end=updated
# utc_time=2017-07-19 02:17:15
# local_time=2017-07-19 04:17:15 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=9d431b199156234dbd8fa2e59067e83d
# engine=34107
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2017-07-19 04:00:35
# local_time=2017-07-19 06:00:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 8849 10613031 0 0
# scanned=395392
# found=15
# cleaned=0
# scan_time=6199
sh=CEB8D59B9A1652CCBFAFC8CCA0E6EF1DE0F95855 ft=1 fh=da2a004dca05468f vn="Win32/Toolbar.Linkury.BJ eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ProductUI\uninstall.exe.vir"
sh=0F75CB6CAE378A24B418BDA832A2816987D41B9C ft=1 fh=7e9bd266c2b0b878 vn="Variante von Win32/Adware.ELEX.KV Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\uninstall.exe.vir"
sh=BB6B21D1DBC174B28B3F11D5FE7866E60AEAF07E ft=0 fh=0000000000000000 vn="JS/Lightning.E eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\common.js.vir"
sh=3F837F566A8BDD89CCF1DA6B16F0006CFF1333DE ft=0 fh=0000000000000000 vn="JS/Lightning.B eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\jquery.autocomplete.js.vir"
sh=28E15FCD75120F9741E611A3DA74163E3E4AC15A ft=0 fh=0000000000000000 vn="JS/Lightning.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\js.js.vir"
sh=8C5A60DA5E2EB84E024D3971937EE318D1E2E3A8 ft=0 fh=0000000000000000 vn="JS/Lightning.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit-ie8.js.vir"
sh=5188B90887EFE031B252B197A73F97BB631E66A0 ft=0 fh=0000000000000000 vn="JS/Lightning.A eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\web\js\xagainit2.0.js.vir"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="Variante von Win32/Systweak.N eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=74D3A5FD618ADCD9518798419676EC66EB967151 ft=1 fh=407538e6d56d6fce vn="Variante von Win32/DownloadSponsor.C eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Users\yuk\Desktop\Ravenfield - CHIP-Installer.exe"
sh=308E0A1CBC4A8C38F264F5FA23BADCFEB26B0C79 ft=0 fh=0000000000000000 vn="Variante von Win32/Systweak.L eventuell unerwÃ¼nschte Anwendung" ac=I fn="C:\Windows\Installer\550768.msi"

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-07-2017
Ran by yuk (administrator) on MEISFIT (19-07-2017 18:30:05)
Running from C:\Users\yuk\Downloads
Loaded Profiles: yuk (Available Profiles: yuk)
Platform: Windows 10 Pro Version 1703 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
() C:\Windows\SysWOW64\ASGT.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
() C:\Program Files (x86)\Polar\Daemon\polard.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(TomTom) C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(ThinqLab) C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe
() C:\Program Files (x86)\Polar\WebSync\WebSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(Hammer & Chisel, Inc.) C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11705.1001.21.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxOutlook.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.18062.13720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Office.Excel_17.8269.50431.0_x64__8wekyb3d8bbwe\xlim.exe
(Seiko Epson Corporation) C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16174328 2015-09-26] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-06-14] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2406496 2017-06-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-26] (Disc Soft Ltd)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [BingSvc] => C:\Users\yuk\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-04-07] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Google Update] => C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [TomTom MySports Connect.exe] => C:\Program Files (x86)\TomTom\MySportsConnect\TomTom MySports Connect.exe [638464 2017-06-22] (TomTom)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Writefull] => C:\Users\yuk\AppData\Local\Programs\Writefull\Writefull.exe [64315392 2017-03-24] (ThinqLab)
HKU\S-1-5-21-3843242997-120083883-219807361-1001\...\Run: [Discord] => C:\Users\yuk\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-09-12]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Polar WebSync.lnk [2015-09-12]
ShortcutTarget: Polar WebSync.lnk -> C:\Program Files (x86)\Polar\WebSync\WebSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-09-12]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2015-05-20]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{d5ffb703-501b-4fdb-82da-cc5480365edb}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-3843242997-120083883-219807361-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = 
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-01] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-01] (Oracle Corporation)

FireFox:
========
FF DefaultProfile: 3qisvbq9.default
FF DefaultProfile: xqo7hp7f.default
FF DefaultProfile: witxcj5b.default
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanschoolrun-7ea3653db0f7fa362133ce8fbef97928\Profiles\3qisvbq9.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\stickmanfighterepicbattle-f81ba27c6b9de880bbeb2899a6b61f66\Profiles\xqo7hp7f.default [2015-10-04]
FF ProfilePath: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default [2017-07-19]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\witxcj5b.default -> DuckDuckGo
FF Homepage: Mozilla\Firefox\Profiles\witxcj5b.default -> startpage.com
FF Extension: (Avira Browser Safety) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\abs@avira.com [2016-04-21]
FF Extension: (Lightbeam) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-10-05]
FF Extension: (S3.Google Translator) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\s3google@translator.xpi [2015-10-08]
FF Extension: (WOT) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-11-10]
FF Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-25]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-images.xml [2015-10-12]
FF SearchPlugin: C:\Users\yuk\AppData\Roaming\Mozilla\Firefox\Profiles\witxcj5b.default\searchplugins\google-maps.xml [2015-10-12]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-12] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2017-06-04] (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\dtplugin\npDeployJava1.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-01] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2017-05-01] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2017-06-04] (Adobe Systems)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @talk.google.com/O1DPlugin -> C:\Users\yuk\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=3 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-3843242997-120083883-219807361-1001: @tools.google.com/Google Update;version=9 -> C:\Users\yuk\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\yuk\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default [2017-07-19]
CHR Extension: (Google Präsentationen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-15]
CHR Extension: (Google Docs) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-15]
CHR Extension: (Readlang) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcnmoajpaldpbepelpjgbplhoeidhia [2015-11-15]
CHR Extension: (Google Drive) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-15]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2017-06-24]
CHR Extension: (YouTube) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-15]
CHR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (Google-Suche) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-15]
CHR Extension: (Bliu Bliu) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfmhflbdkpnkjpomcjofacekggdgmlfh [2015-11-15]
CHR Extension: (Byrd IRC client) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\endimfdcgfnlmoankhocnkhgohmoecoi [2017-06-27]
CHR Extension: (Google Tabellen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-15]
CHR Extension: (HTTPS Everywhere) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2017-07-08]
CHR Extension: (Google Docs Offline) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-03]
CHR Extension: (AdBlock) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-06-27]
CHR Extension: (Avast Online Security) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2017-07-08]
CHR Extension: (MetaMask) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2017-07-13]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-25]
CHR Extension: (Google Mail) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-15]
CHR Extension: (Chrome Media Router) - C:\Users\yuk\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-13]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Buffer) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\bbbfjmllpkjhkmljjeahemghjhkecfae [2017-07-16]
OPR Extension: (Translator) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\cnbpedcoekjafichoehopgaaldogogch [2016-12-14]
OPR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2017-03-18]
OPR Extension: (Adblock Plus) - C:\Users\yuk\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2017-07-16]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [814688 2017-06-04] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1465352 2017-01-15] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-26] (Disc Soft Ltd)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-09-15] (Hi-Rez Studios) [File not signed]
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 MyEpson Portal Service; C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe [714712 2017-06-28] (Seiko Epson Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462968 2017-05-01] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-06-14] (NVIDIA Corporation)
R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [3913064 2017-03-19] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [716480 2015-08-21] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30352 2015-05-19] (Disc Soft Ltd)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77376 2017-06-27] ()
S3 gbxavs; C:\WINDOWS\System32\Drivers\gbxavs.sys [357968 2011-07-07] (Native Instruments GmbH)
S3 gbxusb_svc; C:\WINDOWS\System32\Drivers\gbxusb.sys [68688 2011-07-07] (Native Instruments GmbH)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [188352 2017-07-19] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [101784 2017-07-19] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-07-19] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253856 2017-07-19] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [93600 2017-07-19] (Malwarebytes)
R1 MpKsl181736c4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6FA471E9-A346-45F5-A3AF-C1AE649A9BAD}\MpKsl181736c4.sys [44928 2017-07-19] (Microsoft Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_ref_pubwu.inf_amd64_f9309145156afb40\nvlddmkm.sys [14456912 2017-05-19] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-06-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [604160 2017-03-18] (Realtek                                            )
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 TASCAM_US122144; C:\WINDOWS\System32\Drivers\tascusb2.sys [409664 2010-06-18] (TASCAM)
S3 TASCAM_US122L_WDM; C:\WINDOWS\system32\drivers\tscusb2a.sys [50240 2010-06-18] (TASCAM)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 X6va060; C:\WINDOWS\SysWOW64\Drivers\X6va060 [21208 2015-11-21] ()

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 18:22 - 2017-07-19 18:22 - 00004421 _____ C:\Users\yuk\Desktop\ESETlog.txt
2017-07-19 16:12 - 2017-07-19 16:12 - 02870984 _____ (ESET) C:\Users\yuk\Downloads\esetsmartinstaller_deu.exe
2017-07-19 16:07 - 2017-07-19 18:26 - 00000000 ____D C:\ProgramData\HitmanPro
2017-07-19 16:07 - 2017-07-19 16:07 - 11584088 _____ (SurfRight B.V.) C:\Users\yuk\Downloads\HitmanPro_x64.exe
2017-07-19 15:28 - 2017-07-19 15:28 - 00000887 _____ C:\Users\yuk\Desktop\SearchReg.txt
2017-07-19 15:27 - 2017-07-19 15:27 - 00000887 _____ C:\Users\yuk\Downloads\SearchReg.txt
2017-07-19 15:18 - 2017-07-19 15:18 - 00000002 _____ C:\Users\yuk\Downloads\fixlist.txt
2017-07-19 15:11 - 2017-07-19 15:14 - 00052666 _____ C:\Users\yuk\Desktop\Fixlog.txt
2017-07-19 15:08 - 2017-07-19 15:08 - 02382336 _____ (Farbar) C:\Users\yuk\Downloads\FRST64.exe
2017-07-19 00:32 - 2017-07-19 18:28 - 00054917 _____ C:\Users\yuk\Desktop\Addition.txt
2017-07-19 00:31 - 2017-07-19 00:32 - 00097291 _____ C:\Users\yuk\Desktop\FRST.txt
2017-07-19 00:23 - 2017-07-19 00:30 - 00000000 ____D C:\Users\yuk\Downloads\FRST-OlderVersion
2017-07-19 00:23 - 2017-07-19 00:23 - 00001563 _____ C:\Users\yuk\Desktop\mbam.txt
2017-07-19 00:15 - 2017-07-19 16:24 - 00093600 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-07-19 00:15 - 2017-07-19 15:18 - 00253856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-07-19 00:15 - 2017-07-19 15:18 - 00101784 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-07-19 00:15 - 2017-07-19 15:18 - 00045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00188352 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-07-19 00:15 - 2017-07-19 00:15 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-07-19 00:15 - 2017-07-19 00:15 - 00000000 ____D C:\Program Files\Malwarebytes
2017-07-19 00:15 - 2017-06-27 12:06 - 00077376 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-07-19 00:13 - 2017-07-19 00:13 - 00003164 _____ C:\Users\yuk\Desktop\AdwCleaner[C0].txt
2017-07-19 00:01 - 2017-07-19 00:01 - 65033984 _____ (Malwarebytes ) C:\Users\yuk\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-18 23:59 - 2017-07-18 23:59 - 08162248 _____ (Malwarebytes) C:\Users\yuk\Downloads\adwcleaner_7.0.0.0.exe
2017-07-18 21:10 - 2017-07-19 00:10 - 00173122 _____ C:\Users\yuk\Desktop\Neues Textdokument (3).txt
2017-07-18 20:59 - 2017-07-19 00:02 - 00273782 _____ C:\TDSSKiller.3.1.0.15_18.07.2017_20.59.39_log.txt
2017-07-18 20:58 - 2017-07-18 20:58 - 04922400 _____ (AO Kaspersky Lab) C:\Users\yuk\Downloads\tdsskiller.exe
2017-07-18 20:48 - 2017-07-19 18:30 - 00026029 _____ C:\Users\yuk\Downloads\FRST.txt
2017-07-18 20:48 - 2017-07-19 18:27 - 00054914 _____ C:\Users\yuk\Downloads\Addition.txt
2017-07-18 20:47 - 2017-07-19 18:30 - 00000000 ____D C:\FRST
2017-07-18 18:54 - 2017-07-18 18:54 - 00000000 ____D C:\Users\yuk\Documents\FeedbackHub
2017-07-18 16:35 - 2017-07-18 16:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignd320c6188b0c3a3e
2017-07-18 15:41 - 2017-07-18 17:14 - 00000484 _____ C:\Users\yuk\Desktop\blogging IDeas.txt
2017-07-18 10:52 - 2017-07-18 10:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignef9162340afc81e7
2017-07-18 03:58 - 2017-07-18 03:58 - 00001666 _____ C:\Users\yuk\Desktop\VINIPOARS.txt
2017-07-18 01:25 - 2017-07-18 01:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign8d0021bddd45850f
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndbdfcd33d6e8acea
2017-07-18 01:20 - 2017-07-18 01:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb641b4b9cbdaa7f3
2017-07-17 23:34 - 2017-07-17 23:36 - 00014330 _____ C:\Users\yuk\Desktop\recapNeverdieDiscord.txt
2017-07-17 19:03 - 2017-07-17 23:34 - 00007466 _____ C:\Users\yuk\Desktop\sttembloggentry.txt
2017-07-17 18:51 - 2017-07-17 18:51 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne70c98b4cd02912f
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf4200db89f9632ff
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna93330d847d30df6
2017-07-17 18:49 - 2017-07-17 18:49 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigna659908c3c042600
2017-07-17 14:36 - 2017-07-17 14:36 - 00182700 _____ C:\Users\yuk\Desktop\MEWwallet.pdf
2017-07-15 01:26 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Chaincoin
2017-07-15 01:26 - 2017-07-15 01:26 - 00000000 ____D C:\Users\yuk\Desktop\ChaincoinWallet
2017-07-15 00:11 - 2017-07-15 02:57 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Sia-UI
2017-07-15 00:11 - 2017-07-15 00:11 - 00000000 ____D C:\Users\yuk\Desktop\Sia
2017-07-13 21:55 - 2017-07-13 21:55 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign22b248e799dcec20
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignb3c26d14701f90fd
2017-07-13 21:52 - 2017-07-13 21:52 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign18d4b9f127dffb93
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignc5fa6dc60df608fe
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign930cff8b7f6e3f4e
2017-07-13 21:40 - 2017-07-13 21:40 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign10ab782c206575ee
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigndf8526185b5d544d
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95dd2b0ed413f2c2
2017-07-13 21:39 - 2017-07-13 21:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign1298faa7ae0ffb34
2017-07-12 18:58 - 2017-07-07 09:24 - 00117664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2017-07-12 18:58 - 2017-07-07 09:23 - 02399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 09:20 - 02021680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 09:13 - 00554392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-07-12 18:58 - 2017-07-07 09:13 - 00336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecurityHealthService.exe
2017-07-12 18:58 - 2017-07-07 09:11 - 00094624 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 01670496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2017-07-12 18:58 - 2017-07-07 09:10 - 00254168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2017-07-12 18:58 - 2017-07-07 08:57 - 00626528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2017-07-12 18:58 - 2017-07-07 08:57 - 00125344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2017-07-12 18:58 - 2017-07-07 08:40 - 23677440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 01839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-07-12 18:58 - 2017-07-07 08:39 - 00096128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 02259760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-07-12 18:58 - 2017-07-07 08:37 - 01339352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 05820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 01518088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2017-07-12 18:58 - 2017-07-07 08:31 - 00129184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 02165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00949920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2017-07-12 18:58 - 2017-07-07 08:30 - 00750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-07-12 18:58 - 2017-07-07 08:29 - 00349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-07-12 18:58 - 2017-07-07 08:29 - 00123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Clipc.dll
2017-07-12 18:58 - 2017-07-07 08:27 - 06759512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 20373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01529384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 01195240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-07-12 18:58 - 2017-07-07 08:26 - 00988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-07-12 18:58 - 2017-07-07 08:25 - 00035232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininitext.dll
2017-07-12 18:58 - 2017-07-07 08:24 - 01517472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppVEntSubsystems32.dll
2017-07-12 18:58 - 2017-07-07 08:23 - 00583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-07-12 18:58 - 2017-07-07 08:20 - 08331264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:19 - 00165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-07-12 18:58 - 2017-07-07 08:18 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2017-07-12 18:58 - 2017-07-07 08:17 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 12786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:16 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2017-07-12 18:58 - 2017-07-07 08:15 - 08238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 08211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 03784704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 02956800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-07-12 18:58 - 2017-07-07 08:14 - 01448960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2017-07-12 18:58 - 2017-07-07 08:14 - 00790016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-07-12 18:58 - 2017-07-07 08:13 - 13839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 04730880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-07-12 18:58 - 2017-07-07 08:12 - 01142272 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-07-12 18:58 - 2017-07-07 08:10 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapprovp.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 20504576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-07-12 18:58 - 2017-07-07 08:09 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2017-07-12 18:58 - 2017-07-07 08:08 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2017-07-12 18:58 - 2017-07-07 08:07 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-07-12 18:58 - 2017-07-07 08:07 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\raschap.dll
2017-07-12 18:58 - 2017-07-07 08:06 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsExt.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 19335168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 11870720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 06728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 05719040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00502784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2017-07-12 18:58 - 2017-07-07 08:05 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 05961216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 01248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00506368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2017-07-12 18:58 - 2017-07-07 08:04 - 00394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 06123520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-07-12 18:58 - 2017-07-07 08:03 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-07-12 18:58 - 2017-07-07 08:02 - 00952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 06287360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-07-12 18:58 - 2017-07-07 08:01 - 02859520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 07596544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 05225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 02588160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01565184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2017-07-12 18:58 - 2017-07-07 08:00 - 01019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 04417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 03656704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01494016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 01355264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpcServices.dll
2017-07-12 18:58 - 2017-07-07 07:59 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 04559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02782720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 02298368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2017-07-12 18:58 - 2017-07-07 07:58 - 01237504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2017-07-12 18:58 - 2017-07-07 07:55 - 00329216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 01301504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2017-07-12 18:58 - 2017-07-07 07:53 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msinfo32.exe
2017-07-12 18:58 - 2017-06-20 08:06 - 00279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-07-12 18:58 - 2017-06-20 08:03 - 00820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-07-12 18:58 - 2017-06-20 08:02 - 01055648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 06554928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:59 - 01220072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:57 - 02681760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-07-12 18:58 - 2017-06-20 07:34 - 00192416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aepic.dll
2017-07-12 18:58 - 2017-06-20 07:15 - 00455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00787712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2017-07-12 18:58 - 2017-06-20 07:13 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2017-07-12 18:58 - 2017-06-20 07:12 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2017-07-12 18:58 - 2017-06-20 07:11 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00722432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2017-07-12 18:58 - 2017-06-20 07:10 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00551424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00406032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-07-12 18:58 - 2017-06-20 07:09 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 04469840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2017-07-12 18:58 - 2017-06-20 07:08 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2017-07-12 18:58 - 2017-06-20 07:08 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 02475136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TDLMigration.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00346016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2017-07-12 18:58 - 2017-06-20 07:07 - 00138656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00754592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 07:06 - 00278944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00438096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2017-07-12 18:58 - 2017-06-20 07:05 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 07:05 - 00364032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 07:04 - 02330520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01178528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 01077496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webservices.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00181656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2017-07-12 18:58 - 2017-06-20 07:04 - 00049656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msasn1.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 05806048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 02077184 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 07:03 - 00864240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-07-12 18:58 - 2017-06-20 07:03 - 00443728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 03377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 01121928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2017-07-12 18:58 - 2017-06-20 07:02 - 00354400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 04536320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 07:01 - 00176032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-07-12 18:58 - 2017-06-20 07:00 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 02938880 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:59 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-07-12 18:58 - 2017-06-20 06:56 - 00985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2017-07-12 18:58 - 2017-06-20 06:49 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2017-07-12 18:58 - 2017-06-20 06:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:58 - 2017-06-20 06:45 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webplatstorageserver.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00173568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincredui.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2017-07-12 18:58 - 2017-06-20 06:43 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dataclen.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certca.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Payments.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-07-12 18:58 - 2017-06-20 06:42 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00734208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2017-07-12 18:58 - 2017-06-20 06:41 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00433152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:41 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-07-12 18:58 - 2017-06-20 06:40 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edputil.dll
2017-07-12 18:58 - 2017-06-20 06:40 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerUI.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02814464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themeui.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 02671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00646144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmsys.cpl
2017-07-12 18:58 - 2017-06-20 06:39 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2017-07-12 18:58 - 2017-06-20 06:39 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 01451008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01285120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 01171968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2017-07-12 18:58 - 2017-06-20 06:38 - 00663040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartcardCredentialProvider.dll
2017-07-12 18:58 - 2017-06-20 06:38 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-07-12 18:58 - 2017-06-20 06:37 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2017-07-12 18:58 - 2017-06-20 06:36 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02679296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 02132480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2017-07-12 18:58 - 2017-06-20 06:35 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cldapi.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 04056576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02750464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 02211328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 01492480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2017-07-12 18:58 - 2017-06-20 06:34 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-07-12 18:58 - 2017-06-20 06:31 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdmaud.drv
2017-07-12 18:58 - 2017-06-20 06:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2017-07-12 18:58 - 2017-06-20 06:30 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2017-07-12 18:58 - 2017-06-20 06:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2017-07-12 18:57 - 2017-07-07 16:00 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\HoloSI.PCShell.dll
2017-07-12 18:57 - 2017-07-07 09:27 - 01147288 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 01024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00965024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2017-07-12 18:57 - 2017-07-07 09:27 - 00821664 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2017-07-12 18:57 - 2017-07-07 09:27 - 00750560 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2017-07-12 18:57 - 2017-07-07 09:26 - 01065104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-07-12 18:57 - 2017-07-07 09:25 - 00899824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 08318880 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 01186464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2017-07-12 18:57 - 2017-07-07 09:22 - 00119384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 32688336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 09:21 - 02969880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00923040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-07-12 18:57 - 2017-07-07 09:20 - 00519584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2017-07-12 18:57 - 2017-07-07 09:20 - 00382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-07-12 18:57 - 2017-07-07 09:17 - 01017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2017-07-12 18:57 - 2017-07-07 09:15 - 02444696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-07-12 18:57 - 2017-07-07 09:14 - 07325584 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 05477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01760264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-07-12 18:57 - 2017-07-07 09:14 - 01171032 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-07-12 18:57 - 2017-07-07 09:13 - 00147800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Clipc.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-07-12 18:57 - 2017-07-07 09:12 - 00318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-07-12 18:57 - 2017-07-07 09:12 - 00228256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2017-07-12 18:57 - 2017-07-07 09:11 - 07904784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 21353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01337848 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 01325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-07-12 18:57 - 2017-07-07 09:10 - 00372128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-07-12 18:57 - 2017-07-07 09:09 - 00041376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininitext.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 02229152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystems64.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01854880 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVIntegration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01458584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntSubsystemController.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 01100704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPolicy.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00992672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVManifest.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00848280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVOrchestration.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00846752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2017-07-12 18:57 - 2017-07-07 09:08 - 00844704 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntStreamingManager.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00774560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVReporting.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00699808 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVCatalog.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00672672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVPublishing.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00506776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TransportDSA.dll
2017-07-12 18:57 - 2017-07-07 09:08 - 00399264 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVScripting.dll
2017-07-12 18:57 - 2017-07-07 09:07 - 01106848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2017-07-12 18:57 - 2017-07-07 09:07 - 00058488 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2017-07-12 18:57 - 2017-07-07 08:37 - 31652264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecsRaw.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 03670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-07-12 18:57 - 2017-07-07 08:27 - 01640448 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 01050624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00577024 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\PerceptionSimulationExtensions.dll
2017-07-12 18:57 - 2017-07-07 08:27 - 00360960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-07-12 18:57 - 2017-07-07 08:26 - 17364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-07-12 18:57 - 2017-07-07 08:25 - 02199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-07-12 18:57 - 2017-07-07 08:24 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-07-12 18:57 - 2017-07-07 08:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 07931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-07-12 18:57 - 2017-07-07 08:22 - 00520704 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncCsp.dll
2017-07-12 18:57 - 2017-07-07 08:21 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 23681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-07-12 18:57 - 2017-07-07 08:20 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\prntvpt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 07149056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2017-07-12 18:57 - 2017-07-07 08:19 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschap.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 07336448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00563712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
2017-07-12 18:57 - 2017-07-07 08:18 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecsExt.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 01260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-07-12 18:57 - 2017-07-07 08:17 - 00692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-07-12 18:57 - 2017-07-07 08:17 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-07-12 18:57 - 2017-07-07 08:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-07-12 18:57 - 2017-07-07 08:15 - 00922112 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-07-12 18:57 - 2017-07-07 08:14 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-07 08:14 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 05892096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2017-07-12 18:57 - 2017-07-07 08:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 03307008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02499584 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.pcshell.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 02055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-07-12 18:57 - 2017-07-07 08:12 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01420800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 01293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-07-12 18:57 - 2017-07-07 08:12 - 00706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-07-12 18:57 - 2017-07-07 08:11 - 03139584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02829824 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02649600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 02177024 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-07-12 18:57 - 2017-07-07 08:11 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 05557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 04707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-07-12 18:57 - 2017-07-07 08:10 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-07-12 18:57 - 2017-07-07 08:07 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2017-07-12 18:57 - 2017-07-07 08:06 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sensrsvc.dll
2017-07-12 18:57 - 2017-07-07 08:05 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msinfo32.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01703424 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2017-07-12 18:57 - 2017-07-07 08:04 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2017-07-12 18:57 - 2017-07-07 08:04 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2017-07-12 18:57 - 2017-07-07 08:02 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoScreensaver.scr
2017-07-12 18:57 - 2017-07-02 00:52 - 00031932 _____ C:\WINDOWS\system32\edgehtmlpluginpolicy.bin
2017-07-12 18:57 - 2017-06-20 08:18 - 01564576 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2017-07-12 18:57 - 2017-06-20 08:18 - 00096672 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2017-07-12 18:57 - 2017-06-20 08:17 - 00629152 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00544160 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00334240 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00136096 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2017-07-12 18:57 - 2017-06-20 08:17 - 00034720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2017-07-12 18:57 - 2017-06-20 08:16 - 01214880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2017-07-12 18:57 - 2017-06-20 08:16 - 00335776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcntel.dll
2017-07-12 18:57 - 2017-06-20 08:15 - 00233376 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2017-07-12 18:57 - 2017-06-20 08:11 - 01395152 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2017-07-12 18:57 - 2017-06-20 08:11 - 00411992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2017-07-12 18:57 - 2017-06-20 08:10 - 02327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-07-12 18:57 - 2017-06-20 08:10 - 01930320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2017-07-12 18:57 - 2017-06-20 08:08 - 01242528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2017-07-12 18:57 - 2017-06-20 08:05 - 01057832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2017-07-12 18:57 - 2017-06-20 08:04 - 04847424 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-07-12 18:57 - 2017-06-20 08:04 - 00472728 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00179608 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2017-07-12 18:57 - 2017-06-20 08:03 - 00102312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialUIBroker.exe
2017-07-12 18:57 - 2017-06-20 08:02 - 02645688 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-07-12 18:57 - 2017-06-20 08:02 - 00426912 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00558920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00255904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2017-07-12 18:57 - 2017-06-20 08:00 - 00142752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2017-07-12 18:57 - 2017-06-20 07:59 - 01054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-07-12 18:57 - 2017-06-20 07:59 - 00583304 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2017-07-12 18:57 - 2017-06-20 07:59 - 00467504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00833160 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00406072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-07-12 18:57 - 2017-06-20 07:58 - 00203168 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2017-07-12 18:57 - 2017-06-20 07:57 - 00204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2017-07-12 18:57 - 2017-06-20 07:16 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-07-12 18:57 - 2017-06-20 07:15 - 01620368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 01150784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2017-07-12 18:57 - 2017-06-20 07:14 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2017-07-12 18:57 - 2017-06-20 07:13 - 00216064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.Interface.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2017-07-12 18:57 - 2017-06-20 07:13 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgr.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.RetailInfo.dll
2017-07-12 18:57 - 2017-06-20 07:12 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-07-12 18:57 - 2017-06-20 07:11 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ScDeviceEnum.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsEnvironment.Desktop.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-07-12 18:57 - 2017-06-20 07:10 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincredui.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFDSConMgrSvc.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Narrator.exe
2017-07-12 18:57 - 2017-06-20 07:09 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SCardSvr.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00205312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\certprop.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2017-07-12 18:57 - 2017-06-20 07:09 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dataclen.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00791040 _____ (Microsoft Corporation) C:\WINDOWS\system32\certca.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockHostingFramework.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-07-12 18:57 - 2017-06-20 07:08 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00916992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2017-07-12 18:57 - 2017-06-20 07:07 - 00823296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2017-07-12 18:57 - 2017-06-20 07:07 - 00626176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2017-07-12 18:57 - 2017-06-20 07:07 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00847872 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00455680 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edputil.dll
2017-07-12 18:57 - 2017-06-20 07:06 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerUI.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 04447744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 02873344 _____ (Microsoft Corporation) C:\WINDOWS\system32\themeui.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 01468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmsys.cpl
2017-07-12 18:57 - 2017-06-20 07:05 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputSwitch.dll
2017-07-12 18:57 - 2017-06-20 07:05 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\system32\cldapi.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 01425920 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2017-07-12 18:57 - 2017-06-20 07:04 - 00899072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmartcardCredentialProvider.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-07-12 18:57 - 2017-06-20 07:04 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2017-07-12 18:57 - 2017-06-20 07:03 - 01396224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 03204096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 02804736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00681984 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-07-12 18:57 - 2017-06-20 07:02 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinAUG.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 04396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03803136 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03332096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 01076736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-07-12 18:57 - 2017-06-20 07:01 - 00397312 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 03057664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-07-12 18:57 - 2017-06-20 07:00 - 02171392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-07-12 18:57 - 2017-06-20 06:59 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-07-12 18:57 - 2017-06-20 06:58 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-07-12 18:57 - 2017-06-20 06:57 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2017-07-12 18:57 - 2017-06-20 06:57 - 00138752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMPushRouterCore.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00600064 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-07-12 18:57 - 2017-06-20 06:56 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdmaud.drv
2017-07-12 18:57 - 2017-06-20 06:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-07-12 18:57 - 2017-06-20 06:45 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2017-07-11 15:25 - 2017-07-11 15:25 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign691e163531e0b57f
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignf7398b9b18fb737a
2017-07-11 15:22 - 2017-07-11 15:22 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign3fedaf8a159f6dbe
2017-07-09 22:31 - 2017-07-09 22:31 - 00280758 _____ C:\Users\yuk\Desktop\Guide-to-Crushing-ICOs (1).pdf
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsignbd8d4b30cc7b0a63
2017-07-08 04:15 - 2017-07-08 04:15 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign803a511bf64b2a7b
2017-07-07 08:25 - 2017-07-07 08:25 - 00281255 _____ C:\Users\yuk\Desktop\2016-06-21-dao-meetup.pdf
2017-07-07 06:34 - 2017-07-07 06:34 - 01678520 _____ C:\Users\yuk\Desktop\Swarmwise-2013-by-Rick-Falkvinge-v1.1-2013Sep01.pdf
2017-07-07 03:57 - 2017-07-07 03:57 - 02581058 _____ C:\Users\yuk\Desktop\Ian Balina - Hacking Venture Capital.pdf
2017-07-05 18:48 - 2017-07-05 18:48 - 00000017 _____ C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-07-05 18:47 - 2017-07-05 18:47 - 00000000 ____D C:\Users\yuk\Desktop\NiceHash
2017-07-03 15:42 - 2017-07-03 15:42 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign9a5c28e1286a561b
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign95814f4f98e5fd87
2017-07-03 15:39 - 2017-07-03 15:39 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign15bb920bdd8542bc
2017-06-30 22:40 - 2017-06-30 22:40 - 03969909 _____ C:\Users\yuk\Desktop\NDC-TPT-ICO-Whitepaper-v-1-eng.pdf
2017-06-30 17:01 - 2017-07-14 14:21 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera Browser.lnk
2017-06-28 23:14 - 2017-06-28 23:14 - 00000222 _____ C:\Users\yuk\Desktop\Turok Dinosaur Hunter.url
2017-06-28 14:45 - 2017-07-02 08:23 - 00000935 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-07-02 08:23 - 00000749 _____ C:\WINDOWS\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}.job
2017-06-28 14:45 - 2017-06-28 14:45 - 00004140 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Update {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 14:45 - 2017-06-28 14:45 - 00003962 _____ C:\WINDOWS\System32\Tasks\EPSON XP-215 217 Series Invitation {7660D75B-BC2E-4AC2-96C2-7E0E2A82D544}
2017-06-28 13:44 - 2017-06-28 13:44 - 00002336 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 13:44 - 2017-06-28 13:44 - 00002324 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign71509ec51adf90ba
2017-06-28 13:29 - 2017-06-28 13:29 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign04fd5c63b38afe12
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign657c088acb6bcc64
2017-06-28 11:16 - 2017-06-28 11:16 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign32243907df5452f1
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigne004f0bca1bc0d05
2017-06-28 03:20 - 2017-06-28 03:20 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign84f89191745e24b1
2017-06-27 18:48 - 2017-07-01 06:13 - 00000000 ____D C:\Users\yuk\AppData\Roaming\discord
2017-06-27 18:48 - 2017-06-27 18:48 - 00002260 _____ C:\Users\yuk\Desktop\Discord.lnk
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\SquirrelTemp
2017-06-27 18:48 - 2017-06-27 18:48 - 00000000 ____D C:\Users\yuk\AppData\Local\Discord
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsigned85db22ba142d9b
2017-06-27 18:06 - 2017-06-27 18:06 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign74db16fde766e162
2017-06-27 17:53 - 2017-06-27 17:53 - 00000207 _____ C:\Users\yuk\Desktop\Parity.txt
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign87161b0f3dc7f63e
2017-06-25 19:35 - 2017-06-25 19:35 - 00000000 ____D C:\Users\yuk\AppData\Local\Tempzxpsign5568de062ffd86c3
2017-06-25 18:06 - 2017-06-25 18:06 - 00001226 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2017-06-25 18:06 - 2017-06-25 18:06 - 00001214 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2017-06-24 12:13 - 2017-06-24 12:13 - 00000000 ____D C:\Users\yuk\.ethash
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Users\yuk\AppData\Local\Parity
2017-06-24 12:05 - 2017-06-24 12:05 - 00000000 ____D C:\Program Files\Ethcore

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-19 18:19 - 2017-05-14 11:53 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-07-19 17:45 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2017-07-19 15:23 - 2017-05-14 21:43 - 00916280 _____ C:\WINDOWS\system32\perfh007.dat
2017-07-19 15:23 - 2017-05-14 21:43 - 00198228 _____ C:\WINDOWS\system32\perfc007.dat
2017-07-19 15:23 - 2017-05-14 21:41 - 00859222 _____ C:\WINDOWS\system32\perfh00A.dat
2017-07-19 15:23 - 2017-05-14 21:41 - 00202486 _____ C:\WINDOWS\system32\perfc00A.dat
2017-07-19 15:23 - 2017-05-14 12:07 - 03147936 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-07-19 15:22 - 2015-05-21 13:18 - 00565416 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-07-19 15:21 - 2017-03-18 13:40 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2017-07-19 15:19 - 2017-03-28 18:15 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Writefull
2017-07-19 15:19 - 2015-09-04 15:51 - 00000000 ___RD C:\Users\yuk\Creative Cloud Files
2017-07-19 15:19 - 2015-05-24 12:45 - 00000000 ____D C:\Users\yuk\AppData\Local\Adobe
2017-07-19 15:18 - 2017-05-14 12:05 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-07-19 15:18 - 2017-05-14 11:53 - 04918192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-07-19 15:18 - 2017-03-18 13:40 - 01835008 _____ C:\WINDOWS\system32\config\BBI
2017-07-19 15:18 - 2016-10-22 16:16 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-19 15:18 - 2015-07-28 20:24 - 00000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-07-19 15:13 - 2016-02-09 04:58 - 00000000 ____D C:\Users\yuk\AppData\LocalLow\Temp
2017-07-19 15:02 - 2017-05-14 12:05 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{943D6DCB-B6A4-4FD7-980C-69A4C8DFD8CE}
2017-07-19 15:02 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-07-19 00:25 - 2015-05-20 06:43 - 00000000 ____D C:\ProgramData\Package Cache
2017-07-19 00:11 - 2017-03-18 23:03 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-19 00:10 - 2015-11-15 15:20 - 00000008 __RSH C:\ProgramData\ntuser.pol
2017-07-19 00:10 - 2015-06-16 13:06 - 00000000 ____D C:\AdwCleaner
2017-07-18 20:48 - 2017-03-18 23:01 - 00000000 ____D C:\WINDOWS\INF
2017-07-18 17:56 - 2015-05-19 18:57 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-18 16:54 - 2017-04-01 15:51 - 00005410 _____ C:\Users\yuk\Desktop\blogPost_1.txt
2017-07-17 02:23 - 2015-05-19 21:16 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Skype
2017-07-16 22:39 - 2017-04-01 17:06 - 00003635 _____ C:\Users\yuk\Desktop\MindTrick1.txt
2017-07-16 21:19 - 2015-09-19 09:35 - 00000000 ___RD C:\Users\yuk\OneDrive
2017-07-16 19:47 - 2015-06-16 15:19 - 00000033 _____ C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2017-07-15 15:24 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\rescache
2017-07-14 14:21 - 2017-05-14 12:05 - 00003954 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1432754114
2017-07-14 14:21 - 2015-05-27 21:14 - 00000000 ____D C:\Program Files (x86)\Opera
2017-07-13 10:26 - 2015-09-10 07:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ___RD C:\Program Files\Windows Defender
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\migwiz
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-07-13 06:01 - 2017-03-18 23:03 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2017-07-13 01:11 - 2015-09-19 09:32 - 00000000 ____D C:\Users\yuk\AppData\Local\Comms
2017-07-13 01:05 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Local\Packages
2017-07-12 22:20 - 2017-04-12 16:47 - 00000789 _____ C:\Users\yuk\Desktop\Neues Textdokument (2).txt
2017-07-12 19:03 - 2017-03-18 22:51 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-07-12 19:02 - 2015-05-21 18:26 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-07-12 18:59 - 2015-05-21 18:26 - 135225752 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-07-12 17:48 - 2017-05-14 12:05 - 00004598 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2017-07-12 17:48 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\Macromed
2017-07-11 15:47 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-07-08 05:06 - 2015-11-20 17:09 - 00000000 ____D C:\Users\yuk\AppData\Roaming\TS3Client
2017-07-08 00:55 - 2017-03-18 23:03 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-07-07 08:41 - 2013-08-22 17:44 - 00395226 __RSH C:\bootmgr
2017-07-04 00:30 - 2017-05-14 11:57 - 00000000 ____D C:\Users\yuk
2017-06-30 16:47 - 2017-03-18 23:06 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2017-06-30 16:47 - 2017-03-18 23:06 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2017-06-28 16:01 - 2015-05-26 14:21 - 00000000 ____D C:\Program Files (x86)\Entropia Universe
2017-06-28 13:44 - 2015-05-19 18:22 - 00000000 ____D C:\Program Files (x86)\Google
2017-06-27 17:45 - 2017-02-17 18:33 - 00000221 _____ C:\Users\yuk\Desktop\Neues Textdokument.txt
2017-06-25 18:06 - 2015-06-16 14:55 - 00000000 ____D C:\Program Files (x86)\Adobe
2017-06-25 18:06 - 2015-05-19 18:14 - 00000000 ____D C:\Users\yuk\AppData\Roaming\Adobe
2017-06-19 23:39 - 2016-05-09 17:19 - 00000000 ____D C:\Users\yuk\AppData\Local\SecondLife

==================== Files in the root of some directories =======

2015-06-16 15:19 - 2017-07-16 19:47 - 0000033 _____ () C:\Users\yuk\AppData\Roaming\AdobeWLCMCache.dat
2015-05-24 12:34 - 2015-07-30 09:33 - 0000301 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Login.ini
2015-05-24 12:34 - 2015-07-30 10:17 - 0001380 _____ () C:\Users\yuk\AppData\Roaming\BreakingPoint_Options.ini
2017-01-26 18:22 - 2017-01-26 18:36 - 0000200 _____ () C:\Users\yuk\AppData\Roaming\burnaware.ini
2017-07-05 18:48 - 2017-07-05 18:48 - 0000017 _____ () C:\Users\yuk\AppData\Local\resmon.resmoncfg
2017-05-14 11:55 - 2017-05-14 11:55 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-07-11 14:40

==================== End of FRST.txt ============================

--- --- ---

--- --- ---

18.07.2017, 19:14	#4
M-K-D-B /// TB-Ausbilder	Plotzliches schließEn aller Anwendungen wenn Chrome Browser geöffnet! PANIK Servus, versuchs am infizierten Rechner mal mit einem anderen Browser, z. B. Edge. Wenn du dort das gleiche Problem hast, dann mach alles über USB-Stick. Und komm mal runter... ich weiß, dass man bei sowas aufgeregt ist, aber das bringt keinem was.

Plotzliches schließEn aller Anwendungen wenn Chrome Browser geöffnet! PANIK

Plagegeister aller Art und deren Bekämpfung: Plotzliches schließEn aller Anwendungen wenn Chrome Browser geöffnet! PANIK