| |
| |||||||
Log-Analyse und Auswertung: pc langsam, komische ruckler, icons refreshen sich von selbstWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
01.01.2018, 18:28
| #1 |
| |  pc langsam, komische ruckler, icons refreshen sich von selbst Hallo. Ich hab in den letzten Tagen viel Müll runtergeladen, hab den verdacht das irgendwas im hintergrund läuft, poste mal hier die logs und will wissen ob da was verdächtiges drin ist Code:
ATTFilter OTL logfile created on: 01.01.2018 17:50:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kristian\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.11.15063.0) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,43 Gb Total Physical Memory | 0,56 Gb Available Physical Memory | 16,29% Memory free 7,43 Gb Paging File | 2,84 Gb Available in Paging File | 38,24% Paging File free Paging file location(s): ?:\pagefile.sys %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 916,96 Gb Total Space | 820,78 Gb Free Space | 89,51% Space Free | Partition Type: NTFS Drive D: | 13,32 Gb Total Space | 1,61 Gb Free Space | 12,06% Space Free | Partition Type: NTFS Drive G: | 930,40 Gb Total Space | 923,07 Gb Free Space | 99,21% Space Free | Partition Type: NTFS Computer Name: DESKTOP-SO774TI | User Name: Kristian | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2018.01.01 17:49:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kristian\Downloads\OTL.exe PRC - [2018.01.01 17:35:29 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Kristian\Downloads\HijackThis.exe PRC - [2017.12.25 16:32:29 | 000,334,632 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avpui.exe PRC - [2017.12.20 20:43:26 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe PRC - [2017.12.20 20:34:41 | 000,143,144 | ---- | M] (Dropbox, Inc.) -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe PRC - [2017.12.13 16:46:16 | 000,809,088 | ---- | M] (ExpressVPN) -- C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe PRC - [2017.12.13 16:45:40 | 008,475,776 | ---- | M] () -- C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe PRC - [2017.11.27 14:51:16 | 000,067,384 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2017.11.27 14:50:34 | 000,067,384 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\MDCrashReportTool.exe PRC - [2017.10.13 15:19:08 | 000,627,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\fontdrvhost.exe PRC - [2017.09.18 06:32:46 | 000,402,408 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe PRC - [2017.09.18 06:32:44 | 000,367,080 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe PRC - [2017.09.18 06:17:08 | 000,095,208 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe PRC - [2017.04.03 13:53:30 | 000,471,040 | ---- | M] (HP Inc.) -- c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe PRC - [2017.03.18 21:58:50 | 000,421,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2017.03.06 10:39:40 | 000,051,208 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWOW64\tbaseprovisioning.exe PRC - [2017.02.02 14:31:20 | 001,644,960 | ---- | M] (HP Inc.) -- C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe PRC - [2017.02.01 10:50:44 | 000,459,264 | ---- | M] () -- C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe PRC - [2017.01.24 18:57:38 | 000,354,672 | ---- | M] (AO Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe PRC - [2016.06.20 08:29:34 | 000,631,800 | ---- | M] (HP Inc.) -- c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe PRC - [2016.06.03 21:08:04 | 001,031,704 | ---- | M] (HP) -- C:\Program Files (x86)\HP\Shared\hpqwmiex.exe PRC - [2011.07.28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) -- C:\Program Files (x86)\NetCutDefender\services\aips.exe ========== Modules (No Company Name) ========== MOD - [2017.12.27 21:03:18 | 000,008,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Diaga973505f#\ebf0221b83d6021031c9d88e18c16bc5\System.Diagnostics.Tools.ni.dll MOD - [2017.12.27 21:03:17 | 000,009,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Net.fc6612cd#\e44255c6e462a31e8f0646c8afbc77e1\System.Net.NetworkInformation.ni.dll MOD - [2017.12.27 21:03:16 | 000,008,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.IO\991e5b2b9053920ecb8034bb1323222b\System.IO.ni.dll MOD - [2017.12.27 21:03:13 | 000,008,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Refl9c203d4d#\64cdf603ac882f8b64579dafc1242050\System.Reflection.Extensions.ni.dll MOD - [2017.12.27 21:03:05 | 000,008,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Reflection\e849ee7c257ca10245ab9e32bbab6316\System.Reflection.ni.dll MOD - [2017.12.27 21:02:59 | 000,009,216 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Thre7bb2aad0#\0f03a3f211705dd9c4461efc7eddf139\System.Threading.Tasks.ni.dll MOD - [2017.12.27 21:01:02 | 001,548,800 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\NAudio\b75c0ab3a239349a5191d22623e4a06e\NAudio.ni.dll MOD - [2017.12.27 21:01:02 | 000,141,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\80cef205836bfb4eb02d05bd0fa3a193\Interop.IWshRuntimeLibrary.ni.dll MOD - [2017.12.27 21:01:00 | 001,566,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\HPAudioSwitch\ae55b7c161805e60e09271cd4a495535\HPAudioSwitch.ni.exe MOD - [2017.12.27 21:00:58 | 000,764,928 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\log4net\c898be4698c4d683fb5300b2e29637be\log4net.ni.dll MOD - [2017.12.27 21:00:57 | 000,130,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\fe92b94afb2aaf1605ac9882fbc243a9\Hardcodet.Wpf.TaskbarNotification.ni.dll MOD - [2017.12.27 20:58:47 | 000,391,680 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Dynamic\464972cd7f1d043c3b77496e7cdd51ca\System.Dynamic.ni.dll MOD - [2017.12.27 20:58:47 | 000,185,344 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\d6f57e7a11891c60673915aaaae91581\UIAutomationTypes.ni.dll MOD - [2017.12.27 20:58:47 | 000,010,752 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Linqbd02a4fb#\ce8f42e091fc10fe5f49c2b410e4df66\System.Linq.Expressions.ni.dll MOD - [2017.12.27 20:58:46 | 001,604,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.CSharp\a8b05df3d2f0e511604aa49a1c4d9b56\Microsoft.CSharp.ni.dll MOD - [2017.12.27 20:58:43 | 000,008,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Linq\98db98d5022f99fa81260ca13ae54f59\System.Linq.ni.dll MOD - [2017.12.27 20:58:41 | 000,008,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Threading\e125bc103d831a529e5afde5a342f4a5\System.Threading.ni.dll MOD - [2017.12.27 20:58:41 | 000,008,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Collections\4b9c1af2c5042d94d93304cd133637cd\System.Collections.ni.dll MOD - [2017.12.27 20:58:41 | 000,008,192 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Resoc6338000#\d43cec9df1e156cfb91d5e9a684fefa4\System.Resources.ResourceManager.ni.dll MOD - [2017.12.27 19:47:36 | 000,008,704 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ObjectModel\8343fdb61e668aff2c230fd11c7c93ca\System.ObjectModel.ni.dll MOD - [2017.12.27 19:47:35 | 001,075,712 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\9a0915707e4af4712068857a001e2ba4\System.ComponentModel.Composition.ni.dll MOD - [2017.12.27 19:47:31 | 000,019,456 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime\ba4ec901803835421842e6783911ccc4\System.Runtime.ni.dll MOD - [2017.12.27 19:46:32 | 000,811,520 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\34fa564faa2e6798b1b9b3efe476d1bf\System.Runtime.Remoting.ni.dll MOD - [2017.12.27 19:46:19 | 007,966,720 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Data\5e19528261b64ccc0a245a27ffee22a0\System.Data.ni.dll MOD - [2017.12.27 19:46:08 | 002,226,688 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\45be27bbaab2026bf9816f1d33fe65fb\Newtonsoft.Json.ni.dll MOD - [2017.12.27 19:45:52 | 013,563,392 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\01e92fb68e52de277138c16e6ee0fc8e\System.Windows.Forms.ni.dll MOD - [2017.12.27 19:45:36 | 001,645,568 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\299c91c3c7076d39e8f80dc56d66cc7b\System.Drawing.ni.dll MOD - [2017.12.27 19:45:28 | 001,180,672 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\9a12fab4df185e5c9b75bb0e0695df86\System.Management.ni.dll MOD - [2017.12.27 19:45:26 | 000,273,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\269e1f44944be7f0283ec4c8840b7a6f\System.Numerics.ni.dll MOD - [2017.12.26 05:25:30 | 000,395,776 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\9ea1f86feb13146844ea7a169c62ee0a\System.Xml.Linq.ni.dll MOD - [2017.12.26 05:25:29 | 007,577,088 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\039367fe3994ae89a2745666880d749c\System.Xml.ni.dll MOD - [2017.12.26 05:25:21 | 002,031,616 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\ecba64c9760299c1c757610b22e326dd\System.Xaml.ni.dll MOD - [2017.12.26 05:25:15 | 002,842,112 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\8a52975d7e11e521dcc97c3e8bccad90\System.Runtime.Serialization.ni.dll MOD - [2017.12.26 05:25:09 | 000,993,792 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5d74c24ca4e065b2cff8a1893cbc76c9\System.Configuration.ni.dll MOD - [2017.12.26 05:25:07 | 000,536,064 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\adba2bd3438ee2127e519fd9128f0fb0\PresentationFramework.Aero2.ni.dll MOD - [2017.12.26 05:25:05 | 019,825,152 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\d958c08ea62c279b2ffc5195cb98f9d8\PresentationFramework.ni.dll MOD - [2017.12.25 14:16:39 | 012,187,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\668be3faaa5edc76e56cf4fd70ba48d4\PresentationCore.ni.dll MOD - [2017.12.25 14:16:14 | 004,110,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\ae26a4054e96676fac915b96c3b23202\WindowsBase.ni.dll MOD - [2017.12.25 14:16:06 | 007,684,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\df4d4904ff0ffe7399d5e6cc5d6281f5\System.Core.ni.dll MOD - [2017.12.25 14:15:55 | 010,336,768 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\3f854fedbadec6ad04ffdfd963fc7839\System.ni.dll MOD - [2017.12.08 01:49:26 | 000,076,088 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2017.12.08 01:49:24 | 001,042,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2017.09.20 16:10:47 | 020,518,056 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1b2e7f5cc7171797d3aac21369bb10cf\mscorlib.ni.dll MOD - [2017.02.01 10:50:44 | 000,459,264 | ---- | M] () -- C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe ========== Services (SafeList) ========== SRV:64bit: - [2017.11.30 03:42:41 | 000,304,640 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dusmsvc.dll -- (DusmSvc) SRV:64bit: - [2017.11.30 03:39:13 | 002,809,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppXDeploymentServer.dll -- (AppXSvc) SRV:64bit: - [2017.11.30 03:38:20 | 000,684,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\usocore.dll -- (UsoSvc) SRV:64bit: - [2017.11.02 05:31:29 | 000,153,088 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\RMapi.dll -- (RmSvc) SRV:64bit: - [2017.11.02 05:30:36 | 000,719,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FlightSettings.dll -- (wisvc) SRV:64bit: - [2017.11.02 05:28:22 | 000,799,744 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2017.11.02 05:23:56 | 002,516,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack) SRV:64bit: - [2017.10.15 15:59:23 | 000,923,040 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV:64bit: - [2017.10.15 15:56:41 | 000,872,464 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ClipSVC.dll -- (ClipSVC) SRV:64bit: - [2017.10.13 15:19:50 | 001,833,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\workfolderssvc.dll -- (workfolderssvc) SRV:64bit: - [2017.10.13 15:19:43 | 000,192,512 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Windows.SharedPC.AccountManager.dll -- (shpamsvc) SRV:64bit: - [2017.10.13 15:19:36 | 001,067,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XboxNetApiSvc.dll -- (XboxNetApiSvc) SRV:64bit: - [2017.10.13 15:19:36 | 000,773,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PhoneService.dll -- (PhoneSvc) SRV:64bit: - [2017.10.13 15:19:36 | 000,555,008 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WFDSConMgrSvc.dll -- (WFDSConMgrSvc) SRV:64bit: - [2017.10.13 15:19:36 | 000,301,056 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\EnterpriseAppMgmtSvc.dll -- (EntAppSvc) SRV:64bit: - [2017.10.13 15:19:35 | 001,298,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lpasvc.dll -- (wlpasvc) SRV:64bit: - [2017.10.13 15:19:35 | 000,582,656 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SmsRouterSvc.dll -- (SmsRouter) SRV:64bit: - [2017.10.13 15:19:35 | 000,536,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV:64bit: - [2017.10.13 15:19:29 | 000,200,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ScDeviceEnum.dll -- (ScDeviceEnum) SRV:64bit: - [2017.10.13 15:19:21 | 000,625,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2017.10.13 15:19:20 | 000,847,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2017.10.13 15:19:20 | 000,600,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FrameServer.dll -- (FrameServer) SRV:64bit: - [2017.10.13 15:19:19 | 001,177,600 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\Unistore.dll -- (UnistoreSvc) SRV:64bit: - [2017.10.13 15:19:19 | 000,632,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\tileobjserver.dll -- (tiledatamodelsvc) SRV:64bit: - [2017.10.13 15:19:18 | 001,046,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ngcsvc.dll -- (NgcSvc) SRV:64bit: - [2017.10.13 15:19:18 | 000,548,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorService.dll -- (SensorService) SRV:64bit: - [2017.10.13 15:19:18 | 000,491,520 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NgcCtnrSvc.dll -- (NgcCtnrSvc) SRV:64bit: - [2017.10.13 15:19:16 | 000,772,096 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2017.10.13 15:19:13 | 001,015,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblAuthManager.dll -- (XblAuthManager) SRV:64bit: - [2017.10.13 15:19:13 | 000,970,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cdpsvc.dll -- (CDPSvc) SRV:64bit: - [2017.10.13 15:19:12 | 002,153,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2017.10.13 15:19:12 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\embeddedmodesvc.dll -- (embeddedmode) SRV:64bit: - [2017.10.13 15:19:07 | 000,431,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\BthHFSrv.dll -- (BthHFSrv) SRV:64bit: - [2017.09.30 06:41:28 | 005,304,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\Windows.StateRepository.dll -- (StateRepository) SRV:64bit: - [2017.09.30 06:40:38 | 000,336,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SecurityHealthService.exe -- (SecurityHealthService) SRV:64bit: - [2017.09.29 08:31:30 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2017.09.29 08:25:56 | 000,586,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AppReadiness.dll -- (AppReadiness) SRV:64bit: - [2017.09.29 08:24:18 | 001,307,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dosvc.dll -- (DoSvc) SRV:64bit: - [2017.09.29 08:24:04 | 001,628,672 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\UserDataService.dll -- (UserDataSvc) SRV:64bit: - [2017.09.29 08:23:51 | 001,052,672 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TokenBroker.dll -- (TokenBroker) SRV:64bit: - [2017.09.29 08:23:29 | 000,647,168 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\RDXService.dll -- (RetailDemo) SRV:64bit: - [2017.09.18 23:23:44 | 000,210,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tetheringservice.dll -- (icssvc) SRV:64bit: - [2017.04.06 14:42:44 | 000,298,904 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2017.04.01 06:38:45 | 000,082,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\inetsrv\w3logsvc.dll -- (w3logsvc) SRV:64bit: - [2017.03.18 21:59:53 | 000,428,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WalletService.dll -- (WalletService) SRV:64bit: - [2017.03.18 21:58:33 | 000,706,048 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2017.03.18 21:58:32 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\DevicesFlowBroker.dll -- (DevicesFlowUserSvc) SRV:64bit: - [2017.03.18 21:58:29 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2017.03.18 21:58:24 | 000,081,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2017.03.18 21:58:22 | 000,086,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe -- (diagnosticshub.standardcollector.service) SRV:64bit: - [2017.03.18 21:58:21 | 001,135,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\XblGameSave.dll -- (XblGameSave) SRV:64bit: - [2017.03.18 21:58:21 | 000,334,848 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ncbservice.dll -- (NcbService) SRV:64bit: - [2017.03.18 21:58:21 | 000,093,696 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (WpnUserService_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (UserDataSvc_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (UnistoreSvc_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (PimIndexMaintenanceSvc_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (OneSyncSvc_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (MessagingService_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (DevicesFlowUserSvc_62e18) SRV:64bit: - [2017.03.18 21:58:21 | 000,047,664 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (CDPUserSvc_62e18) SRV:64bit: - [2017.03.18 21:58:18 | 000,055,296 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dmwappushsvc.dll -- (dmwappushservice) SRV:64bit: - [2017.03.18 21:58:17 | 001,191,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SEMgrSvc.dll -- (SEMgrSvc) SRV:64bit: - [2017.03.18 21:58:16 | 000,524,288 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\cdpusersvc.dll -- (CDPUserSvc) SRV:64bit: - [2017.03.18 21:58:16 | 000,342,528 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\APHostService.dll -- (OneSyncSvc) SRV:64bit: - [2017.03.18 21:58:16 | 000,072,704 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Windows\SysNative\WpnUserService.dll -- (WpnUserService) SRV:64bit: - [2017.03.18 21:58:13 | 000,276,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wpnservice.dll -- (WpnService) SRV:64bit: - [2017.03.18 21:58:12 | 000,149,504 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\dssvc.dll -- (DsSvc) SRV:64bit: - [2017.03.18 21:58:10 | 001,284,608 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\SensorDataService.exe -- (SensorDataService) SRV:64bit: - [2017.03.18 21:58:09 | 000,090,624 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\moshost.dll -- (MapsBroker) SRV:64bit: - [2017.03.18 21:58:09 | 000,024,576 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AJRouter.dll -- (AJRouter) SRV:64bit: - [2017.03.18 21:58:07 | 000,233,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2017.03.18 21:58:07 | 000,182,272 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\PimIndexMaintenance.dll -- (PimIndexMaintenanceSvc) SRV:64bit: - [2017.03.18 21:58:04 | 000,301,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xbgmsvc.dll -- (xbgm) SRV:64bit: - [2017.03.18 21:58:04 | 000,043,520 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lfsvc.dll -- (lfsvc) SRV:64bit: - [2017.03.18 21:58:04 | 000,033,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DevQueryBroker.dll -- (DevQueryBroker) SRV:64bit: - [2017.03.18 21:58:04 | 000,026,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\LicenseManagerSvc.dll -- (LicenseManager) SRV:64bit: - [2017.03.18 21:58:04 | 000,018,944 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\xboxgipsvc.dll -- (XboxGipSvc) SRV:64bit: - [2017.03.18 21:58:01 | 000,723,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NaturalAuth.dll -- (NaturalAuthentication) SRV:64bit: - [2017.03.18 21:58:01 | 000,064,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ipxlatcfg.dll -- (IpxlatCfgSvc) SRV:64bit: - [2017.03.18 21:58:01 | 000,023,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\smphost.dll -- (smphost) SRV:64bit: - [2017.03.18 21:57:58 | 000,877,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\usermgr.dll -- (UserManager) SRV:64bit: - [2017.03.18 21:57:58 | 000,519,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2017.03.18 21:57:58 | 000,165,888 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBrokerSvc) SRV:64bit: - [2017.03.18 21:57:58 | 000,095,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\tzautoupdate.dll -- (tzautoupdate) SRV:64bit: - [2017.03.18 21:57:54 | 000,346,624 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2017.03.18 21:57:54 | 000,292,352 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2017.03.18 21:57:54 | 000,059,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\hvhostsvc.dll -- (HvHost) SRV:64bit: - [2017.03.18 21:57:47 | 000,261,632 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NetSetupSvc.dll -- (NetSetupSvc) SRV:64bit: - [2017.03.18 21:57:46 | 000,455,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2017.03.18 21:57:24 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wephostsvc.dll -- (WEPHOSTSVC) SRV:64bit: - [2017.03.18 21:57:16 | 000,121,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2017.03.18 21:57:16 | 000,013,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2017.03.18 21:57:15 | 000,302,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\TieringEngineService.exe -- (TieringEngineService) SRV:64bit: - [2017.03.18 21:57:05 | 000,891,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\Spectrum.exe -- (spectrum) SRV:64bit: - [2017.03.18 21:57:03 | 000,167,424 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2017.03.18 21:57:00 | 000,051,712 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysNative\MessagingService.dll -- (MessagingService) SRV:64bit: - [2017.03.18 21:56:44 | 000,307,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicvss) SRV:64bit: - [2017.03.18 21:56:44 | 000,307,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvcext.dll -- (vmicrdv) SRV:64bit: - [2017.03.18 21:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvmsession) SRV:64bit: - [2017.03.18 21:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2017.03.18 21:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2017.03.18 21:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2017.03.18 21:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV:64bit: - [2017.03.18 21:56:44 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicguestinterface) SRV:64bit: - [2017.03.18 21:56:20 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2017.12.28 20:27:47 | 000,194,000 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2017.12.25 16:32:38 | 000,426,416 | ---- | M] (AO Kaspersky Lab) [On_Demand | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\x64\vssbridge64.exe -- (klvssbridge64_18.0.0) SRV - [2017.12.20 20:34:41 | 000,143,144 | ---- | M] (Dropbox, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem) SRV - [2017.12.20 20:34:41 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate) SRV - [2017.12.13 16:43:34 | 000,339,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ExpressVPN\bootstrap\AMD64\nssm.exe -- (ExpressVpnService) SRV - [2017.10.15 16:01:56 | 000,583,160 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\CoreMessaging.dll -- (CoreMessagingRegistrar) SRV - [2017.10.13 15:20:19 | 000,394,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Windows.Internal.Management.dll -- (DmEnrollmentSvc) SRV - [2017.10.13 15:20:18 | 000,969,728 | ---- | M] (Microsoft Corporation) [On_Demand | Unknown] -- C:\Windows\SysWOW64\Unistore.dll -- (UnistoreSvc) SRV - [2017.09.30 03:04:50 | 004,215,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\Windows.StateRepository.dll -- (StateRepository) SRV - [2017.09.29 08:34:29 | 000,798,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\TokenBroker.dll -- (TokenBroker) SRV - [2017.09.18 06:32:46 | 000,402,408 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service) SRV - [2017.09.18 06:32:44 | 000,367,080 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP) SRV - [2017.09.18 06:17:08 | 000,095,208 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService) SRV - [2017.08.31 01:11:06 | 000,866,792 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService) SRV - [2017.04.10 06:24:41 | 000,324,608 | ---- | M] (Realtek Semiconductor) [Auto | Running] -- C:\Programme\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService) SRV - [2017.04.07 03:53:16 | 000,033,640 | ---- | M] (HP Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService) SRV - [2017.04.03 13:53:30 | 000,471,040 | ---- | M] (HP Inc.) [Auto | Running] -- c:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe -- (HPJumpStartBridge) SRV - [2017.04.01 06:38:45 | 000,497,664 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS) SRV - [2017.04.01 06:38:45 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\w3logsvc.dll -- (w3logsvc) SRV - [2017.04.01 06:38:45 | 000,056,832 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2017.03.18 21:58:46 | 000,020,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\smphost.dll -- (smphost) SRV - [2017.03.18 21:56:20 | 002,899,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2017.03.06 10:39:40 | 000,051,208 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\tbaseprovisioning.exe -- (tbaseprovisioning) SRV - [2017.01.24 18:57:40 | 000,354,672 | ---- | M] (AO Kaspersky Lab) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe -- (KSDE2.0.0) SRV - [2017.01.24 18:57:38 | 000,354,672 | ---- | M] (AO Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\avp.exe -- (AVP18.0.0) SRV - [2016.11.23 01:30:10 | 000,210,288 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2016.11.23 01:30:06 | 000,350,064 | ---- | M] (WildTangent) [Auto | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe -- (GamesAppIntegrationService) SRV - [2016.10.07 14:17:08 | 001,309,184 | ---- | M] (HP Inc.) [Auto | Running] -- C:\Programme\HPCommRecovery\HPCommRecovery.exe -- (HP Comm Recover) SRV - [2016.09.20 13:47:58 | 000,125,656 | ---- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe -- (BTDevManager) SRV - [2016.06.20 08:29:34 | 000,631,800 | ---- | M] (HP Inc.) [Auto | Running] -- c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe -- (HPWMISVC) SRV - [2016.06.03 21:08:04 | 001,031,704 | ---- | M] (HP) [On_Demand | Running] -- C:\Program Files (x86)\HP\Shared\hpqwmiex.exe -- (hpqcaslwmiex) SRV - [2016.03.10 14:07:30 | 001,136,608 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe -- (MBAMService) SRV - [2016.03.10 14:07:28 | 001,514,464 | ---- | M] (Malwarebytes) [Auto | Stopped] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe -- (MBAMScheduler) SRV - [2013.03.01 02:48:58 | 000,118,520 | ---- | M] (Riverbed Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2011.07.28 17:35:44 | 000,262,144 | ---- | M] (Arcai.com) [Auto | Running] -- C:\Program Files (x86)\NetCutDefender\services\aips.exe -- (AIPS) ========== Driver Services (SafeList) ========== DRV:64bit: - [2017.12.26 14:08:50 | 000,028,272 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\Windows\SysNative\drivers\TrueSight.sys -- (TrueSight) DRV:64bit: - [2017.12.25 16:57:46 | 000,199,392 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2017.12.25 16:57:45 | 001,055,424 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2017.12.25 16:52:40 | 000,135,904 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwtp.sys -- (Klwtp) DRV:64bit: - [2017.12.25 16:52:29 | 000,117,984 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klbackupflt.sys -- (klbackupflt) DRV:64bit: - [2017.12.25 16:51:52 | 000,070,880 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbackupdisk.sys -- (klbackupdisk) DRV:64bit: - [2017.12.25 16:44:11 | 000,253,192 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klupd_klif_klark.sys -- (klupd_klif_klark) DRV:64bit: - [2017.12.25 16:34:10 | 000,107,680 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klupd_klif_klbg.sys -- (klupd_klif_klbg) DRV:64bit: - [2017.12.25 16:34:09 | 000,230,312 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klupd_klif_arkmon.sys -- (klupd_klif_arkmon) DRV:64bit: - [2017.12.25 16:34:08 | 000,173,664 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klupd_klif_mark.sys -- (klupd_klif_mark) DRV:64bit: - [2017.12.25 16:34:08 | 000,087,584 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klupd_klif_kimul.sys -- (klupd_klif_kimul) DRV:64bit: - [2017.12.25 16:31:53 | 000,594,144 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klhk.sys -- (klhk) DRV:64bit: - [2017.12.25 16:31:53 | 000,207,576 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klflt.sys -- (klflt) DRV:64bit: - [2017.12.20 22:19:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2017.12.13 16:43:32 | 000,045,024 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapexpressvpn.sys -- (tapexpressvpn) DRV:64bit: - [2017.11.27 14:50:32 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2017.11.27 14:50:22 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2017.11.17 09:56:32 | 000,757,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WdiWiFi.sys -- (wdiwifi) DRV:64bit: - [2017.11.02 06:13:22 | 000,095,640 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stornvme.sys -- (stornvme) DRV:64bit: - [2017.10.15 06:42:04 | 000,050,672 | ---- | M] (AO Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klpd.sys -- (klpd) DRV:64bit: - [2017.10.13 15:19:30 | 000,117,664 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pdc.sys -- (pdc) DRV:64bit: - [2017.10.13 15:19:29 | 000,382,368 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\clfs.sys -- (CLFS) DRV:64bit: - [2017.10.13 15:19:28 | 000,112,544 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\dam.sys -- (dam) DRV:64bit: - [2017.10.13 15:19:16 | 000,142,752 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\wcifs.sys -- (wcifs) DRV:64bit: - [2017.10.13 15:19:16 | 000,104,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmCx.sys -- (UcmCx0101) DRV:64bit: - [2017.10.13 15:19:07 | 000,388,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2017.10.13 15:19:07 | 000,287,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2017.10.13 15:19:07 | 000,277,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xboxgip.sys -- (xboxgip) DRV:64bit: - [2017.10.13 15:19:07 | 000,219,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2017.10.13 15:19:07 | 000,144,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\storahci.sys -- (storahci) DRV:64bit: - [2017.10.13 15:19:07 | 000,118,784 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc.sys -- (netvsc) DRV:64bit: - [2017.10.13 15:19:07 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2017.10.13 15:19:07 | 000,097,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys -- (BthLEEnum) DRV:64bit: - [2017.10.13 15:19:07 | 000,071,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2017.10.13 15:19:07 | 000,051,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmUcsi.sys -- (UcmUcsi) DRV:64bit: - [2017.10.13 15:19:07 | 000,039,424 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\buttonconverter.sys -- (buttonconverter) DRV:64bit: - [2017.10.02 20:30:18 | 007,147,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtwlanu.sys -- (RtlWlanu) DRV:64bit: - [2017.10.02 14:37:18 | 000,111,608 | ---- | M] (Silicon Laboratories Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser) DRV:64bit: - [2017.09.29 08:32:17 | 000,035,840 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2017.09.19 00:09:42 | 000,554,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2017.09.18 06:32:42 | 000,066,520 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge) DRV:64bit: - [2017.09.18 06:32:42 | 000,043,992 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetUserif) DRV:64bit: - [2017.09.18 06:32:34 | 000,046,040 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter) DRV:64bit: - [2017.09.18 06:21:10 | 000,095,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86) DRV:64bit: - [2017.09.05 04:54:54 | 000,105,024 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci) DRV:64bit: - [2017.09.05 04:54:54 | 000,091,712 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock) DRV:64bit: - [2017.08.31 01:11:30 | 000,083,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon) DRV:64bit: - [2017.08.21 02:50:50 | 000,050,224 | ---- | M] (USBPcap) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBPcap.sys -- (USBPcap) DRV:64bit: - [2017.08.17 23:47:18 | 006,895,984 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtwlane.sys -- (RTWlanE) DRV:64bit: - [2017.07.20 06:41:10 | 000,723,920 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtkBtfilter.sys -- (RtkBtFilter) DRV:64bit: - [2017.04.14 11:13:53 | 000,954,368 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rt640x64.sys -- (rt640x64) DRV:64bit: - [2017.04.06 14:42:46 | 032,656,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\c0311397.inf_amd64_bbc78e3fab18ca3b\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2017.04.06 14:42:46 | 000,525,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\c0311397.inf_amd64_bbc78e3fab18ca3b\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2017.04.06 14:42:30 | 000,086,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdkmpfd.sys -- (amdkmpfd) DRV:64bit: - [2017.03.22 09:39:54 | 000,084,768 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\cgnetfilter1521.sys -- (cgnetfilter1521) DRV:64bit: - [2017.03.19 03:32:44 | 000,037,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2017.03.19 03:32:34 | 000,040,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpatialGraphFilter.sys -- (SpatialGraphFilter) DRV:64bit: - [2017.03.19 03:32:29 | 000,030,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2017.03.18 21:59:50 | 000,030,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2017.03.18 21:58:33 | 000,079,872 | ---- | M] (Microsoft Corporation) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\storqosflt.sys -- (storqosflt) DRV:64bit: - [2017.03.18 21:58:18 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gpuenergydrv.sys -- (GpuEnergyDrv) DRV:64bit: - [2017.03.18 21:58:16 | 000,127,488 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2017.03.18 21:58:04 | 000,263,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufx01000.sys -- (Ufx01000) DRV:64bit: - [2017.03.18 21:58:04 | 000,179,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UcmTcpciCx.sys -- (UcmTcpciCx0101) DRV:64bit: - [2017.03.18 21:58:04 | 000,070,232 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRT.sys -- (WindowsTrustedRT) DRV:64bit: - [2017.03.18 21:58:04 | 000,059,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urscx01000.sys -- (UrsCx01000) DRV:64bit: - [2017.03.18 21:58:04 | 000,036,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IndirectKmd.sys -- (IndirectKmd) DRV:64bit: - [2017.03.18 21:58:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\applockerfltr.sys -- (applockerfltr) DRV:64bit: - [2017.03.18 21:58:01 | 000,217,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winnat.sys -- (WinNat) DRV:64bit: - [2017.03.18 21:58:01 | 000,012,288 | ---- | M] (Microsoft Corporation) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\cldflt.sys -- (CldFlt) DRV:64bit: - [2017.03.18 21:57:58 | 000,154,016 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx2.sys -- (SerCx2) DRV:64bit: - [2017.03.18 21:57:58 | 000,083,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2017.03.18 21:57:58 | 000,074,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hvservice.sys -- (hvservice) DRV:64bit: - [2017.03.18 21:57:58 | 000,039,840 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cnghwassist.sys -- (cnghwassist) DRV:64bit: - [2017.03.18 21:57:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2017.03.18 21:57:57 | 000,075,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2017.03.18 21:57:57 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\registry.sys -- (clreg) DRV:64bit: - [2017.03.18 21:57:54 | 000,208,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\windows\SysNative\drivers\wof.sys -- (Wof) DRV:64bit: - [2017.03.18 21:57:54 | 000,169,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2017.03.18 21:57:54 | 000,128,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2017.03.18 21:57:53 | 000,164,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2017.03.18 21:57:53 | 000,072,192 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wcnfs.sys -- (wcnfs) DRV:64bit: - [2017.03.18 21:57:47 | 000,080,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2017.03.18 21:57:39 | 001,735,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\refs.sys -- (ReFS) DRV:64bit: - [2017.03.18 21:57:39 | 000,936,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\windows\SysNative\drivers\refsv1.sys -- (ReFSv1) DRV:64bit: - [2017.03.18 21:57:39 | 000,239,616 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ahcache.sys -- (ahcache) DRV:64bit: - [2017.03.18 21:57:39 | 000,215,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2017.03.18 21:57:39 | 000,033,688 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2017.03.18 21:57:38 | 000,056,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\condrv.sys -- (condrv) DRV:64bit: - [2017.03.18 21:57:38 | 000,049,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iorate.sys -- (iorate) DRV:64bit: - [2017.03.18 21:57:35 | 000,122,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NetAdapterCx.sys -- (NetAdapterCx) DRV:64bit: - [2017.03.18 21:57:24 | 000,088,992 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2017.03.18 21:57:05 | 000,050,688 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mmcss.sys -- (MMCSS) DRV:64bit: - [2017.03.18 21:57:03 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2017.03.18 21:57:00 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys -- (NdisVirtualBus) DRV:64bit: - [2017.03.18 21:56:44 | 000,294,816 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2017.03.18 21:56:44 | 000,121,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdNisDrv.sys -- (WdNisDrv) DRV:64bit: - [2017.03.18 21:56:44 | 000,044,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2017.03.18 21:56:41 | 000,213,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ucx01000.sys -- (Ucx01000) DRV:64bit: - [2017.03.18 21:56:41 | 000,127,392 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2017.03.18 21:56:41 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2017.03.18 21:56:41 | 000,054,272 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\filecrypt.sys -- (FileCrypt) DRV:64bit: - [2017.03.18 21:56:41 | 000,045,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Udecx.sys -- (UdeCx) DRV:64bit: - [2017.03.18 21:56:41 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhf.sys -- (vhf) DRV:64bit: - [2017.03.18 21:56:35 | 000,094,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2017.03.18 21:56:35 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2017.03.18 21:56:35 | 000,051,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidinterrupt.sys -- (hidinterrupt) DRV:64bit: - [2017.03.18 21:56:35 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2017.03.18 21:56:35 | 000,018,520 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\WindowsTrustedRTProxy.sys -- (WindowsTrustedRTProxy) DRV:64bit: - [2017.03.18 21:56:34 | 000,138,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ufxsynopsys.sys -- (ufxsynopsys) DRV:64bit: - [2017.03.18 21:56:34 | 000,098,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\UfxChipidea.sys -- (UfxChipidea) DRV:64bit: - [2017.03.18 21:56:34 | 000,049,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2017.03.18 21:56:34 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xinputhid.sys -- (xinputhid) DRV:64bit: - [2017.03.18 21:56:34 | 000,029,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urschipidea.sys -- (UrsChipidea) DRV:64bit: - [2017.03.18 21:56:34 | 000,028,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\urssynopsys.sys -- (UrsSynopsys) DRV:64bit: - [2017.03.18 21:56:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2017.03.18 21:56:34 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\genericusbfn.sys -- (genericusbfn) DRV:64bit: - [2017.03.18 21:56:28 | 000,168,448 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C_BXT_P.sys -- (iaLPSS2i_I2C_BXT_P) DRV:64bit: - [2017.03.18 21:56:28 | 000,165,376 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_I2C.sys -- (iaLPSS2i_I2C) DRV:64bit: - [2017.03.18 21:56:28 | 000,085,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2_BXT_P.sys -- (iaLPSS2i_GPIO2_BXT_P) DRV:64bit: - [2017.03.18 21:56:28 | 000,081,408 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iai2c.sys -- (iai2c) DRV:64bit: - [2017.03.18 21:56:28 | 000,074,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpci.sys -- (vpci) DRV:64bit: - [2017.03.18 21:56:28 | 000,070,656 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSS2i_GPIO2.sys -- (iaLPSS2i_GPIO2) DRV:64bit: - [2017.03.18 21:56:28 | 000,064,512 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2017.03.18 21:56:28 | 000,053,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAD.sys -- (CAD) DRV:64bit: - [2017.03.18 21:56:28 | 000,047,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2017.03.18 21:56:28 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2017.03.18 21:56:28 | 000,033,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iagpio.sys -- (iagpio) DRV:64bit: - [2017.03.18 21:56:28 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2017.03.18 21:56:28 | 000,013,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2017.03.18 21:56:28 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmgid.sys -- (vmgid) DRV:64bit: - [2017.03.18 21:56:26 | 000,673,184 | ---- | M] (Intel Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\iaStorAV.sys -- (iaStorAV) DRV:64bit: - [2017.03.18 21:56:26 | 000,587,168 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2017.03.18 21:56:26 | 000,405,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbhost.sys -- (mausbhost) DRV:64bit: - [2017.03.18 21:56:26 | 000,101,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmem.sys -- (pmem) DRV:64bit: - [2017.03.18 21:56:26 | 000,091,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\scmbus.sys -- (scmbus) DRV:64bit: - [2017.03.18 21:56:26 | 000,080,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvdimmn.sys -- (nvdimmn) DRV:64bit: - [2017.03.18 21:56:26 | 000,078,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2017.03.18 21:56:26 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2017.03.18 21:56:26 | 000,051,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mausbip.sys -- (mausbip) DRV:64bit: - [2017.03.18 21:56:26 | 000,036,760 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\storufs.sys -- (storufs) DRV:64bit: - [2017.03.18 21:56:26 | 000,031,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SDFRd.sys -- (SDFRd) DRV:64bit: - [2017.03.18 21:56:26 | 000,029,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\uefi.sys -- (UEFI) DRV:64bit: - [2017.03.18 21:56:26 | 000,016,288 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\volume.sys -- (volume) DRV:64bit: - [2017.03.18 21:56:26 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2017.03.18 21:56:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2017.03.18 21:56:25 | 002,104,224 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4vx64.sys -- (cht4vbd) |
|
01.01.2018, 18:30
| #2 |
| | pc langsam, komische ruckler, icons refreshen sich von selbstCode:
ATTFilter DRV:64bit: - [2017.03.18 21:56:25 | 001,135,512 | ---- | M] (PMC-Sierra) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\adp80xx.sys -- (ADP80XX)
DRV:64bit: - [2017.03.18 21:56:25 | 000,842,656 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mlx4_bus.sys -- (mlx4_bus)
DRV:64bit: - [2017.03.18 21:56:25 | 000,526,240 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ibbus.sys -- (ibbus)
DRV:64bit: - [2017.03.18 21:56:25 | 000,347,032 | ---- | M] (Chelsio Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cht4sx64.sys -- (cht4iscsi)
DRV:64bit: - [2017.03.18 21:56:25 | 000,305,568 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2017.03.18 21:56:25 | 000,259,488 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2017.03.18 21:56:25 | 000,123,808 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2i.sys -- (LSI_SAS2i)
DRV:64bit: - [2017.03.18 21:56:25 | 000,122,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\capimg.sys -- (CapImg)
DRV:64bit: - [2017.03.18 21:56:25 | 000,108,960 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndfltr.sys -- (ndfltr)
DRV:64bit: - [2017.03.18 21:56:25 | 000,107,424 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\3ware.sys -- (3ware)
DRV:64bit: - [2017.03.18 21:56:25 | 000,103,328 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas3i.sys -- (LSI_SAS3i)
DRV:64bit: - [2017.03.18 21:56:25 | 000,083,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2017.03.18 21:56:25 | 000,082,848 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2017.03.18 21:56:25 | 000,064,920 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winverbs.sys -- (WinVerbs)
DRV:64bit: - [2017.03.18 21:56:25 | 000,064,416 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2017.03.18 21:56:25 | 000,064,416 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\MegaSas2i.sys -- (megasas2i)
DRV:64bit: - [2017.03.18 21:56:25 | 000,063,904 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2017.03.18 21:56:25 | 000,061,848 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas3i.sys -- (percsas3i)
DRV:64bit: - [2017.03.18 21:56:25 | 000,058,784 | ---- | M] (Avago Technologies) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\percsas2i.sys -- (percsas2i)
DRV:64bit: - [2017.03.18 21:56:25 | 000,032,160 | ---- | M] (Mellanox) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winmad.sys -- (WinMad)
DRV:64bit: - [2017.03.18 21:56:25 | 000,031,136 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2017.03.18 21:56:25 | 000,027,040 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2017.03.18 21:56:25 | 000,020,480 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AcpiDev.sys -- (AcpiDev)
DRV:64bit: - [2017.03.18 21:56:25 | 000,009,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmfn2.sys -- (bcmfn2)
DRV:64bit: - [2017.03.18 21:56:23 | 003,419,040 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2017.03.18 21:56:23 | 000,533,920 | ---- | M] (QLogic Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2017.03.18 21:56:23 | 000,074,840 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\intelpep.sys -- (intelpep)
DRV:64bit: - [2017.03.18 21:56:23 | 000,038,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys -- (iaLPSSi_GPIO)
DRV:64bit: - [2017.03.18 21:56:19 | 000,119,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2017.03.18 21:56:19 | 000,113,152 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys -- (iaLPSSi_I2C)
DRV:64bit: - [2017.03.18 21:56:19 | 000,043,520 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2017.03.18 21:56:19 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2017.03.18 21:56:19 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2017.03.06 10:39:41 | 000,101,376 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdWT6.sys -- (AtiHDAudioService)
DRV:64bit: - [2017.03.06 10:39:40 | 000,255,368 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdpsp.sys -- (amdpsp)
DRV:64bit: - [2017.03.06 10:39:40 | 000,100,744 | ---- | M] (Advanced Micro Devices, Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdkmcsp.sys -- (amdkmcsp)
DRV:64bit: - [2017.02.22 11:33:32 | 000,419,296 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:64bit: - [2017.01.20 13:22:24 | 000,044,768 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klpnpflt.sys -- (klpnpflt)
DRV:64bit: - [2016.12.26 20:27:10 | 000,247,008 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cm_km.sys -- (cm_km)
DRV:64bit: - [2016.12.23 09:20:56 | 000,057,056 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2016.12.20 17:51:06 | 000,093,920 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klwfp.sys -- (klwfp)
DRV:64bit: - [2016.12.07 09:30:58 | 000,058,592 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2016.10.14 02:44:02 | 000,029,816 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\klelam.sys -- (klelam)
DRV:64bit: - [2016.10.12 12:29:22 | 000,057,424 | ---- | M] (AO Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2016.10.01 02:26:00 | 000,554,408 | ---- | M] (AO Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2016.06.07 01:31:06 | 000,052,152 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kltap.sys -- (kltap)
DRV:64bit: - [2016.05.31 23:24:06 | 000,078,216 | ---- | M] (AO Kaspersky Lab) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\kldisk.sys -- (kldisk)
DRV:64bit: - [2016.04.21 10:10:04 | 000,027,136 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2016.03.10 14:09:10 | 000,065,408 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV:64bit: - [2016.03.10 14:08:54 | 000,027,008 | ---- | M] (Malwarebytes) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.01 02:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV - [2017.12.25 16:34:15 | 000,190,832 | ---- | M] (AO Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\ProgramData\Kaspersky Lab\AVP18.0.0\Bases\klids.sys -- (klids)
DRV - [2017.12.13 16:43:32 | 000,028,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\ExpressVpn SplitTunnel Driver\driver\expressvpnsplittunnel.sys -- (expressvpnsplittunnel)
DRV - [2017.04.06 14:42:46 | 032,656,792 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\DriverStore\FileRepository\c0311397.inf_amd64_bbc78e3fab18ca3b\atikmdag.sys -- (amdkmdag)
DRV - [2017.04.06 14:42:46 | 000,525,208 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\windows\System32\DriverStore\FileRepository\c0311397.inf_amd64_bbc78e3fab18ca3b\atikmpag.sys -- (amdkmdap)
DRV - [2017.03.18 21:56:19 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_de4c68ea4fb1be53\CompositeBus.sys -- (CompositeBus)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE
IE:64bit: - HKLM\..\SearchScopes\{64344A08-283C-47E9-86F3-006E5D6C6620}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE
IE - HKLM\..\SearchScopes\{64344A08-283C-47E9-86F3-006E5D6C6620}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=PRHPC1&src=IE11TR&pc=HCTE
IE - HKCU\..\SearchScopes\{64344A08-283C-47E9-86F3-006E5D6C6620}: "URL" = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.countryCode: "DE"
FF - prefs.js..browser.search.region: "DE"
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com: C:\PROGRAM FILES (X86)\KASPERSKY LAB\KASPERSKY INTERNET SECURITY 18.0.0\FFEXT\LIGHT_PLUGIN_FIREFOX\ADDON.XPI [2017.12.25 16:52:02 | 000,169,071 | ---- | M] ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 57.0.3\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 57.0.3\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 18.0.0\FFExt\light_plugin_firefox\addon.xpi [2017.12.25 16:52:02 | 000,169,071 | ---- | M] ()
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 57.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 57.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2017.12.20 22:25:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\Extensions
[2017.12.20 22:25:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\SystemExtensionsDev
[2017.12.25 16:48:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\Firefox\Profiles\cactd8yr.default\browser-extension-data
[2017.12.30 18:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\Firefox\Profiles\cactd8yr.default\browser-extension-data\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2017.12.25 16:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\Firefox\Profiles\cactd8yr.default\browser-extension-data\light_plugin_448EC0843447455C9DA355B3C2811D6A@kaspersky.com
[2017.12.20 22:26:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\Firefox\Profiles\cactd8yr.default\browser-extension-data\screenshots@mozilla.org
[2017.12.25 16:13:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\Firefox\Profiles\cactd8yr.default\extensions
[2017.12.25 16:13:05 | 001,588,091 | ---- | M] () (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\firefox\profiles\cactd8yr.default\extensions\https-everywhere-eff@eff.org.xpi
[2017.12.25 16:12:41 | 001,044,671 | ---- | M] () (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\firefox\profiles\cactd8yr.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2017.12.20 22:34:32 | 000,005,507 | ---- | M] () (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\firefox\profiles\cactd8yr.default\features\{79e5f1e4-4f06-414a-9d21-d03e5ee06ab7}\disable-media-wmf-nv12@mozilla.org.xpi
[2017.12.30 14:43:12 | 000,005,507 | ---- | M] () (No name found) -- C:\Users\Kristian\AppData\Roaming\mozilla\firefox\profiles\cactd8yr.default\features\{7d55bf52-e503-4b30-baae-8bd24bfeec56}\disable-media-wmf-nv12@mozilla.org.xpi
========== Chrome ==========
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.13.4_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mchjnmdbdlkdbfliogedbnpnanfjnolk\5.1.93.0_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb\1.5.4_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb\1.5.4_0\.orig
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Kristian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6317.1002.0.5_0\
O1 HOSTS File: ([2017.03.18 22:01:13 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (HP Inc.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (HP Inc.)
O4:64bit: - HKLM..\Run: [BtServer] C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe (Realtek Semiconductor Corporation)
O4:64bit: - HKLM..\Run: [SecurityHealth] C:\Programme\Windows Defender\MSASCuiL.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HPMessageService] C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (HP Inc.)
O4 - HKLM..\Run: [KeePass 2 PreLoad] C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe (Dominik Reichl)
O4 - HKCU..\Run: [BitTorrent] C:\Users\Kristian\AppData\Roaming\BitTorrent\BitTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [CCleaner Monitoring] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKCU..\Run: [CyberGhost] "C:\Program Files\CyberGhost 6\CyberGhost.exe" /autostart /min File not found
O4 - HKCU..\Run: [ExpressVPN4] C:\Program Files (x86)\ExpressVPN\xvpn-ui\ExpressVpn.exe (ExpressVPN)
O4 - HKCU..\Run: [icq.desktop] C:\Users\Kristian\AppData\Roaming\ICQ\bin\icq.exe ()
O4 - HKCU..\Run: [OneDrive] C:\Users\Kristian\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk = C:\Users\Kristian\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 24
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DSCAutomationHostEnabled = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (HP Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000014 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog_Before_Reset\Catalog_Entries64\000000000015 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog_Before_Reset\Catalog_Entries\000000000015 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4656e31f-e2b8-4d4f-8e4f-f04c3b35f9b5}: DhcpNameServer = 10.165.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48c38849-b09b-47c1-a931-90252c66aba8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{a994e60e-03ab-443e-8d71-9c2822ad0c24}: DhcpNameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{adc45c24-9647-409f-80f7-1f26b40030c8}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{eb4e6593-558b-4109-8217-74d1989e4d6e}: DhcpNameServer = 172.20.10.1
O18:64bit: - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysNative\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O18 - Protocol\Handler\windows.tbauth {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2017.09.27 17:29:49 | 000,000,128 | ---- | M] () - G:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{5a7f20f1-ec13-11e7-995c-168811c37529}\Shell - "" = AutoRun
O33 - MountPoints2\{5a7f20f1-ec13-11e7-995c-168811c37529}\Shell\AutoRun\command - "" = "H:\setup.exe"
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2018.01.01 17:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CloseAll
[2018.01.01 17:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\CloseAll
[2017.12.31 17:46:20 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Desktop\Neuer Ordner (3)
[2017.12.31 15:24:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Notepad++
[2017.12.31 15:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
[2017.12.31 15:24:35 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Notepad++
[2017.12.31 15:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notepad++
[2017.12.30 14:59:10 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Desktop\Neuer Ordner (2)
[2017.12.30 14:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pioneer
[2017.12.30 14:39:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pioneer
[2017.12.30 13:59:10 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Serato
[2017.12.30 13:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato
[2017.12.30 13:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Serato
[2017.12.30 13:54:47 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Windows
[2017.12.30 13:54:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\{03135366-5966-4D7D-962A-24A1F6B4D4CD}
[2017.12.30 13:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serato DJ
[2017.12.30 13:54:06 | 000,000,000 | ---D | C] -- C:\Program Files\Serato DJ
[2017.12.30 13:54:04 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\IIIQF
[2017.12.30 13:48:38 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\Arduino
[2017.12.30 13:48:35 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Arduino15
[2017.12.30 13:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2017.12.30 13:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Arduino
[2017.12.28 23:09:10 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT
[2017.12.28 22:46:43 | 000,000,000 | ---D | C] -- C:\ESD
[2017.12.28 22:45:14 | 000,000,000 | -H-D | C] -- C:\$Windows.~WS
[2017.12.28 20:13:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetCutDefender
[2017.12.28 20:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\arcai.com
[2017.12.28 20:05:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\netcut
[2017.12.26 21:53:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2017.12.26 19:44:17 | 000,192,216 | ---- | C] (Malwarebytes) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys
[2017.12.26 19:43:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
[2017.12.26 19:43:35 | 000,140,672 | ---- | C] (Malwarebytes) -- C:\windows\SysNative\drivers\mbamchameleon.sys
[2017.12.26 19:43:35 | 000,065,408 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mwac.sys
[2017.12.26 19:43:35 | 000,027,008 | ---- | C] (Malwarebytes) -- C:\windows\SysNative\drivers\mbam.sys
[2017.12.26 19:12:43 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\speech
[2017.12.26 19:12:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Killing Floor
[2017.12.26 19:03:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\killingfloor
[2017.12.26 18:55:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Desktop\Spiele
[2017.12.26 18:44:00 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\ATI
[2017.12.26 18:44:00 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\ATI
[2017.12.26 18:44:00 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.12.26 18:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Secure Connection
[2017.12.26 18:39:21 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\RadeonInstaller
[2017.12.26 18:35:39 | 000,000,000 | ---D | C] -- C:\AMD
[2017.12.26 18:07:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes
[2017.12.26 18:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MB2Migration
[2017.12.26 17:20:48 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\CrashDumps
[2017.12.26 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2017.12.26 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\ICQ
[2017.12.26 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Technitium MAC Address Changer v6
[2017.12.26 15:22:39 | 000,224,016 | R-S- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TABCTL32.OCX
[2017.12.26 15:22:38 | 001,010,720 | R-S- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCHRT20.OCX
[2017.12.26 15:22:37 | 000,140,488 | R-S- | C] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX
[2017.12.26 15:22:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Technitium
[2017.12.26 15:22:31 | 001,070,232 | R-S- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX
[2017.12.26 15:21:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pidgin
[2017.12.26 15:04:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Year Walk
[2017.12.26 14:44:54 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017.12.26 14:08:16 | 000,000,000 | ---D | C] -- C:\ProgramData\RogueKiller
[2017.12.26 14:08:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
[2017.12.26 14:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\RogueKiller
[2017.12.25 21:06:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
[2017.12.25 20:59:40 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Microsoft Help
[2017.12.25 20:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2017.12.25 20:57:16 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2017.12.25 20:55:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2017.12.25 20:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2017.12.25 20:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2017.12.25 20:54:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Office Tab
[2017.12.25 20:54:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Office Tab
[2017.12.25 20:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Detong
[2017.12.25 18:25:57 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Desktop\Neuer Ordner
[2017.12.25 17:58:58 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\KeePass
[2017.12.25 17:33:21 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\IsolatedStorage
[2017.12.25 17:33:08 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\ExpressVPN
[2017.12.25 17:32:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExpressVPN
[2017.12.25 17:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ExpressVPN
[2017.12.25 17:32:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressVPN
[2017.12.25 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressVpn Tap Driver Win10
[2017.12.25 17:32:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ExpressVpn SplitTunnel Driver
[2017.12.25 16:44:11 | 000,253,192 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_klark.sys
[2017.12.25 16:34:10 | 000,107,680 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_klbg.sys
[2017.12.25 16:34:09 | 000,230,312 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_arkmon.sys
[2017.12.25 16:34:08 | 000,173,664 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_mark.sys
[2017.12.25 16:34:08 | 000,087,584 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_kimul.sys
[2017.12.25 16:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
[2017.12.25 16:32:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AV
[2017.12.25 16:32:39 | 000,110,176 | ---- | C] (Kaspersky Lab ZAO) -- C:\windows\SysNative\klfphc.dll
[2017.12.25 16:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2017.12.25 16:32:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2017.12.25 16:31:53 | 001,055,424 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys
[2017.12.25 16:31:53 | 000,594,144 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klhk.sys
[2017.12.25 16:31:53 | 000,207,576 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klflt.sys
[2017.12.25 16:31:53 | 000,149,304 | ---- | C] (AO Kaspersky Lab) -- C:\windows\SysNative\klhkum.dll
[2017.12.25 16:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2017.12.25 13:51:43 | 000,000,000 | --SD | C] -- C:\windows\UpdateAssistantV2
[2017.12.24 23:18:38 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Wireshark
[2017.12.24 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\Bioshock
[2017.12.24 21:13:14 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Bioshock
[2017.12.24 20:34:52 | 000,000,000 | ---D | C] -- C:\Program Files\USBPcap
[2017.12.24 20:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2017.12.24 20:34:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2017.12.24 20:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2017.12.23 22:04:19 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Diagnostics
[2017.12.23 19:12:52 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\Virtual Machines
[2017.12.23 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\VMware
[2017.12.23 19:11:53 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\VMware
[2017.12.23 18:07:32 | 000,084,768 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\cgnetfilter1521.sys
[2017.12.23 18:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\CyberGhost 6
[2017.12.22 22:03:58 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Hewlett-Packard
[2017.12.22 20:02:09 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\hpqLog
[2017.12.21 22:28:13 | 000,091,712 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vsock.sys
[2017.12.21 22:28:13 | 000,069,104 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\vsocklib.dll
[2017.12.21 22:28:13 | 000,065,016 | ---- | C] (VMware, Inc.) -- C:\windows\SysWow64\vsocklib.dll
[2017.12.21 22:28:09 | 000,095,704 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmx86.sys
[2017.12.21 22:27:48 | 000,367,080 | ---- | C] (VMware, Inc.) -- C:\windows\SysWow64\vmnetdhcp.exe
[2017.12.21 22:27:40 | 000,402,408 | ---- | C] (VMware, Inc.) -- C:\windows\SysWow64\vmnat.exe
[2017.12.21 22:27:39 | 000,134,104 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\vnetinst.dll
[2017.12.21 22:27:39 | 000,043,992 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\vmnetuserif.sys
[2017.12.21 22:27:33 | 001,134,056 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\vnetlib64.dll
[2017.12.21 22:27:02 | 000,083,008 | ---- | C] (VMware, Inc.) -- C:\windows\SysNative\drivers\hcmon.sys
[2017.12.21 22:27:02 | 000,000,000 | ---D | C] -- C:\windows\SysNative\DRVSTORE
[2017.12.21 22:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2017.12.21 22:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ThinPrint
[2017.12.21 22:26:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2017.12.21 22:26:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2017.12.21 22:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2017.12.21 22:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2017.12.21 22:10:29 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_7.dll
[2017.12.21 22:10:29 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_7.dll
[2017.12.21 22:10:29 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_5.dll
[2017.12.21 22:10:29 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_5.dll
[2017.12.21 22:10:28 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_7.dll
[2017.12.21 22:10:28 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_7.dll
[2017.12.21 22:10:27 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_43.dll
[2017.12.21 22:10:27 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_43.dll
[2017.12.21 22:10:27 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_43.dll
[2017.12.21 22:10:27 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_43.dll
[2017.12.21 22:10:26 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_43.dll
[2017.12.21 22:10:26 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_43.dll
[2017.12.21 22:10:26 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_43.dll
[2017.12.21 22:10:26 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_43.dll
[2017.12.21 22:10:25 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_43.dll
[2017.12.21 22:10:25 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_43.dll
[2017.12.21 22:10:25 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_6.dll
[2017.12.21 22:10:25 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_6.dll
[2017.12.21 22:10:25 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_4.dll
[2017.12.21 22:10:25 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_4.dll
[2017.12.21 22:10:24 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_6.dll
[2017.12.21 22:10:24 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_6.dll
[2017.12.21 22:10:24 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_7.dll
[2017.12.21 22:10:24 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_7.dll
[2017.12.21 22:10:23 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_5.dll
[2017.12.21 22:10:23 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_5.dll
[2017.12.21 22:10:22 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_42.dll
[2017.12.21 22:10:22 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_42.dll
[2017.12.21 22:10:22 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_5.dll
[2017.12.21 22:10:22 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_5.dll
[2017.12.21 22:10:21 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dcsx_42.dll
[2017.12.21 22:10:21 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dcsx_42.dll
[2017.12.21 22:10:20 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx11_42.dll
[2017.12.21 22:10:20 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx11_42.dll
[2017.12.21 22:10:19 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_42.dll
[2017.12.21 22:10:19 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_42.dll
[2017.12.21 22:10:19 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_42.dll
[2017.12.21 22:10:19 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_42.dll
[2017.12.21 22:10:18 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_41.dll
[2017.12.21 22:10:18 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_41.dll
[2017.12.21 22:10:18 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_41.dll
[2017.12.21 22:10:18 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_41.dll
[2017.12.21 22:10:17 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_41.dll
[2017.12.21 22:10:17 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_41.dll
[2017.12.21 22:10:16 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_4.dll
[2017.12.21 22:10:16 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_4.dll
[2017.12.21 22:10:16 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_3.dll
[2017.12.21 22:10:16 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_3.dll
[2017.12.21 22:10:15 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_4.dll
[2017.12.21 22:10:15 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_4.dll
[2017.12.21 22:10:15 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_6.dll
[2017.12.21 22:10:15 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_6.dll
[2017.12.21 22:10:14 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_40.dll
[2017.12.21 22:10:14 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_40.dll
[2017.12.21 22:10:14 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_40.dll
[2017.12.21 22:10:14 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_40.dll
[2017.12.21 22:10:14 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_40.dll
[2017.12.21 22:10:14 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_40.dll
[2017.12.21 22:10:13 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_3.dll
[2017.12.21 22:10:13 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll
[2017.12.21 22:10:13 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_2.dll
[2017.12.21 22:10:13 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll
[2017.12.21 22:10:12 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_3.dll
[2017.12.21 22:10:12 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_3.dll
[2017.12.21 22:10:11 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_5.dll
[2017.12.21 22:10:11 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll
[2017.12.21 22:10:10 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_2.dll
[2017.12.21 22:10:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_2.dll
[2017.12.21 22:10:10 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_1.dll
[2017.12.21 22:10:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_1.dll
[2017.12.21 22:10:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_2.dll
[2017.12.21 22:10:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_2.dll
[2017.12.21 22:10:08 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_39.dll
[2017.12.21 22:10:08 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_39.dll
[2017.12.21 22:10:08 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_39.dll
[2017.12.21 22:10:08 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_39.dll
[2017.12.21 22:10:07 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_39.dll
[2017.12.21 22:10:07 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_39.dll
[2017.12.21 22:10:06 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_1.dll
[2017.12.21 22:10:06 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_1.dll
[2017.12.21 22:10:06 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAPOFX1_0.dll
[2017.12.21 22:10:06 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_0.dll
[2017.12.21 22:10:05 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_1.dll
[2017.12.21 22:10:05 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_1.dll
[2017.12.21 22:10:05 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_4.dll
[2017.12.21 22:10:05 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll
[2017.12.21 22:10:04 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_38.dll
[2017.12.21 22:10:04 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_38.dll
[2017.12.21 22:10:04 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_38.dll
[2017.12.21 22:10:04 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_38.dll
[2017.12.21 22:10:03 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_38.dll
[2017.12.21 22:10:03 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_38.dll
[2017.12.21 22:10:02 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\XAudio2_0.dll
[2017.12.21 22:10:02 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_0.dll
[2017.12.21 22:10:01 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine3_0.dll
[2017.12.21 22:10:01 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine3_0.dll
[2017.12.21 22:10:01 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_3.dll
[2017.12.21 22:10:01 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_3.dll
[2017.12.21 22:10:00 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_37.dll
[2017.12.21 22:10:00 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_37.dll
[2017.12.21 22:10:00 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_37.dll
[2017.12.21 22:10:00 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_37.dll
[2017.12.21 22:09:59 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DX9_37.dll
[2017.12.21 22:09:59 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DX9_37.dll
[2017.12.21 22:09:58 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_10.dll
[2017.12.21 22:09:58 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_10.dll
[2017.12.21 22:09:56 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_36.dll
[2017.12.21 22:09:56 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_36.dll
[2017.12.21 22:09:56 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_36.dll
[2017.12.21 22:09:56 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_36.dll
[2017.12.21 22:09:55 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_36.dll
[2017.12.21 22:09:55 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_36.dll
[2017.12.21 22:09:54 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_9.dll
[2017.12.21 22:09:54 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_9.dll
[2017.12.21 22:09:53 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_35.dll
[2017.12.21 22:09:53 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_35.dll
[2017.12.21 22:09:53 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_35.dll
[2017.12.21 22:09:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_35.dll
[2017.12.21 22:09:52 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_35.dll
[2017.12.21 22:09:52 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_35.dll
[2017.12.21 22:09:50 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_8.dll
[2017.12.21 22:09:50 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_8.dll
[2017.12.21 22:09:50 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\X3DAudio1_2.dll
[2017.12.21 22:09:50 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_2.dll
[2017.12.21 22:09:49 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_34.dll
[2017.12.21 22:09:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_34.dll
[2017.12.21 22:09:49 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_34.dll
[2017.12.21 22:09:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_34.dll
[2017.12.21 22:09:48 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_34.dll
[2017.12.21 22:09:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_34.dll
[2017.12.21 22:09:47 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_3.dll
[2017.12.21 22:09:47 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll
[2017.12.21 22:09:45 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_7.dll
[2017.12.21 22:09:45 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_7.dll
[2017.12.21 22:09:44 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_33.dll
[2017.12.21 22:09:44 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_33.dll
[2017.12.21 22:09:44 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10_33.dll
[2017.12.21 22:09:44 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10_33.dll
[2017.12.21 22:09:42 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_33.dll
[2017.12.21 22:09:42 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_33.dll
[2017.12.21 22:09:41 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_6.dll
[2017.12.21 22:09:41 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_6.dll
[2017.12.21 22:09:39 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_5.dll
[2017.12.21 22:09:39 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_5.dll
[2017.12.21 22:09:38 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx10.dll
[2017.12.21 22:09:38 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx10.dll
[2017.12.21 22:09:37 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_32.dll
[2017.12.21 22:09:37 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_32.dll
[2017.12.21 22:09:36 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll
[2017.12.21 22:09:36 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll
[2017.12.21 22:09:36 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_1.dll
[2017.12.21 22:09:36 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_1.dll
[2017.12.21 22:09:35 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll
[2017.12.21 22:09:35 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll
[2017.12.21 22:09:33 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll
[2017.12.21 22:09:33 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll
[2017.12.21 22:09:32 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll
[2017.12.21 22:09:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll
[2017.12.21 22:09:31 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll
[2017.12.21 22:09:31 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll
[2017.12.21 22:09:30 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll
[2017.12.21 22:09:30 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll
[2017.12.21 22:09:29 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll
[2017.12.21 22:09:29 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll
[2017.12.21 22:09:26 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll
[2017.12.21 22:09:26 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll
[2017.12.21 22:09:24 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll
[2017.12.21 22:09:24 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll
[2017.12.21 22:09:24 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll
[2017.12.21 22:09:24 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll
[2017.12.21 22:09:23 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll
[2017.12.21 22:09:23 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll
[2017.12.21 22:09:23 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll
[2017.12.21 22:09:23 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll
[2017.12.21 22:09:22 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll
[2017.12.21 22:09:22 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll
[2017.12.21 22:09:21 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll
[2017.12.21 22:09:21 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll
[2017.12.21 22:09:19 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll
[2017.12.21 22:09:19 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll
[2017.12.21 22:09:18 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll
[2017.12.21 22:09:18 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll
[2017.12.21 22:06:36 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\directx
[2017.12.21 22:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bioshock
[2017.12.21 21:59:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mr DJ
[2017.12.21 21:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R.G. Mechanics
[2017.12.21 00:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware
[2017.12.20 23:55:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeePass Password Safe 2
[2017.12.20 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Mega Limited
[2017.12.20 23:51:17 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
[2017.12.20 23:50:53 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\MEGAsync
[2017.12.20 23:46:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2017.12.20 23:45:56 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Programs
[2017.12.20 23:45:37 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\WinRAR
[2017.12.20 23:38:30 | 000,000,000 | ---D | C] -- C:\windows\SysNative\MRT
[2017.12.20 23:38:11 | 133,326,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MRT-KB890830.exe
[2017.12.20 23:32:23 | 003,377,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tquery.dll
[2017.12.20 23:32:23 | 000,636,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WpcWebFilter.dll
[2017.12.20 23:32:23 | 000,590,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\PCPKsp.dll
[2017.12.20 23:32:23 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TpmCoreProvisioning.dll
[2017.12.20 23:32:23 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scksp.dll
[2017.12.20 23:32:23 | 000,182,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppxAllUserStore.dll
[2017.12.20 23:32:23 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\rpchttp.dll
[2017.12.20 23:32:22 | 001,506,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\quartz.dll
[2017.12.20 23:32:22 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AppXDeploymentClient.dll
[2017.12.20 23:32:22 | 000,354,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\bcryptprimitives.dll
[2017.12.20 23:32:22 | 000,308,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cryptngc.dll
[2017.12.20 23:32:22 | 000,175,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\basecsp.dll
[2017.12.20 23:32:22 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UserDataTimeUtil.dll
[2017.12.20 23:32:21 | 003,667,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\D3DCompiler_47.dll
[2017.12.20 23:32:21 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msIso.dll
[2017.12.20 23:32:20 | 002,782,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msftedit.dll
[2017.12.20 23:32:20 | 002,671,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tquery.dll
[2017.12.20 23:32:19 | 005,963,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Data.Pdf.dll
[2017.12.20 23:32:19 | 001,019,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aadtb.dll
[2017.12.20 23:32:18 | 002,199,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Resources.dll
[2017.12.20 23:32:17 | 005,721,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BingMaps.dll
[2017.12.20 23:32:16 | 002,953,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\win32kfull.sys
[2017.12.20 23:32:16 | 001,292,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MSVPXENC.dll
[2017.12.20 23:32:15 | 004,559,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dbgeng.dll
[2017.12.20 23:32:15 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dsreg.dll
[2017.12.20 23:32:15 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBrokerUI.dll
[2017.12.20 23:32:14 | 005,808,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.dll
[2017.12.20 23:32:14 | 000,804,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.dll
[2017.12.20 23:32:14 | 000,750,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WWAHost.exe
[2017.12.20 23:32:14 | 000,613,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wer.dll
[2017.12.20 23:32:14 | 000,583,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CoreMessaging.dll
[2017.12.20 23:32:14 | 000,559,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\SettingSyncHost.exe
[2017.12.20 23:32:14 | 000,438,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.ApplicationModel.dll
[2017.12.20 23:32:14 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\werui.dll
[2017.12.20 23:32:14 | 000,283,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WerFault.exe
[2017.12.20 23:32:14 | 000,172,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wermgr.exe
[2017.12.20 23:32:14 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\DWWIN.EXE
[2017.12.20 23:32:13 | 004,215,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.StateRepository.dll
[2017.12.20 23:32:13 | 000,223,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\aepic.dll
[2017.12.20 23:32:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ActiveSyncProvider.dll
[2017.12.20 23:32:12 | 001,248,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\AzureSettingSyncProvider.dll
[2017.12.20 23:32:11 | 013,844,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.dll
[2017.12.20 23:32:11 | 000,798,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\TokenBroker.dll
[2017.12.20 23:32:11 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\daxexec.dll
[2017.12.20 23:32:10 | 005,827,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\windows.storage.dll
[2017.12.20 23:32:10 | 002,259,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CoreUIComponents.dll
[2017.12.20 23:32:10 | 001,266,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.appcore.dll
[2017.12.20 23:32:10 | 000,362,144 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Faultrep.dll
[2017.12.20 23:32:10 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wudriver.dll
[2017.12.20 23:32:09 | 006,728,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinui.dll
[2017.12.20 23:32:09 | 004,417,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ExplorerFrame.dll
[2017.12.20 23:32:08 | 006,763,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Media.Protection.PlayReady.dll
[2017.12.20 23:32:07 | 004,471,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\explorer.exe
[2017.12.20 23:32:07 | 000,787,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wuapi.dll
[2017.12.20 23:32:07 | 000,133,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\WerFaultSecure.exe
[2017.12.20 23:32:05 | 007,598,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstscax.dll
[2017.12.20 23:32:05 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cldapi.dll
[2017.12.20 23:32:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\odbcconf.dll
[2017.12.20 23:32:04 | 001,408,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\gdi32full.dll
[2017.12.20 23:32:02 | 001,439,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfsrcsnk.dll
[2017.12.20 23:32:02 | 000,554,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBHUB3.SYS
[2017.12.20 23:32:02 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\BasicRender.sys
[2017.12.20 23:32:01 | 001,123,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mfnetcore.dll
[2017.12.20 23:32:01 | 000,640,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mswstr10.dll
[2017.12.20 23:32:01 | 000,444,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.System.Launcher.dll
[2017.12.20 23:32:01 | 000,339,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msexcl40.dll
[2017.12.20 23:32:01 | 000,336,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SecurityHealthService.exe
[2017.12.20 23:32:01 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msjint40.dll
[2017.12.20 23:32:00 | 001,460,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsp_fs.dll
[2017.12.20 23:32:00 | 001,318,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wsp_health.dll
[2017.12.20 23:32:00 | 001,244,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.UI.Xaml.Phone.dll
[2017.12.20 23:32:00 | 000,680,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.AccountsControl.dll
[2017.12.20 23:32:00 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\smartscreenps.dll
[2017.12.20 23:31:59 | 002,603,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\OneCoreUAPCommonProxyStub.dll
[2017.12.20 23:31:59 | 000,681,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\clusapi.dll
[2017.12.20 23:31:59 | 000,473,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\resutils.dll
[2017.12.20 23:31:59 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\efswrt.dll
[2017.12.20 23:31:59 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Windows.Graphics.dll
[2017.12.20 23:31:59 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mssprxy.dll
[2017.12.20 23:31:58 | 000,648,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\MbaeApiPublic.dll
[2017.12.20 23:31:58 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mcbuilder.exe
[2017.12.20 23:31:58 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\VPNv2CSP.dll
[2017.12.20 23:31:58 | 000,206,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\scrobj.dll
[2017.12.20 23:31:58 | 000,143,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cscript.exe
[2017.12.20 23:31:58 | 000,133,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\t2embed.dll
[2017.12.20 23:31:58 | 000,095,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stornvme.sys
[2017.12.20 23:31:58 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\updatepolicy.dll
[2017.12.20 23:31:58 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\tetheringclient.dll
[2017.12.20 23:31:57 | 001,135,616 | R--- | C] (The ICU Project) -- C:\windows\SysWow64\icuuc.dll
[2017.12.20 23:31:57 | 000,528,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\iprtrmgr.dll
[2017.12.20 23:31:57 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\twinapi.dll
[2017.12.20 23:31:57 | 000,104,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Robocopy.exe
[2017.12.20 23:31:57 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\usoapi.dll
[2017.12.20 23:31:57 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\CertPKICmdlet.dll
[2017.12.20 23:31:57 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cipher.exe
[2017.12.20 23:31:57 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mgmtapi.dll
[2017.12.20 23:31:56 | 003,107,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mstsc.exe
[2017.12.20 23:31:56 | 000,463,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\webio.dll
[2017.12.20 23:31:56 | 000,110,080 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\BitLockerCsp.dll
[2017.12.20 23:31:56 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\OnDemandConnRouteHelper.dll
[2017.12.20 23:31:55 | 001,004,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ucrtbase.dll
[2017.12.20 23:31:54 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NgcCtnr.dll
[2017.12.20 23:31:53 | 000,546,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys
[2017.12.20 23:31:53 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cryptngc.dll
[2017.12.20 23:31:53 | 000,099,328 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\utcutil.dll
[2017.12.20 23:31:50 | 002,516,480 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\diagtrack.dll
[2017.12.20 23:31:50 | 000,820,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WWAHost.exe
[2017.12.20 23:31:49 | 008,213,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstscax.dll
[2017.12.20 23:31:43 | 000,724,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MusUpdateHandlers.dll
[2017.12.20 23:31:43 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserDataTimeUtil.dll
[2017.12.20 23:31:43 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\musdialoghandlers.dll
[2017.12.20 23:31:42 | 001,937,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wpdshext.dll
[2017.12.20 23:31:42 | 001,628,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UserDataService.dll
[2017.12.20 23:31:42 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MusNotification.exe
[2017.12.20 23:31:42 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\storewuauth.dll
[2017.12.20 23:31:41 | 000,804,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fvewiz.dll
[2017.12.20 23:31:41 | 000,259,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MusNotifyIcon.exe
[2017.12.20 23:31:41 | 000,168,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MusNotificationUx.exe
[2017.12.20 23:31:41 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\updatepolicy.dll
[2017.12.20 23:31:40 | 000,350,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Graphics.dll
[2017.12.20 23:31:40 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuautoappupdate.dll
[2017.12.20 23:31:39 | 003,304,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mstsc.exe
[2017.12.20 23:31:39 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fvecpl.dll
[2017.12.20 23:31:39 | 000,306,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveui.dll
[2017.12.20 23:31:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\manage-bde.exe
[2017.12.20 23:31:39 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BitLockerDeviceEncryption.exe
[2017.12.20 23:31:38 | 020,511,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\edgehtml.dll
[2017.12.20 23:31:38 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Chakradiag.dll
[2017.12.20 23:31:34 | 006,252,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\Chakra.dll
[2017.12.20 23:31:34 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieproxy.dll
[2017.12.20 23:31:33 | 004,726,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
[2017.12.20 23:31:33 | 000,805,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieproxy.dll
[2017.12.20 23:31:32 | 000,094,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rdpudd.dll
[2017.12.20 23:31:32 | 000,038,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OOBEUpdater.exe
[2017.12.20 23:31:31 | 008,195,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Chakra.dll
[2017.12.20 23:31:31 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Chakradiag.dll
[2017.12.20 23:31:29 | 006,557,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.dll
[2017.12.20 23:31:29 | 001,303,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MSVPXENC.dll
[2017.12.20 23:31:27 | 002,398,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\KernelBase.dll
[2017.12.20 23:31:26 | 008,333,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BingMaps.dll
[2017.12.20 23:31:26 | 000,777,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\oleaut32.dll
[2017.12.20 23:31:26 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Core.TextInput.dll
[2017.12.20 23:31:25 | 023,678,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\edgehtml.dll
[2017.12.20 23:31:23 | 002,239,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfsrcsnk.dll
[2017.12.20 23:31:23 | 001,194,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpcrt4.dll
[2017.12.20 23:31:23 | 001,194,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mfnetcore.dll
[2017.12.20 23:31:23 | 000,585,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll
[2017.12.20 23:31:22 | 012,227,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\wmp.dll
[2017.12.20 23:31:22 | 000,831,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\MbaeApiPublic.dll
[2017.12.20 23:31:22 | 000,387,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmpps.dll
[2017.12.20 23:31:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SEMgrPS.dll
[2017.12.20 23:31:21 | 000,755,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
[2017.12.20 23:31:21 | 000,658,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
[2017.12.20 23:31:21 | 000,181,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspicli.dll
[2017.12.20 23:31:20 | 013,381,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wmp.dll
[2017.12.20 23:31:20 | 000,560,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\iprtrmgr.dll
[2017.12.20 23:31:19 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\InputLocaleManager.dll
[2017.12.20 23:31:19 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\sspisrv.dll
[2017.12.20 23:31:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mgmtapi.dll
[2017.12.20 23:31:18 | 002,009,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
[2017.12.20 23:31:18 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ie4uinit.exe
[2017.12.20 23:31:17 | 000,752,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll
[2017.12.20 23:31:17 | 000,654,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentClient.dll
[2017.12.20 23:31:16 | 002,969,880 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CoreUIComponents.dll
[2017.12.20 23:31:16 | 002,829,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2017.12.20 23:31:16 | 002,078,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
[2017.12.20 23:31:16 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wudriver.dll
[2017.12.20 23:31:15 | 005,304,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.StateRepository.dll
[2017.12.20 23:31:14 | 001,150,776 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ucrtbase.dll
[2017.12.20 23:31:14 | 000,727,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wer.dll
[2017.12.20 23:31:14 | 000,412,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Faultrep.dll
[2017.12.20 23:31:14 | 000,319,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WerFault.exe
[2017.12.20 23:31:14 | 000,187,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wermgr.exe
[2017.12.20 23:31:14 | 000,144,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WerFaultSecure.exe
[2017.12.20 23:31:14 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\odbcconf.dll
[2017.12.20 23:31:13 | 005,557,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dbgeng.dll
[2017.12.20 23:31:13 | 004,396,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\D3DCompiler_47.dll
[2017.12.20 23:31:12 | 008,319,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2017.12.20 23:31:11 | 000,212,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\browserbroker.dll
[2017.12.20 23:31:10 | 001,065,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.efi
[2017.12.20 23:31:10 | 000,900,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winresume.exe
[2017.12.20 23:31:09 | 001,395,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.efi
[2017.12.20 23:31:09 | 001,186,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winload.exe
[2017.12.20 23:31:08 | 000,719,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FlightSettings.dll
[2017.12.20 23:31:08 | 000,586,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppReadiness.dll
[2017.12.20 23:31:07 | 000,939,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.AccountsControl.dll
[2017.12.20 23:31:06 | 000,430,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\bcryptprimitives.dll
[2017.12.20 23:31:04 | 000,661,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dnsapi.dll
[2017.12.20 23:31:03 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\eShims.dll
[2017.12.20 23:31:02 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\LocationFrameworkInternalPS.dll
[2017.12.20 23:31:01 | 007,910,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Media.Protection.PlayReady.dll
[2017.12.20 23:31:01 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\rpchttp.dll
[2017.12.20 23:31:00 | 002,730,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smartscreen.exe
[2017.12.20 23:31:00 | 000,925,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WpcWebFilter.dll
[2017.12.20 23:31:00 | 000,799,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wcmsvc.dll
[2017.12.20 23:31:00 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\smartscreenps.dll
[2017.12.20 23:30:59 | 003,206,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Microsoft.Bluetooth.Profiles.Gatt.dll
[2017.12.20 23:30:58 | 007,339,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Data.Pdf.dll
[2017.12.20 23:30:58 | 003,140,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msftedit.dll
[2017.12.20 23:30:57 | 017,370,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.dll
[2017.12.20 23:30:56 | 007,318,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\windows.storage.dll
[2017.12.20 23:30:56 | 000,923,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CoreMessaging.dll
[2017.12.20 23:30:56 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wups.dll
[2017.12.20 23:30:55 | 002,760,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.Shell.UnifiedTile.CuratedTileCollections.dll
[2017.12.20 23:30:55 | 000,961,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\efscore.dll
[2017.12.20 23:30:55 | 000,415,232 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\updatehandlers.dll
[2017.12.20 23:30:55 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\domgmt.dll
[2017.12.20 23:30:55 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TokenBrokerUI.dll
[2017.12.20 23:30:54 | 003,060,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\NetworkMobileSettings.dll
[2017.12.20 23:30:54 | 001,307,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dosvc.dll
[2017.12.20 23:30:54 | 001,052,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TokenBroker.dll
[2017.12.20 23:30:54 | 000,684,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usocore.dll
[2017.12.20 23:30:54 | 000,647,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RDXService.dll
[2017.12.20 23:30:54 | 000,616,960 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WindowManagement.dll
[2017.12.20 23:30:54 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.System.Launcher.dll
[2017.12.20 23:30:54 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceEnroller.exe
[2017.12.20 23:30:53 | 004,445,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingsHandlers_nt.dll
[2017.12.20 23:30:53 | 004,175,872 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\StartTileData.dll
[2017.12.20 23:30:53 | 002,503,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.pcshell.dll
[2017.12.20 23:30:53 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vss_ps.dll
[2017.12.20 23:30:52 | 001,269,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\enterprisecsps.dll
[2017.12.20 23:30:52 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msIso.dll
[2017.12.20 23:30:51 | 007,931,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinui.dll
[2017.12.20 23:30:51 | 005,477,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OneCoreUAPCommonProxyStub.dll
[2017.12.20 23:30:51 | 001,878,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AzureSettingSyncProvider.dll
[2017.12.20 23:30:50 | 000,757,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdiWiFi.sys
[2017.12.20 23:30:49 | 003,668,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32kfull.sys
[2017.12.20 23:30:49 | 002,052,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32kbase.sys
[2017.12.20 23:30:48 | 002,199,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.Resources.dll
[2017.12.20 23:30:47 | 004,848,952 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2017.12.20 23:30:46 | 004,707,840 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ExplorerFrame.dll
[2017.12.20 23:30:46 | 002,032,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aitstatic.exe
[2017.12.20 23:30:46 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\UIRibbonRes.dll
[2017.12.20 23:30:46 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UIRibbonRes.dll
[2017.12.20 23:30:45 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.onecore.dll
[2017.12.20 23:30:45 | 001,468,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentExtensions.desktop.dll
[2017.12.20 23:30:45 | 000,407,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuuhext.dll
[2017.12.20 23:30:45 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SIHClient.exe
[2017.12.20 23:30:45 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuuhosdeployment.dll
[2017.12.20 23:30:44 | 002,809,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppXDeploymentServer.dll
[2017.12.20 23:30:44 | 001,018,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SecConfig.efi
[2017.12.20 23:30:44 | 000,821,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hvloader.exe
[2017.12.20 23:30:44 | 000,667,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ci.dll
[2017.12.20 23:30:44 | 000,543,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\securekernel.exe
[2017.12.20 23:30:44 | 000,524,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TileDataRepository.dll
[2017.12.20 23:30:44 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsqmcons.exe
[2017.12.20 23:30:43 | 001,458,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msctf.dll
[2017.12.20 23:30:43 | 001,068,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.dll
[2017.12.20 23:30:43 | 001,015,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hvax64.exe
[2017.12.20 23:30:43 | 000,965,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hvloader.efi
[2017.12.20 23:30:43 | 000,565,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dsreg.dll
[2017.12.20 23:30:43 | 000,558,912 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.ApplicationModel.dll
[2017.12.20 23:30:43 | 000,409,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys
[2017.12.20 23:30:43 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWWIN.EXE
[2017.12.20 23:30:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\winsrv.dll
[2017.12.20 23:30:43 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TpmTasks.dll
[2017.12.20 23:30:42 | 001,595,152 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\gdi32full.dll
[2017.12.20 23:30:42 | 001,278,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\werconcpl.dll
[2017.12.20 23:30:42 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\werui.dll
[2017.12.20 23:30:41 | 001,713,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ActiveSyncProvider.dll
[2017.12.20 23:30:41 | 001,605,632 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\quartz.dll
[2017.12.20 23:30:41 | 000,986,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuapi.dll
[2017.12.20 23:30:41 | 000,772,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\PCPKsp.dll
[2017.12.20 23:30:41 | 000,257,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\AppxAllUserStore.dll
[2017.12.20 23:30:40 | 001,460,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\lsasrv.dll
[2017.12.20 23:30:40 | 001,345,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\user32.dll
[2017.12.20 23:30:40 | 001,144,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\hvix64.exe
[2017.12.20 23:30:40 | 000,712,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms2.sys
[2017.12.20 23:30:40 | 000,556,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\TpmCoreProvisioning.dll
[2017.12.20 23:30:39 | 001,506,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinapi.appcore.dll
[2017.12.20 23:30:39 | 000,872,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ClipSVC.dll
[2017.12.20 23:30:39 | 000,651,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SettingSyncHost.exe
[2017.12.20 23:30:37 | 002,086,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\UpdateAgent.dll
[2017.12.20 23:30:36 | 002,438,656 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ResetEngine.dll
[2017.12.20 23:30:36 | 001,527,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RecoveryDrive.exe
[2017.12.20 23:30:36 | 000,527,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aadcloudap.dll
[2017.12.20 23:30:36 | 000,484,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dcntel.dll
[2017.12.20 23:30:36 | 000,259,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aepic.dll
[2017.12.20 23:30:36 | 000,136,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CompatTelRunner.exe
[2017.12.20 23:30:36 | 000,067,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\win32appinventorycsp.dll
[2017.12.20 23:30:36 | 000,034,712 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DeviceCensus.exe
[2017.12.20 23:30:35 | 001,578,904 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\appraiser.dll
[2017.12.20 23:30:35 | 000,678,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\generaltel.dll
[2017.12.20 23:30:35 | 000,613,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aeinv.dll
[2017.12.20 23:30:35 | 000,612,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\devinv.dll
[2017.12.20 23:30:35 | 000,529,408 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\daxexec.dll
[2017.12.20 23:30:35 | 000,379,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\invagent.dll
[2017.12.20 23:30:34 | 001,260,544 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\GamePanel.exe
[2017.12.20 23:30:33 | 001,293,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\aadtb.dll
[2017.12.20 23:30:33 | 000,841,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveapi.dll
[2017.12.20 23:30:31 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scksp.dll
[2017.12.20 23:30:31 | 000,203,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\basecsp.dll
[2017.12.20 23:30:30 | 002,088,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsp_fs.dll
[2017.12.20 23:30:30 | 000,469,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wow64win.dll
[2017.12.20 23:30:30 | 000,255,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ubpm.dll
[2017.12.20 23:30:29 | 001,811,456 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wsp_health.dll
[2017.12.20 23:30:29 | 000,644,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\advapi32.dll
[2017.12.20 23:30:29 | 000,461,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wlansec.dll
[2017.12.20 23:30:29 | 000,438,784 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\SharedPCCSP.dll
[2017.12.20 23:30:29 | 000,190,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\acmigration.dll
[2017.12.20 23:30:28 | 000,893,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\clusapi.dll
[2017.12.20 23:30:28 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\resutils.dll
[2017.12.20 23:30:28 | 000,356,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\fveapibase.dll
[2017.12.20 23:30:28 | 000,347,648 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mcbuilder.exe
[2017.12.20 23:30:28 | 000,304,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dusmsvc.dll
[2017.12.20 23:30:28 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\RMapi.dll
[2017.12.20 23:30:28 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cldapi.dll
[2017.12.20 23:30:27 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Storage.dll
[2017.12.20 23:30:26 | 001,438,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Windows.UI.Xaml.Phone.dll
[2017.12.20 23:30:26 | 001,321,984 | R--- | C] (The ICU Project) -- C:\windows\SysNative\icuuc.dll
[2017.12.20 23:30:26 | 000,635,392 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\efswrt.dll
[2017.12.20 23:30:26 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\twinapi.dll
[2017.12.20 23:30:26 | 000,414,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\provhandlers.dll
[2017.12.20 23:30:26 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tetheringservice.dll
[2017.12.20 23:30:26 | 000,175,616 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\t2embed.dll
[2017.12.20 23:30:25 | 000,222,208 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\scrobj.dll
[2017.12.20 23:30:25 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cscript.exe
[2017.12.20 23:30:25 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\usoapi.dll
[2017.12.20 23:30:25 | 000,072,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\easinvoker.exe
[2017.12.20 23:30:25 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\tetheringclient.dll
[2017.12.20 23:30:25 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\efssvc.dll
[2017.12.20 23:30:25 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cipher.exe
[2017.12.20 23:30:25 | 000,038,808 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys
[2017.12.20 23:30:25 | 000,026,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\wuauclt.exe
[2017.12.20 23:30:24 | 000,565,760 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\webio.dll
[2017.12.20 23:30:24 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Robocopy.exe
[2017.12.20 23:30:24 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\CertPKICmdlet.dll
[2017.12.20 23:30:24 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ServiceWorkerHost.exe
[2017.12.20 23:30:23 | 000,538,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\FirewallAPI.dll
[2017.12.20 23:30:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DataUsageHandlers.dll
[2017.12.20 23:30:23 | 000,179,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\BitLockerCsp.dll
[2017.12.20 23:30:23 | 000,138,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DataUsageLiveTileTask.exe
[2017.12.20 23:30:23 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\OnDemandConnRouteHelper.dll
[2017.12.20 23:30:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Dumpstorport.sys
[2017.12.20 22:50:41 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\Neuer Ordner
[2017.12.20 22:49:30 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\TrueCrypt
[2017.12.20 22:25:54 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Mozilla
[2017.12.20 22:25:53 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Mozilla
[2017.12.20 22:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2017.12.20 22:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2017.12.20 22:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2017.12.20 22:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2017.12.20 22:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2017.12.20 22:19:52 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\windows\SysNative\drivers\truecrypt.sys
[2017.12.20 22:19:51 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2017.12.20 22:17:59 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017.12.20 22:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017.12.20 22:17:57 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2017.12.20 22:06:41 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Apple Computer
[2017.12.20 22:06:41 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Apple Computer
[2017.12.20 22:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2017.12.20 22:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2017.12.20 22:04:55 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2017.12.20 22:04:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2017.12.20 22:02:16 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Apple
[2017.12.20 22:02:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2017.12.20 22:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2017.12.20 22:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2017.12.20 22:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2017.12.20 21:59:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2017.12.20 21:07:15 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Hewlett-Packard
[2017.12.20 21:02:10 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Desktop\Tor Browser
[2017.12.20 20:56:01 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Comms
[2017.12.20 20:52:42 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\BitTorrent
[2017.12.20 20:44:38 | 000,000,000 | R--D | C] -- C:\Users\Kristian\OneDrive
[2017.12.20 20:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2017.12.20 20:43:19 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Google
[2017.12.20 20:42:02 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\DBG
[2017.12.20 20:41:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\MicrosoftEdge
[2017.12.20 20:41:31 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Macromedia
[2017.12.20 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\HP JumpStart Apps
[2017.12.20 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\HP
[2017.12.20 20:37:22 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\DropboxOEM
[2017.12.20 20:37:21 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\DropboxOEM
[2017.12.20 20:37:20 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Crashpad
[2017.12.20 20:36:56 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Publishers
[2017.12.20 20:36:49 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\AMD
[2017.12.20 20:36:37 | 000,000,000 | R--D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017.12.20 20:36:36 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Searches
[2017.12.20 20:36:36 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Contacts
[2017.12.20 20:36:32 | 000,000,000 | ---D | C] -- C:\Users\Kristian\Documents\My Bluetooth
[2017.12.20 20:36:26 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Adobe
[2017.12.20 20:36:25 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\VirtualStore
[2017.12.20 20:36:25 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Packages
[2017.12.20 20:36:17 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\ConnectedDevicesPlatform
[2017.12.20 20:34:40 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\TileDataLayer
[2017.12.20 20:34:39 | 000,000,000 | --SD | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Videos
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Saved Games
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Pictures
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Music
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Links
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Favorites
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Downloads
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Documents
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\Desktop
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017.12.20 20:34:39 | 000,000,000 | R--D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Vorlagen
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\AppData\Local\Verlauf
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\AppData\Local\Temporary Internet Files
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Startmenü
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\SendTo
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Recent
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Netzwerkumgebung
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Lokale Einstellungen
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Documents\Eigene Videos
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Documents\Eigene Musik
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Eigene Dateien
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Documents\Eigene Bilder
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Druckumgebung
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Cookies
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\AppData\Local\Anwendungsdaten
[2017.12.20 20:34:39 | 000,000,000 | -HSD | C] -- C:\Users\Kristian\Anwendungsdaten
[2017.12.20 20:34:39 | 000,000,000 | -H-D | C] -- C:\Users\Kristian\Documents\hp.system.package.metadata
[2017.12.20 20:34:39 | 000,000,000 | -H-D | C] -- C:\Users\Kristian\Documents\hp.applications.package.appdata
[2017.12.20 20:34:39 | 000,000,000 | -H-D | C] -- C:\Users\Kristian\AppData
[2017.12.20 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Temp
[2017.12.20 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Local\Microsoft
[2017.12.20 20:34:39 | 000,000,000 | ---D | C] -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017.12.20 18:26:55 | 000,000,000 | ---D | C] -- C:\windows\SoftwareDistribution
[2017.12.20 18:24:28 | 000,000,000 | -HSD | C] -- C:\Programme
[2017.12.20 18:24:28 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2017.12.20 18:24:28 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2017.12.20 18:24:27 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2017.12.13 16:43:32 | 000,045,024 | ---- | C] (The OpenVPN Project) --
< End of report >
|
|
01.01.2018, 18:31
| #3 |
| | pc langsam, komische ruckler, icons refreshen sich von selbstCode:
ATTFilter C:\windows\SysNative\drivers\tapexpressvpn.sys [2017.12.03 23:44:08 | 000,641,696 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msvcp140.dll [2017.12.03 23:44:08 | 000,389,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vccorlib140.dll [2017.12.03 23:44:08 | 000,331,432 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\concrt140.dll [2017.12.03 23:44:08 | 000,087,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vcruntime140.dll [2017.12.03 23:38:22 | 000,263,856 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vccorlib140.dll [2017.12.03 23:38:20 | 000,440,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp140.dll [2017.12.03 23:38:20 | 000,242,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\concrt140.dll [2017.12.03 23:38:20 | 000,083,792 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\vcruntime140.dll [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2018.01.01 17:01:00 | 000,000,860 | ---- | M] () -- C:\Users\Public\Desktop\CloseAll.lnk [2018.01.01 16:42:26 | 000,001,497 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk [2018.01.01 16:41:15 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2018.01.01 16:40:33 | 000,192,216 | ---- | M] (Malwarebytes) -- C:\windows\SysNative\drivers\MBAMSwissArmy.sys [2018.01.01 16:39:37 | 000,002,381 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk [2018.01.01 16:39:25 | 000,454,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2018.01.01 16:39:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2018.01.01 16:39:10 | 1472,577,536 | -HS- | M] () -- C:\hiberfil.sys [2017.12.31 15:24:36 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk [2017.12.30 14:53:29 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\DJ Intro.lnk [2017.12.30 13:56:41 | 000,002,519 | ---- | M] () -- C:\Users\Public\Desktop\Serato DJ .lnk [2017.12.30 13:46:32 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Arduino.lnk [2017.12.30 13:46:31 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf [2017.12.30 13:36:53 | 002,536,696 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2017.12.30 13:36:53 | 001,119,532 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2017.12.30 13:36:53 | 000,900,398 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2017.12.30 13:36:53 | 000,259,880 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2017.12.30 13:36:53 | 000,245,252 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2017.12.28 23:11:08 | 000,001,908 | ---- | M] () -- C:\windows\diagwrn.xml [2017.12.28 23:11:08 | 000,001,908 | ---- | M] () -- C:\windows\diagerr.xml [2017.12.28 22:08:49 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\spu_storage.bin [2017.12.28 20:13:57 | 000,001,119 | ---- | M] () -- C:\Users\Kristian\Desktop\NetcutDefender.lnk [2017.12.28 20:13:57 | 000,000,046 | ---- | M] () -- C:\Users\Kristian\Desktop\netcutdefender support.url [2017.12.28 20:07:14 | 000,001,019 | ---- | M] () -- C:\Users\Kristian\Desktop\netcut.lnk [2017.12.28 20:05:31 | 000,000,046 | ---- | M] () -- C:\Users\Kristian\Desktop\netcut support.url [2017.12.26 21:52:32 | 000,000,812 | ---- | M] () -- C:\Users\Public\Desktop\Year Walk.lnk [2017.12.26 19:43:41 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2017.12.26 19:12:02 | 000,001,125 | ---- | M] () -- C:\Users\Kristian\Desktop\AutoUpdater.lnk [2017.12.26 19:12:01 | 000,001,063 | ---- | M] () -- C:\Users\Kristian\Desktop\Killing Floor.lnk [2017.12.26 18:26:48 | 000,000,000 | -H-- | M] () -- C:\Users\Kristian\Documents\Default.rdp [2017.12.26 15:23:06 | 000,001,948 | ---- | M] () -- C:\Users\Kristian\Desktop\ICQ.lnk [2017.12.26 15:22:41 | 000,001,240 | ---- | M] () -- C:\Users\Public\Desktop\TMAC v6.lnk [2017.12.26 15:22:39 | 000,224,016 | R-S- | M] (Microsoft Corporation) -- C:\windows\SysWow64\TABCTL32.OCX [2017.12.26 15:22:38 | 001,010,720 | R-S- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MSCHRT20.OCX [2017.12.26 15:22:37 | 000,140,488 | R-S- | M] (Microsoft Corporation) -- C:\windows\SysWow64\COMDLG32.OCX [2017.12.26 15:22:31 | 001,070,232 | R-S- | M] (Microsoft Corporation) -- C:\windows\SysWow64\MSCOMCTL.OCX [2017.12.26 14:08:50 | 000,028,272 | ---- | M] () -- C:\windows\SysNative\drivers\TrueSight.sys [2017.12.26 14:08:09 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\RogueKiller.lnk [2017.12.25 20:54:29 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Office Tab Center.lnk [2017.12.25 20:54:28 | 000,001,168 | ---- | M] () -- C:\Users\Public\Desktop\Office Tab Center 2013-16.lnk [2017.12.25 17:32:45 | 000,002,047 | ---- | M] () -- C:\Users\Public\Desktop\ExpressVPN.lnk [2017.12.25 16:57:46 | 000,199,392 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\kneps.sys [2017.12.25 16:57:45 | 001,055,424 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klif.sys [2017.12.25 16:52:40 | 000,135,904 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klwtp.sys [2017.12.25 16:52:29 | 000,117,984 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klbackupflt.sys [2017.12.25 16:51:52 | 000,070,880 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klbackupdisk.sys [2017.12.25 16:44:11 | 000,253,192 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_klark.sys [2017.12.25 16:34:10 | 000,107,680 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_klbg.sys [2017.12.25 16:34:09 | 000,230,312 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_arkmon.sys [2017.12.25 16:34:08 | 000,173,664 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_mark.sys [2017.12.25 16:34:08 | 000,087,584 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klupd_klif_kimul.sys [2017.12.25 16:32:51 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Sicherer Zahlungsverkehr.lnk [2017.12.25 16:31:53 | 000,594,144 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klhk.sys [2017.12.25 16:31:53 | 000,207,576 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\drivers\klflt.sys [2017.12.25 16:31:53 | 000,149,304 | ---- | M] (AO Kaspersky Lab) -- C:\windows\SysNative\klhkum.dll [2017.12.25 16:24:12 | 000,056,296 | ---- | M] () -- C:\Users\Kristian\Documents\gvh.pcapng [2017.12.25 13:50:38 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msclmd.dll [2017.12.25 13:50:36 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msclmd.dll [2017.12.24 23:38:26 | 066,133,788 | ---- | M] () -- C:\Users\Kristian\Documents\6777+.pcapng [2017.12.24 20:35:56 | 000,001,822 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk [2017.12.21 22:26:38 | 002,295,088 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI [2017.12.21 22:26:35 | 000,001,228 | ---- | M] () -- C:\Users\Public\Desktop\VMware Workstation 14 Player.lnk [2017.12.21 22:06:33 | 000,001,404 | ---- | M] () -- C:\Users\Public\Desktop\Bioshock.lnk [2017.12.21 19:42:08 | 000,001,254 | ---- | M] () -- C:\windows\tasks\DropboxUpdateTaskMachineUA.job [2017.12.21 19:42:08 | 000,001,250 | ---- | M] () -- C:\windows\tasks\DropboxUpdateTaskMachineCore.job [2017.12.21 00:15:47 | 000,001,107 | ---- | M] () -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017.12.20 23:51:18 | 000,001,145 | ---- | M] () -- C:\Users\Kristian\Desktop\MEGAsync.lnk [2017.12.20 23:38:13 | 133,326,408 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\MRT-KB890830.exe [2017.12.20 22:25:49 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2017.12.20 22:21:32 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2017.12.20 22:19:53 | 000,000,923 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2017.12.20 22:19:52 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\windows\SysNative\drivers\truecrypt.sys [2017.12.20 22:06:07 | 000,001,823 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2017.12.20 21:12:19 | 000,000,878 | ---- | M] () -- C:\Users\Kristian\Desktop\Start Tor Browser.lnk [2017.12.20 21:11:51 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2017.12.20 20:52:43 | 000,000,926 | ---- | M] () -- C:\Users\Kristian\Desktop\BitTorrent.lnk [2017.12.20 20:45:10 | 000,002,295 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017.12.13 16:43:32 | 000,045,024 | ---- | M] (The OpenVPN Project) -- C:\windows\SysNative\drivers\tapexpressvpn.sys [2017.12.03 23:44:08 | 000,641,696 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\msvcp140.dll [2017.12.03 23:44:08 | 000,389,296 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vccorlib140.dll [2017.12.03 23:44:08 | 000,331,432 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\concrt140.dll [2017.12.03 23:44:08 | 000,087,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\vcruntime140.dll [2017.12.03 23:38:22 | 000,263,856 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\vccorlib140.dll [2017.12.03 23:38:20 | 000,440,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\msvcp140.dll [2017.12.03 23:38:20 | 000,242,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\concrt140.dll [2017.12.03 23:38:20 | 000,083,792 | ---- | M] (Microsoft Corporation) -- C:\windows\SysWow64\vcruntime140.dll [2 C:\windows\*.tmp files -> C:\windows\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] [1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ] ========== Files Created - No Company Name ========== [2018.01.01 17:01:00 | 000,000,860 | ---- | C] () -- C:\Users\Public\Desktop\CloseAll.lnk [2017.12.31 15:24:36 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Notepad++.lnk [2017.12.30 14:53:29 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\DJ Intro.lnk [2017.12.30 13:56:41 | 000,002,519 | ---- | C] () -- C:\Users\Public\Desktop\Serato DJ .lnk [2017.12.30 13:46:32 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arduino.lnk [2017.12.30 13:46:32 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Arduino.lnk [2017.12.30 13:46:31 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_Kernel_silabser_01009.Wdf [2017.12.28 20:13:57 | 000,001,119 | ---- | C] () -- C:\Users\Kristian\Desktop\NetcutDefender.lnk [2017.12.28 20:13:57 | 000,000,046 | ---- | C] () -- C:\Users\Kristian\Desktop\netcutdefender support.url [2017.12.28 20:05:31 | 000,001,019 | ---- | C] () -- C:\Users\Kristian\Desktop\netcut.lnk [2017.12.28 20:05:31 | 000,000,046 | ---- | C] () -- C:\Users\Kristian\Desktop\netcut support.url [2017.12.28 20:05:29 | 000,389,120 | ---- | C] () -- C:\windows\SysWow64\actskn43.ocx [2017.12.26 19:43:41 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2017.12.26 19:12:02 | 000,001,125 | ---- | C] () -- C:\Users\Kristian\Desktop\AutoUpdater.lnk [2017.12.26 19:12:01 | 000,001,063 | ---- | C] () -- C:\Users\Kristian\Desktop\Killing Floor.lnk [2017.12.26 18:42:56 | 000,001,497 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk [2017.12.26 18:26:48 | 000,000,000 | -H-- | C] () -- C:\Users\Kristian\Documents\Default.rdp [2017.12.26 15:23:06 | 000,001,948 | ---- | C] () -- C:\Users\Kristian\Desktop\ICQ.lnk [2017.12.26 15:22:41 | 000,001,240 | ---- | C] () -- C:\Users\Public\Desktop\TMAC v6.lnk [2017.12.26 15:22:08 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pidgin.lnk [2017.12.26 15:05:17 | 000,000,824 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Year Walk.lnk [2017.12.26 15:05:17 | 000,000,812 | ---- | C] () -- C:\Users\Public\Desktop\Year Walk.lnk [2017.12.26 14:08:50 | 000,028,272 | ---- | C] () -- C:\windows\SysNative\drivers\TrueSight.sys [2017.12.26 14:08:09 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\RogueKiller.lnk [2017.12.25 20:54:29 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Office Tab Center.lnk [2017.12.25 20:54:28 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\Office Tab Center 2013-16.lnk [2017.12.25 17:32:42 | 000,002,047 | ---- | C] () -- C:\Users\Public\Desktop\ExpressVPN.lnk [2017.12.25 16:33:02 | 000,002,381 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security.lnk [2017.12.25 16:33:02 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Sicherer Zahlungsverkehr.lnk [2017.12.25 16:24:12 | 000,056,296 | ---- | C] () -- C:\Users\Kristian\Documents\gvh.pcapng [2017.12.24 23:38:23 | 066,133,788 | ---- | C] () -- C:\Users\Kristian\Documents\6777+.pcapng [2017.12.24 20:35:56 | 000,001,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2017.12.24 20:35:56 | 000,001,822 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk [2017.12.23 18:08:31 | 000,002,082 | ---- | C] () -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk [2017.12.21 22:26:35 | 000,001,228 | ---- | C] () -- C:\Users\Public\Desktop\VMware Workstation 14 Player.lnk [2017.12.21 22:06:33 | 000,001,404 | ---- | C] () -- C:\Users\Public\Desktop\Bioshock.lnk [2017.12.21 00:15:47 | 000,001,107 | ---- | C] () -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [2017.12.20 23:55:35 | 000,001,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk [2017.12.20 23:51:18 | 000,001,145 | ---- | C] () -- C:\Users\Kristian\Desktop\MEGAsync.lnk [2017.12.20 23:31:45 | 000,074,716 | ---- | C] () -- C:\windows\SysNative\FeatureToastHeroImg.jpg [2017.12.20 23:31:40 | 000,000,925 | ---- | C] () -- C:\windows\SysNative\Snooze_80.png [2017.12.20 23:31:40 | 000,000,925 | ---- | C] () -- C:\windows\SysNative\Snooze_80.contrast-black.png [2017.12.20 23:31:40 | 000,000,901 | ---- | C] () -- C:\windows\SysNative\Snooze_80.contrast-white.png [2017.12.20 23:31:40 | 000,000,785 | ---- | C] () -- C:\windows\SysNative\RestartNowPower_80.contrast-white.png [2017.12.20 23:31:40 | 000,000,759 | ---- | C] () -- C:\windows\SysNative\RestartNowPower_80.png [2017.12.20 23:31:40 | 000,000,759 | ---- | C] () -- C:\windows\SysNative\RestartNowPower_80.contrast-black.png [2017.12.20 23:31:39 | 000,000,551 | ---- | C] () -- C:\windows\SysNative\ScheduleTime_80.contrast-white.png [2017.12.20 23:31:39 | 000,000,538 | ---- | C] () -- C:\windows\SysNative\ScheduleTime_80.png [2017.12.20 23:31:39 | 000,000,538 | ---- | C] () -- C:\windows\SysNative\ScheduleTime_80.contrast-black.png [2017.12.20 23:31:39 | 000,000,438 | ---- | C] () -- C:\windows\SysNative\OkDone_80.contrast-white.png [2017.12.20 23:31:39 | 000,000,423 | ---- | C] () -- C:\windows\SysNative\OkDone_80.png [2017.12.20 23:31:39 | 000,000,423 | ---- | C] () -- C:\windows\SysNative\OkDone_80.contrast-black.png [2017.12.20 23:31:01 | 000,003,329 | ---- | C] () -- C:\windows\SysWow64\ieuinit.inf [2017.12.20 23:31:01 | 000,003,329 | ---- | C] () -- C:\windows\SysNative\ieuinit.inf [2017.12.20 22:25:49 | 000,001,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2017.12.20 22:25:49 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2017.12.20 22:21:32 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2017.12.20 22:19:53 | 000,000,923 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk [2017.12.20 22:06:07 | 000,001,823 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2017.12.20 22:02:14 | 000,002,535 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2017.12.20 21:12:19 | 000,000,926 | ---- | C] () -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk [2017.12.20 21:12:19 | 000,000,878 | ---- | C] () -- C:\Users\Kristian\Desktop\Start Tor Browser.lnk [2017.12.20 21:11:51 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2017.12.20 20:52:43 | 000,000,926 | ---- | C] () -- C:\Users\Kristian\Desktop\BitTorrent.lnk [2017.12.20 20:45:10 | 000,002,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2017.12.20 20:45:10 | 000,002,295 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2017.12.20 20:44:38 | 000,002,403 | ---- | C] () -- C:\Users\Kristian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk [2017.10.13 15:20:18 | 000,059,904 | ---- | C] () -- C:\windows\SysWow64\xboxgipsynthetic.dll [2017.10.13 15:19:08 | 000,518,144 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll [2017.10.13 08:55:33 | 000,001,156 | ---- | C] () -- C:\windows\PidVid_List.dll [2017.10.13 08:53:59 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe [2017.10.13 08:52:14 | 000,273,696 | ---- | C] () -- C:\windows\SysWow64\vulkan-1.dll [2017.10.13 08:52:14 | 000,111,392 | ---- | C] () -- C:\windows\SysWow64\vulkaninfo.exe [2017.10.13 08:51:57 | 000,248,728 | ---- | C] () -- C:\windows\SysWow64\GameManager32.dll [2017.10.13 08:51:57 | 000,242,072 | ---- | C] () -- C:\windows\SysWow64\hsa-thunk.dll [2017.10.13 08:51:56 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2017.10.13 08:51:56 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2017.10.13 08:51:53 | 000,216,984 | ---- | C] () -- C:\windows\SysWow64\atieah32.exe [2017.10.13 08:51:53 | 000,098,200 | ---- | C] () -- C:\windows\SysWow64\atidxx32.dll [2017.10.13 08:51:49 | 000,229,784 | ---- | C] () -- C:\windows\SysWow64\amdgfxinfo32.dll [2017.07.20 03:24:56 | 000,054,904 | ---- | C] () -- C:\windows\rtl8723d_mp_chip_bt40_fw_asic_rom_patch_new.dll [2017.07.20 03:24:56 | 000,050,920 | ---- | C] () -- C:\windows\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new.dll [2017.07.20 03:24:56 | 000,050,868 | ---- | C] () -- C:\windows\rtl8723b_mp_chip_bt40_fw_asic_rom_patch_new_s1.dll [2017.07.20 03:24:56 | 000,046,196 | ---- | C] () -- C:\windows\rtl8822b_mp_chip_bt40_fw_asic_rom_patch_new.dll [2017.07.20 03:24:56 | 000,039,692 | ---- | C] () -- C:\windows\rtl8821c_mp_chip_bt40_fw_asic_rom_patch_new.dll [2017.04.01 06:38:51 | 002,295,088 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2017.03.18 22:03:42 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT [2017.03.18 22:03:41 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat [2017.03.18 21:58:56 | 000,054,272 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll [2017.03.18 21:58:54 | 000,116,824 | ---- | C] () -- C:\windows\SysWow64\InputHost.dll [2017.03.18 21:58:54 | 000,112,128 | ---- | C] () -- C:\windows\SysWow64\HeatCore.dll [2017.03.18 21:58:54 | 000,086,528 | ---- | C] () -- C:\windows\SysWow64\WindowsDefaultHeatProcessor.dll [2017.03.18 21:58:52 | 003,200,000 | ---- | C] () -- C:\windows\SysWow64\Windows.UI.Input.Inking.Analysis.dll [2017.03.18 21:58:51 | 000,167,640 | ---- | C] () -- C:\windows\SysWow64\chs_singlechar_pinyin.dat [2017.03.18 21:58:48 | 000,002,307 | ---- | C] () -- C:\windows\SysWow64\WimBootCompress.ini [2017.03.18 21:58:39 | 000,307,200 | ---- | C] () -- C:\windows\SysWow64\ssdm.dll [2017.03.18 21:58:37 | 001,859,072 | ---- | C] () -- C:\windows\SysWow64\Windows.Mirage.dll [2017.03.18 21:57:47 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat [2017.03.18 21:57:03 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin [2017.03.18 04:52:39 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat [2017.03.06 10:39:40 | 000,001,375 | ---- | C] () -- C:\windows\SysWow64\tbaseprovisioning.exe.config [2016.12.16 01:33:50 | 000,273,696 | ---- | C] () -- C:\windows\SysWow64\vulkan-1-1-0-37-0.dll [2016.12.16 01:33:18 | 000,111,392 | ---- | C] () -- C:\windows\SysWow64\vulkaninfo-1-1-0-37-0.exe ========== ZeroAccess Check ========== [2017.10.13 05:45:11 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\windows.storage.dll -- [2017.09.30 06:43:47 | 007,318,888 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\windows.storage.dll -- [2017.09.30 03:05:45 | 005,827,744 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2017.03.18 21:57:58 | 000,961,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2017.03.18 21:58:50 | 000,770,560 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2017.03.18 21:57:53 | 000,510,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Files - Unicode (All) ========== [2017.12.26 19:12:01 | 000,001,080 | ---- | M] ()(C:\Users\Kristian\Desktop\??????? ???.lnk) -- C:\Users\Kristian\Desktop\Сменить Ник.lnk [2017.12.26 19:12:01 | 000,001,080 | ---- | C] ()(C:\Users\Kristian\Desktop\??????? ???.lnk) -- C:\Users\Kristian\Desktop\Сменить Ник.lnk |
|
03.03.2018, 13:34
| #4 |
| /// TB-Ausbilder   | pc langsam, komische ruckler, icons refreshen sich von selbst Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Um die Bereinigung möchlichst effektiv und schnell gestalten zu können, bitte ich um Beachtung der folgenden Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Bitte poste mit deiner nächsten Antwort
|
|
06.03.2018, 16:57
| #5 |
| /// TB-Ausbilder | pc langsam, komische ruckler, icons refreshen sich von selbst Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM inklusive Link zum Thema an mich falls du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu pc langsam, komische ruckler, icons refreshen sich von selbst |
| amd, askbar, defender, explorer, format, google, hijack, hintergrund, icons, kaspersky, langsam, logfile, malwarebytes, microsoft, mozilla, pc langsam, programme, realtek, scan, secure, security, svchost.exe, system32, update, usb, windows |
Linear-Darstellung
