Home » Spyware & Browser Hijacker Support Forum » JS/ProxyChanger.CW - wie entfernen?? » Themenansicht

JS/ProxyChanger.CW - wie entfernen??
#0
14.02.2017, 15:44
PadHead
Gesperrt

Beiträge: 3
#1 Habe seit 2 Tagen ein Problem: NOD32 zeigt mir ständig nur an das da was vor sich geht, jedoch keine Einzelheiten, oder wo ich die verantwortliche Datei finden und entfernen kann. Hier Bilder von den Meldungen die ständig kommen, wenn ich den Browser benutze und das LogFile. Kann mir wer einen Tip geben?

[/img]
Seitenanfang Seitenende
14.02.2017, 15:47
PadHead
Gesperrt

Themenstarter

Beiträge: 3
#2




Zitat

OTL logfile created on: 13.02.2017 13:43:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jojo\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17633)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 5,99 Gb Available Physical Memory | 75,80% Memory free
15,80 Gb Paging File | 13,67 Gb Available in Paging File | 86,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 43,85 Gb Total Space | 8,23 Gb Free Space | 18,76% Space Free | Partition Type: NTFS
Drive D: | 403,18 Gb Total Space | 356,77 Gb Free Space | 88,49% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 248,30 Gb Free Space | 53,31% Space Free | Partition Type: NTFS

Computer Name: T400 | User Name: Jojo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2017.02.13 13:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
PRC - [2017.01.18 16:36:42 | 000,023,416 | ---- | M] () -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe
PRC - [2016.04.14 07:08:00 | 001,668,776 | ---- | M] (Lenovo) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
PRC - [2016.04.14 07:08:00 | 000,127,144 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\ThinkPad\Utilities\SCHTASK.exe
PRC - [2014.12.05 16:55:08 | 000,330,696 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPONSCR.exe
PRC - [2014.07.03 12:11:56 | 000,257,008 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\ZOOM\TpScrex.exe
PRC - [2014.05.27 12:10:38 | 000,149,040 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe
PRC - [2014.05.27 12:10:32 | 000,125,488 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe
PRC - [2013.05.29 19:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe
PRC - [2013.05.29 19:24:04 | 000,060,920 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\TpKnrres.exe
PRC - [2013.05.29 19:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]


[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2016.10.17 20:50:52 | 000,184,408 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV:64bit: - [2016.10.17 20:48:26 | 000,711,256 | ---- | M] (Lenovo.) [Auto | Stopped] -- C:\Windows\SysNative\LPlatSvc.exe -- (LPlatSvc)
SRV:64bit: - [2015.01.12 04:34:30 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2012.05.05 00:10:38 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2017.01.21 14:52:11 | 001,484,080 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV - [2017.01.21 14:52:11 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2017.01.21 14:48:11 | 001,074,480 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe -- (FlexNet Licensing Service)
SRV - [2017.01.18 16:36:42 | 000,023,416 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)
SRV - [2016.12.14 09:46:32 | 002,836,296 | ---- | M] (ESET) [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2016.09.20 13:54:54 | 000,324,224 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2016.04.14 07:08:00 | 001,668,776 | ---- | M] (Lenovo) [On_Demand | Running] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE -- (Power Manager DBC Service)
SRV - [2016.04.14 07:08:00 | 000,326,160 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE -- (DozeSvc)
SRV - [2016.02.10 23:51:12 | 000,080,792 | ---- | M] (Dassault Systèmes SolidWorks Corporation) [On_Demand | Stopped] -- D:\Programme\SW2016\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2014.06.10 12:44:50 | 000,125,424 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)
SRV - [2014.05.27 12:10:46 | 000,110,128 | ---- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Programme\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)
SRV - [2014.05.27 12:10:32 | 000,125,488 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)
SRV - [2014.04.12 00:08:08 | 000,103,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2014.03.21 00:49:18 | 000,067,224 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2013.05.29 19:24:10 | 000,062,456 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)
SRV - [2013.05.29 19:23:10 | 000,044,024 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Programme\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)
SRV - [2011.01.24 14:28:10 | 000,915,232 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe -- (btwdins)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2017.01.21 12:16:06 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2016.12.22 15:56:08 | 000,180,544 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2016.12.22 15:56:08 | 000,132,272 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2016.12.22 15:56:08 | 000,106,768 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\edevmon.sys -- (edevmon)
DRV:64bit: - [2016.12.22 15:56:08 | 000,070,960 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2016.10.17 20:48:26 | 000,082,824 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV:64bit: - [2016.04.14 07:08:00 | 000,029,512 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\DZHDD64.SYS -- (DzHDD64)
DRV:64bit: - [2016.04.14 07:08:00 | 000,029,008 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)
DRV:64bit: - [2013.10.02 04:22:44 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2013.10.02 04:22:20 | 000,056,832 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2013.05.22 17:17:54 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)
DRV:64bit: - [2012.08.23 16:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.05.05 02:58:46 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.05.05 02:58:46 | 008,013,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.05.04 23:28:14 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.13 11:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011.10.13 11:05:48 | 010,629,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.04.09 00:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010.04.07 17:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress)
DRV:64bit: - [2010.01.15 14:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.01.15 14:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.01.15 14:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.10.05 18:58:18 | 000,649,216 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.08.07 06:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:31:08 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pnpmem.sys -- (PNPMEM)
DRV:64bit: - [2009.07.14 01:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009.06.23 13:50:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.06.11 18:04:54 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.07 15:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2017.01.18 16:33:24 | 000,034,168 | ---- | M] (Lenovo Group Limited) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\tvsuhd64.sys -- (SWIX64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 7B 94 6F 24 DB 75 D2 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = http://notblocked.net/wpad.dat?b23c27b7ceaec9bb48104178c60915ef25261909


[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: D:\Programme\VLC\npvlc.dll (VideoLAN)



O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKLM..\Run: [PWMTRV] C:\Program Files (x86)\ThinkPad\Utilities\PWMTR64V.DLL (Lenovo Group Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe File not found
O4 - Startup: C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: eset.com ([help] http in Trusted sites)
O15 - HKLM\..Trusted Domains: eset.com ([help] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.16.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD8C924-07AE-4EE9-ADDF-1D667E317CBA}: DhcpNameServer = 192.168.16.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b53f0baa-dfc2-11e6-80c6-0016eab379f8}\Shell - "" = AutoRun
O33 - MountPoints2\{b53f0baa-dfc2-11e6-80c6-0016eab379f8}\Shell\AutoRun\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2017.02.13 13:42:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
[2017.02.13 13:21:04 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jojo\Desktop\HijackThis.exe
[2017.02.13 04:41:38 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017.02.13 04:02:42 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\Updater
[2017.02.13 04:01:06 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2017.02.13 04:00:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2017.02.13 04:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2017.02.13 04:00:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2017.02.13 04:00:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2017.02.13 02:33:46 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\ESET
[2017.02.08 04:50:50 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\GomPlayer
[2017.02.07 18:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2017.01.23 22:11:09 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Tracing
[2017.01.23 22:11:05 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Skype
[2017.01.23 22:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2017.01.23 22:11:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2017.01.23 22:11:01 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2017.01.23 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2017.01.21 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Luxology
[2017.01.21 17:18:16 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Kits
[2017.01.21 16:30:34 | 000,316,104 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\PROUnstl.exe
[2017.01.21 16:30:24 | 000,290,008 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\e1y62x64.sys
[2017.01.21 16:30:24 | 000,121,440 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\e1000msg.dll
[2017.01.21 16:30:24 | 000,078,016 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicInstY.dll
[2017.01.21 16:30:24 | 000,036,472 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\NicCo36.dll
[2017.01.21 16:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Broadcom
[2017.01.21 16:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\Bluetooth-Exchange-Ordner
[2017.01.21 16:27:46 | 000,132,648 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2017.01.21 16:27:46 | 000,098,344 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2017.01.21 16:27:46 | 000,035,104 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2017.01.21 16:27:46 | 000,021,288 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2017.01.21 16:27:35 | 000,000,000 | ---D | C] -- C:\Program Files\ThinkPad
[2017.01.21 16:27:24 | 000,054,824 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btusbflt.sys
[2017.01.21 15:57:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bose Updater
[2017.01.21 15:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2017.01.21 15:43:36 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\ElevatedDiagnostics
[2017.01.21 15:23:18 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2017.01.21 15:12:33 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\SW Log Files
[2017.01.21 15:12:22 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\SOLIDWORKSComposer
[2017.01.21 15:12:21 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\TempSWSicherungsverzeichnis
[2017.01.21 15:12:05 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\SolidWorks
[2017.01.21 15:07:24 | 000,000,000 | ---D | C] -- C:\ProgramData\COSMOS Applications
[2017.01.21 15:07:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SOLIDWORKS Flow Simulation
[2017.01.21 15:04:29 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\SOLIDWORKS Visual Studio Tools for Applications
[2017.01.21 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\DassaultSystemes
[2017.01.21 15:04:24 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\DassaultSystemes
[2017.01.21 15:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes
[2017.01.21 14:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2016
[2017.01.21 14:53:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2017.01.21 14:53:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SOLIDWORKS Shared
[2017.01.21 14:53:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SOLIDWORKS
[2017.01.21 14:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SOLIDWORKS Shared
[2017.01.21 14:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2017.01.21 14:50:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
[2017.01.21 14:50:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Kits
[2017.01.21 14:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2017.01.21 14:50:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2017.01.21 14:50:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2017.01.21 14:49:38 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\Visual Studio 2005
[2017.01.21 14:49:36 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Microsoft Help
[2017.01.21 14:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2017.01.21 14:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2017.01.21 14:48:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2017.01.21 14:48:13 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2017.01.21 14:48:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2017.01.21 14:44:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS Installations-Manager
[2017.01.21 14:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SOLIDWORKS Installations-Manager
[2017.01.21 14:44:12 | 000,000,000 | ---D | C] -- C:\Users\Jojo\Documents\SOLIDWORKS Downloads
[2017.01.21 14:44:12 | 000,000,000 | ---D | C] -- C:\Windows\SolidWorks
[2017.01.21 14:44:08 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\SOLIDWORKS
[2017.01.21 12:21:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2017.01.21 12:16:08 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\ESET
[2017.01.21 12:16:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2017.01.21 12:15:02 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\DAEMON Tools Lite
[2017.01.21 12:14:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2017.01.21 02:52:33 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\WinRAR
[2017.01.21 02:52:11 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017.01.21 02:52:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2017.01.21 02:29:52 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\vlc
[2017.01.21 02:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2017.01.21 02:12:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2017.01.21 02:08:51 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Macromedia
[2017.01.21 01:21:31 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
[2017.01.21 01:14:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2017.01.21 01:00:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2017.01.21 01:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2017.01.21 00:52:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2017.01.20 22:41:14 | 000,802,904 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017.01.20 22:41:14 | 000,144,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017.01.20 22:41:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2017.01.20 22:41:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2017.01.20 22:40:30 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Adobe
[2017.01.20 21:13:53 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\http___www.julien-manici
[2017.01.20 20:28:39 | 000,124,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2017.01.20 20:28:39 | 000,103,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2017.01.20 20:14:12 | 005,551,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2017.01.20 20:14:12 | 003,998,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2017.01.20 20:14:12 | 001,732,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2017.01.20 20:14:11 | 003,943,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2017.01.20 20:14:11 | 002,084,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2017.01.20 20:14:11 | 001,163,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2017.01.20 20:14:11 | 000,880,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2017.01.20 20:14:11 | 000,706,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2017.01.20 20:14:11 | 000,634,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2017.01.20 20:14:11 | 000,631,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2017.01.20 20:14:11 | 000,546,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2017.01.20 20:14:11 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2017.01.20 20:14:11 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2017.01.20 20:14:11 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2017.01.20 20:14:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2017.01.20 20:14:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2017.01.20 20:14:11 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2017.01.20 20:14:11 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidpolicyconverter.exe
[2017.01.20 20:14:10 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rstrui.exe
[2017.01.20 20:14:10 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2017.01.20 20:14:10 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setbcdlocale.dll
[2017.01.20 20:14:10 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidapi.dll
[2017.01.20 20:14:10 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\appidapi.dll
[2017.01.20 20:14:10 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srclient.dll
[2017.01.20 20:14:10 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2017.01.20 20:14:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2017.01.20 20:14:10 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\appidcertstorecheck.exe
[2017.01.20 20:14:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2017.01.20 20:14:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2017.01.20 20:14:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2017.01.20 20:14:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2017.01.20 20:14:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2017.01.20 20:14:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2017.01.20 20:14:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2017.01.20 20:14:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2017.01.20 20:14:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2017.01.20 20:14:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2017.01.20 20:14:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2017.01.20 20:14:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2017.01.20 20:14:09 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2017.01.20 20:14:09 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2017.01.20 20:14:09 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2017.01.20 20:14:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2017.01.20 20:14:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2017.01.20 20:14:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2017.01.20 20:14:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2017.01.20 20:14:09 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2017.01.20 20:14:09 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2017.01.20 20:14:06 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2017.01.20 20:14:06 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2017.01.20 20:14:06 | 001,307,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2adec.dll
[2017.01.20 20:14:06 | 001,232,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOD.DLL
[2017.01.20 20:14:06 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOD.DLL
[2017.01.20 20:14:06 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2adec.dll
[2017.01.20 20:14:05 | 004,121,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2017.01.20 20:14:05 | 003,209,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2017.01.20 20:14:05 | 001,573,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2017.01.20 20:14:05 | 001,160,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSMPEG2ENC.DLL
[2017.01.20 20:14:05 | 001,153,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMADMOE.DLL
[2017.01.20 20:14:05 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mcmde.dll
[2017.01.20 20:14:05 | 000,902,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOD.DLL
[2017.01.20 20:14:05 | 000,829,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSMPEG2ENC.DLL
[2017.01.20 20:14:05 | 000,815,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMADMOE.DLL
[2017.01.20 20:14:05 | 000,739,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOD.DLL
[2017.01.20 20:14:05 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSDECD.DLL
[2017.01.20 20:14:05 | 000,541,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSDECD.DLL
[2017.01.20 20:14:04 | 001,955,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVENCOD.DLL
[2017.01.20 20:14:04 | 001,575,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMSPDMOE.DLL
[2017.01.20 20:14:04 | 001,568,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVENCOD.DLL
[2017.01.20 20:14:04 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2017.01.20 20:14:04 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2017.01.20 20:14:04 | 000,740,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2017.01.20 20:14:04 | 000,665,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVXENCD.DLL
[2017.01.20 20:14:04 | 000,653,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
[2017.01.20 20:14:04 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVXENCD.DLL
[2017.01.20 20:14:04 | 000,632,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\evr.dll
[2017.01.20 20:14:04 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2017.01.20 20:14:04 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\evr.dll
[2017.01.20 20:14:04 | 000,484,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFWMAAEC.DLL
[2017.01.20 20:14:04 | 000,447,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVSENCD.DLL
[2017.01.20 20:14:04 | 000,432,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfplat.dll
[2017.01.20 20:14:04 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfplat.dll
[2017.01.20 20:14:04 | 000,292,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\VIDRESZR.DLL
[2017.01.20 20:14:04 | 000,225,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RESAMPLEDMO.DLL
[2017.01.20 20:14:04 | 000,224,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MPG4DECD.DLL
[2017.01.20 20:14:04 | 000,223,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP43DECD.DLL
[2017.01.20 20:14:04 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\COLORCNV.DLL
[2017.01.20 20:14:04 | 000,153,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COLORCNV.DLL
[2017.01.20 20:14:04 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\devenum.dll
[2017.01.20 20:14:04 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devenum.dll
[2017.01.20 20:14:03 | 002,777,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2017.01.20 20:14:03 | 002,285,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2017.01.20 20:14:03 | 001,325,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMSPDMOE.DLL
[2017.01.20 20:14:03 | 000,609,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFWMAAEC.DLL
[2017.01.20 20:14:03 | 000,415,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
[2017.01.20 20:14:03 | 000,378,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SysFxUI.dll
[2017.01.20 20:14:03 | 000,371,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2017.01.20 20:14:03 | 000,358,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVSENCD.DLL
[2017.01.20 20:14:03 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qasf.dll
[2017.01.20 20:14:03 | 000,250,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksproxy.ax
[2017.01.20 20:14:03 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MPG4DECD.DLL
[2017.01.20 20:14:03 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP43DECD.DLL
[2017.01.20 20:14:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RESAMPLEDMO.DLL
[2017.01.20 20:14:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qasf.dll
[2017.01.20 20:14:03 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2017.01.20 20:14:03 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ksproxy.ax
[2017.01.20 20:14:03 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VIDRESZR.DLL
[2017.01.20 20:14:03 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfps.dll
[2017.01.20 20:14:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP3DMOD.DLL
[2017.01.20 20:14:03 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP3DMOD.DLL
[2017.01.20 20:14:03 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfvdsp.dll
[2017.01.20 20:14:03 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rrinstaller.exe
[2017.01.20 20:14:03 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfvdsp.dll
[2017.01.20 20:14:03 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rrinstaller.exe
[2017.01.20 20:14:02 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\portcls.sys
[2017.01.20 20:14:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\drmk.sys
[2017.01.20 20:14:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfpmp.exe
[2017.01.20 20:14:02 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfpmp.exe
[2017.01.20 20:14:02 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ksuser.dll
[2017.01.20 20:14:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mferror.dll
[2017.01.20 20:14:02 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mferror.dll
[2017.01.20 20:14:01 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll
[2017.01.20 20:14:01 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll
[2017.01.20 20:13:55 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2017.01.20 20:13:55 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2017.01.20 20:13:55 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2017.01.20 20:13:55 | 000,535,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2017.01.20 20:13:54 | 000,159,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mtxoci.dll
[2017.01.20 20:13:53 | 000,176,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msorcl32.dll
[2017.01.20 20:13:53 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mtxoci.dll
[2017.01.20 20:13:39 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmmsp.dll
[2017.01.20 20:13:25 | 000,052,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\basesrv.dll
[2017.01.20 20:13:10 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
[2017.01.20 20:13:09 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samlib.dll
[2017.01.20 20:11:43 | 001,866,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2017.01.20 20:11:42 | 001,498,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2017.01.20 20:11:41 | 007,077,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2017.01.20 20:11:41 | 000,429,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2017.01.20 20:11:40 | 006,131,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2017.01.20 20:11:39 | 001,057,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdvidcrl.dll
[2017.01.20 20:11:39 | 000,856,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdvidcrl.dll
[2017.01.20 20:11:39 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2017.01.20 20:11:39 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2017.01.20 20:11:38 | 003,169,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2017.01.20 20:11:38 | 000,709,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2017.01.20 20:11:38 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll
[2017.01.20 20:11:38 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2017.01.20 20:11:38 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll
[2017.01.20 20:11:38 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2017.01.20 20:11:38 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2017.01.20 20:11:38 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll
[2017.01.20 20:11:38 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WinSetupUI.dll
[2017.01.20 20:11:38 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2017.01.20 20:11:38 | 000,037,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2017.01.20 20:11:38 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2017.01.20 20:11:38 | 000,035,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe
[2017.01.20 20:11:38 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wups.dll
[2017.01.20 20:11:38 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wu.upgrade.ps.dll
[2017.01.20 20:11:36 | 001,648,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2017.01.20 20:11:35 | 000,372,736 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2017.01.20 20:11:35 | 000,299,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2017.01.20 20:11:34 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2017.01.20 20:11:34 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2017.01.20 20:11:34 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2017.01.20 20:11:34 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2017.01.20 20:11:34 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lpk.dll
[2017.01.20 20:11:34 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2017.01.20 20:11:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dciman32.dll
[2017.01.20 20:11:32 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2017.01.20 20:11:32 | 001,212,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2017.01.20 20:11:32 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\adtschema.dll
[2017.01.20 20:11:32 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adtschema.dll
[2017.01.20 20:11:32 | 000,463,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certcli.dll
[2017.01.20 20:11:32 | 000,342,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certcli.dll
[2017.01.20 20:11:32 | 000,312,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2017.01.20 20:11:32 | 000,297,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\bcryptprimitives.dll
[2017.01.20 20:11:32 | 000,249,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\bcryptprimitives.dll
[2017.01.20 20:11:32 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpchttp.dll
[2017.01.20 20:11:32 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msaudite.dll
[2017.01.20 20:11:32 | 000,146,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msaudite.dll
[2017.01.20 20:11:32 | 000,141,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rpchttp.dll
[2017.01.20 20:11:32 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2017.01.20 20:11:32 | 000,064,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\auditpol.exe
[2017.01.20 20:11:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptbase.dll
[2017.01.20 20:11:32 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2017.01.20 20:11:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msobjs.dll
[2017.01.20 20:11:31 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msobjs.dll
[2017.01.20 20:11:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\auditpol.exe
[2017.01.20 20:11:31 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2017.01.20 20:11:30 | 000,647,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2017.01.20 20:11:29 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2017.01.20 20:11:27 | 003,242,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2017.01.20 20:11:27 | 001,941,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2017.01.20 20:11:27 | 001,805,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2017.01.20 20:11:27 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msihnd.dll
[2017.01.20 20:11:27 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msihnd.dll
[2017.01.20 20:11:27 | 000,112,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2017.01.20 20:11:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msimsg.dll
[2017.01.20 20:11:27 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msimsg.dll
[2017.01.20 20:11:20 | 000,793,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
[2017.01.20 20:11:20 | 000,591,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
[2017.01.20 20:11:20 | 000,373,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\polstore.dll
[2017.01.20 20:11:20 | 000,274,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\polstore.dll
[2017.01.20 20:11:20 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winipsec.dll
[2017.01.20 20:11:20 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpapi.dll
[2017.01.20 20:11:20 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FwRemoteSvr.dll
[2017.01.20 20:11:20 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winipsec.dll
[2017.01.20 20:11:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FwRemoteSvr.dll
[2017.01.20 20:11:20 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpscript.dll
[2017.01.20 20:11:20 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpscript.dll
[2017.01.20 20:11:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpscript.exe
[2017.01.20 20:11:20 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpscript.exe
[2017.01.20 20:06:09 | 000,624,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll
[2017.01.20 20:06:09 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll
[2017.01.20 20:06:09 | 000,146,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rmcast.sys
[2017.01.20 20:06:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wshrm.dll
[2017.01.20 20:06:09 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wshrm.dll
[2017.01.20 20:06:08 | 000,275,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\InkEd.dll
[2017.01.20 20:06:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\InkEd.dll
[2017.01.20 20:06:07 | 000,802,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2017.01.20 20:06:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2017.01.20 20:06:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2017.01.20 20:06:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml6r.dll
[2017.01.20 20:06:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml6r.dll
[2017.01.20 20:06:05 | 003,180,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2017.01.20 20:06:05 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2017.01.20 20:06:05 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfds.dll
[2017.01.20 20:06:05 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfds.dll
[2017.01.20 20:06:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2017.01.20 20:06:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2017.01.20 20:05:55 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\notepad.exe
[2017.01.20 20:05:44 | 000,970,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2017.01.20 20:05:44 | 000,756,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2017.01.20 20:05:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2017.01.20 20:05:44 | 000,344,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.dll
[2017.01.20 20:05:44 | 000,297,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.dll
[2017.01.20 20:05:44 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
[2017.01.20 20:05:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntprint.exe
[2017.01.20 20:05:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntprint.exe
[2017.01.20 20:05:44 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpnpinst.exe
[2017.01.20 20:05:44 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetppui.dll
[2017.01.20 20:05:40 | 001,735,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comsvcs.dll
[2017.01.20 20:05:40 | 001,242,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\comsvcs.dll
[2017.01.20 20:05:40 | 000,525,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\catsrvut.dll
[2017.01.20 20:05:40 | 000,487,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\catsrvut.dll
[2017.01.20 20:05:39 | 000,296,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ws2_32.dll
[2017.01.20 20:05:39 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netbtugc.exe
[2017.01.20 20:05:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netbtugc.exe
[2017.01.20 20:05:32 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\services.exe
[2017.01.20 20:05:22 | 000,264,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2017.01.20 20:05:22 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2017.01.20 20:05:21 | 000,254,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cewmdm.dll
[2017.01.20 20:05:21 | 000,210,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cewmdm.dll
[2017.01.20 20:05:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapistub.dll
[2017.01.20 20:05:21 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mapi32.dll
[2017.01.20 20:05:21 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mapistub.dll
[2017.01.20 20:05:21 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jnwmon.dll
[2017.01.20 20:05:21 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fixmapi.exe
[2017.01.20 20:05:21 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fixmapi.exe
[2017.01.20 20:03:54 | 001,424,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2017.01.20 20:03:21 | 000,241,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\els.dll
[2017.01.20 20:03:21 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\els.dll
[2017.01.20 20:03:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\clfsw32.dll
[2017.01.20 20:03:18 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\clfsw32.dll
[2017.01.20 20:03:02 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2017.01.20 20:03:02 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2017.01.20 19:22:52 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\PwrMgr
[2017.01.20 19:22:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Lenovo
[2017.01.20 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Lenovo
[2017.01.20 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\ATI
[2017.01.20 18:47:51 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\ATI
[2017.01.20 18:47:51 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2017.01.20 18:41:53 | 000,371,200 | ---- | C] (Sonix) -- C:\Windows\SysNative\vsnp2uvc.dll
[2017.01.20 18:41:53 | 000,301,568 | ---- | C] (Sonix) -- C:\Windows\SysWow64\vsnp2uvc.dll
[2017.01.20 18:41:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SNP2UVC
[2017.01.20 18:41:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Integrated Camera
[2017.01.20 18:41:38 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\InstallShield
[2017.01.20 18:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2017.01.20 18:40:48 | 000,398,848 | ---- | C] (Conexant Systems, Inc.) -- C:\Windows\SysNative\UCI64A42.dll
[2017.01.20 18:40:47 | 001,811,968 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\CX64TP17.dll
[2017.01.20 18:40:47 | 000,649,216 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\drivers\CHDRT64.sys
[2017.01.20 18:40:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2017.01.20 18:39:29 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2017.01.20 18:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2017.01.20 18:39:27 | 015,546,880 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\ig4icd64.dll
[2017.01.20 18:39:27 | 010,629,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdpmd64.sys
[2017.01.20 18:39:27 | 010,629,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\igdkmd64.sys
[2017.01.20 18:39:27 | 006,549,504 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igdumd64.dll
[2017.01.20 18:39:27 | 004,722,176 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igd10umd64.dll
[2017.01.20 18:39:27 | 004,411,392 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igd10umd32.dll
[2017.01.20 18:39:27 | 000,830,464 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxress.dll
[2017.01.20 18:39:27 | 000,571,904 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igdumdx32.dll
[2017.01.20 18:39:27 | 000,510,232 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.exe
[2017.01.20 18:39:27 | 000,417,560 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpers.exe
[2017.01.20 18:39:27 | 000,380,416 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxTMM.dll
[2017.01.20 18:39:27 | 000,272,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdev.dll
[2017.01.20 18:39:27 | 000,244,224 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxpph.dll
[2017.01.20 18:39:27 | 000,228,864 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxdv32.dll
[2017.01.20 18:39:27 | 000,224,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxext.exe
[2017.01.20 18:39:27 | 000,208,896 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhsip32.dll
[2017.01.20 18:39:27 | 000,206,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhsip64.dll
[2017.01.20 18:39:27 | 000,188,416 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\iglhcp64.dll
[2017.01.20 18:39:27 | 000,162,584 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxtray.exe
[2017.01.20 18:39:27 | 000,147,456 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\iglhcp32.dll
[2017.01.20 18:39:27 | 000,142,336 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxdo.dll
[2017.01.20 18:39:27 | 000,122,368 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxcpl.cpl
[2017.01.20 18:39:27 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfra.lrc
[2017.01.20 18:39:27 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxresn.lrc
[2017.01.20 18:39:27 | 000,088,576 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrell.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsky.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrrus.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptg.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrplk.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnld.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrita.lrc
[2017.01.20 18:39:27 | 000,088,064 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdeu.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtrk.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrsve.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrslv.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrptb.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrnor.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrhun.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrfin.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrenu.lrc
[2017.01.20 18:39:27 | 000,087,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcsy.lrc
[2017.01.20 18:39:27 | 000,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrtha.lrc
[2017.01.20 18:39:27 | 000,087,040 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrdan.lrc
[2017.01.20 18:39:27 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrheb.lrc
[2017.01.20 18:39:27 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrara.lrc
[2017.01.20 18:39:27 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrkor.lrc
[2017.01.20 18:39:27 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrjpn.lrc
[2017.01.20 18:39:27 | 000,083,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrcht.lrc
[2017.01.20 18:39:27 | 000,083,968 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxrchs.lrc
[2017.01.20 18:39:27 | 000,061,952 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxsrvc.dll
[2017.01.20 18:39:27 | 000,027,648 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\igfxexps.dll
[2017.01.20 18:39:27 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igfxexps32.dll
[2017.01.20 18:39:26 | 021,422,592 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atio6axx.dll
[2017.01.20 18:39:26 | 016,281,600 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atioglxx.dll
[2017.01.20 18:39:26 | 011,405,312 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\ig4icd32.dll
[2017.01.20 18:39:26 | 008,013,312 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\atikmdag.sys
[2017.01.20 18:39:26 | 006,815,744 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticaldd64.dll
[2017.01.20 18:39:26 | 005,442,048 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticaldd.dll
[2017.01.20 18:39:26 | 005,219,328 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atiumd64.dll
[2017.01.20 18:39:26 | 004,744,704 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\atidxx64.dll
[2017.01.20 18:39:26 | 004,094,976 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atiumdag.dll
[2017.01.20 18:39:26 | 004,020,736 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\atidxx32.dll
[2017.01.20 18:39:26 | 003,460,096 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiumdva.dll
[2017.01.20 18:39:26 | 003,221,504 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiumd6a.dll
[2017.01.20 18:39:26 | 003,157,784 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\GfxUI.exe
[2017.01.20 18:39:26 | 000,645,120 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysNative\aticfx64.dll
[2017.01.20 18:39:26 | 000,547,328 | ---- | C] (ATI Technologies Inc. ) -- C:\Windows\SysWow64\aticfx32.dll
[2017.01.20 18:39:26 | 000,478,208 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2017.01.20 18:39:26 | 000,450,560 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\ATIDEMGX.dll
[2017.01.20 18:39:26 | 000,423,424 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atipdl64.dll
[2017.01.20 18:39:26 | 000,386,840 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hkcmd.exe
[2017.01.20 18:39:26 | 000,356,352 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\atipdlxx.dll
[2017.01.20 18:39:26 | 000,349,184 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiadlxx.dll
[2017.01.20 18:39:26 | 000,287,232 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\drivers\atikmpag.sys
[2017.01.20 18:39:26 | 000,249,856 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysWow64\atiadlxy.dll
[2017.01.20 18:39:26 | 000,203,776 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2017.01.20 18:39:26 | 000,143,360 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atiapfxx.exe
[2017.01.20 18:39:26 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2017.01.20 18:39:26 | 000,119,808 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\gfxSrvc.dll
[2017.01.20 18:39:26 | 000,118,784 | ---- | C] (Advanced Micro Devices, Inc.) -- C:\Windows\SysNative\atibtmon.exe
[2017.01.20 18:39:26 | 000,108,544 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\hccutils.dll
[2017.01.20 18:39:26 | 000,059,392 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysNative\atiedu64.dll
[2017.01.20 18:39:26 | 000,058,880 | ---- | C] (AMD) -- C:\Windows\SysNative\coinst.dll
[2017.01.20 18:39:26 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atimpc64.dll
[2017.01.20 18:39:26 | 000,053,760 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\amdpcom64.dll
[2017.01.20 18:39:26 | 000,053,248 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\ati2erec.dll
[2017.01.20 18:39:26 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atimpc32.dll
[2017.01.20 18:39:26 | 000,052,736 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\amdpcom32.dll
[2017.01.20 18:39:26 | 000,051,200 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalrt64.dll
[2017.01.20 18:39:26 | 000,046,080 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalrt.dll
[2017.01.20 18:39:26 | 000,044,544 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysNative\aticalcl64.dll
[2017.01.20 18:39:26 | 000,044,032 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Windows\SysWow64\aticalcl.dll
[2017.01.20 18:39:26 | 000,043,520 | ---- | C] (ATI Technologies, Inc.) -- C:\Windows\SysWow64\ati2edxx.dll
[2017.01.20 18:39:26 | 000,039,936 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiuxp64.dll
[2017.01.20 18:39:26 | 000,037,888 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atiu9p64.dll
[2017.01.20 18:39:26 | 000,031,744 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6txx.dll
[2017.01.20 18:39:26 | 000,030,720 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiuxpag.dll
[2017.01.20 18:39:26 | 000,028,672 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiu9pag.dll
[2017.01.20 18:39:26 | 000,027,136 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atigktxx.dll
[2017.01.20 18:39:26 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2017.01.20 18:39:26 | 000,014,848 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysNative\atig6pxx.dll
[2017.01.20 18:39:26 | 000,012,800 | ---- | C] (Advanced Micro Devices, Inc. ) -- C:\Windows\SysWow64\atiglpxx.dll
[2017.01.20 18:38:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2017.01.20 18:38:38 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2017.01.20 18:38:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2017.01.20 18:38:37 | 000,989,720 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\heciudlg.exe
[2017.01.20 18:38:36 | 000,056,344 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2017.01.20 18:38:36 | 000,000,000 | ---D | C] -- C:\Intel
[2017.01.20 18:38:28 | 000,408,600 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\iaStor.sys
[2017.01.20 18:37:59 | 002,692,776 | ---- | C] (Lenovo Group Limited) -- C:\Windows\PWMBTHLV.EXE
[2017.01.20 18:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ThinkPad
[2017.01.20 18:37:48 | 002,872,488 | ---- | C] (Lenovo Group Limited) -- C:\Windows\SysNative\PWMCP64V.cpl
[2017.01.20 18:37:48 | 000,029,512 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\drivers\DZHDD64.SYS
[2017.01.20 18:37:48 | 000,029,008 | ---- | C] (Lenovo Group Limited) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS
[2017.01.20 18:37:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2017.01.20 18:37:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo
[2017.01.20 18:37:11 | 000,015,472 | ---- | C] (Lenovo Group Limited) -- C:\Windows\SysNative\drivers\smiifx64.sys
[2017.01.20 18:37:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2017.01.20 18:36:51 | 000,711,256 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\LPlatSvc.exe
[2017.01.20 18:36:51 | 000,184,408 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\ibmpmsvc.exe
[2017.01.20 18:36:51 | 000,082,824 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys
[2017.01.20 18:36:51 | 000,058,456 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\tpinspm.dll
[2017.01.20 18:36:50 | 000,088,152 | ---- | C] (Lenovo.) -- C:\Windows\SysNative\ibmpmctl.exe
[2017.01.20 18:23:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
[2017.01.20 18:23:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Lenovo
[2017.01.20 18:22:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lenovo
[2017.01.20 18:22:38 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Programs
[2017.01.20 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Opera Software
[2017.01.20 17:59:00 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Opera Software
[2017.01.20 17:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2017.01.20 17:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
[2017.01.20 17:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2017.01.20 17:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2017.01.20 17:47:43 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2017.01.20 17:47:22 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\AppData\Local\EmieUserList
[2017.01.20 17:47:22 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\AppData\Local\EmieSiteList
[2017.01.20 17:47:22 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\AppData\Local\EmieBrowserModeList
[2017.01.20 17:46:47 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Adobe
[2017.01.20 17:46:46 | 000,000,000 | R--D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2017.01.20 17:46:46 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Searches
[2017.01.20 17:46:46 | 000,000,000 | R--D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2017.01.20 17:46:40 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Identities
[2017.01.20 17:46:39 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Contacts
[2017.01.20 17:46:39 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\VirtualStore
[2017.01.20 17:46:37 | 000,000,000 | --SD | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Videos
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Saved Games
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Pictures
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Music
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Links
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Favorites
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Downloads
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Documents
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\Desktop
[2017.01.20 17:46:37 | 000,000,000 | R--D | C] -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Vorlagen
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\AppData\Local\Verlauf
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\AppData\Local\Temporary Internet Files
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Startmenü
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\SendTo
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Recent
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Netzwerkumgebung
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Lokale Einstellungen
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Documents\Eigene Videos
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Documents\Eigene Musik
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Eigene Dateien
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Documents\Eigene Bilder
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Druckumgebung
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Cookies
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\AppData\Local\Anwendungsdaten
[2017.01.20 17:46:37 | 000,000,000 | -HSD | C] -- C:\Users\Jojo\Anwendungsdaten
[2017.01.20 17:46:37 | 000,000,000 | -H-D | C] -- C:\Users\Jojo\AppData
[2017.01.20 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Temp
[2017.01.20 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Local\Microsoft
[2017.01.20 17:46:37 | 000,000,000 | ---D | C] -- C:\Users\Jojo\AppData\Roaming\Media Center Programs
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Recovery
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Programme
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2017.01.20 17:46:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2017.01.20 17:42:42 | 000,000,000 | ---D | C] -- C:\Windows\CSC
[2017.01.20 17:42:33 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2017.02.13 13:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jojo\Desktop\OTL.exe
[2017.02.13 13:21:05 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jojo\Desktop\HijackThis.exe
[2017.02.13 13:05:51 | 000,565,850 | ---- | M] () -- C:\Users\Jojo\Desktop\0df9f52e-2680-4eee-be00-526851354d99.PNG._CB523813079_.png
[2017.02.13 12:58:49 | 000,021,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2017.02.13 12:58:49 | 000,021,584 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2017.02.13 12:57:21 | 001,618,320 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2017.02.13 12:57:21 | 000,698,926 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2017.02.13 12:57:21 | 000,653,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2017.02.13 12:57:21 | 000,149,034 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2017.02.13 12:57:21 | 000,121,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2017.02.13 12:52:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2017.02.13 12:52:28 | 2065,715,199 | -HS- | M] () -- C:\hiberfil.sys
[2017.02.13 04:45:50 | 000,457,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2017.02.13 04:02:23 | 000,001,605 | ---- | M] () -- C:\Users\Jojo\Desktop\Adobe Photoshop CS2.lnk
[2017.02.13 04:01:09 | 000,001,381 | ---- | M] () -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2017.01.26 11:35:07 | 000,084,320 | ---- | M] () -- C:\Users\Jojo\Desktop\Magengroesse.jpg
[2017.01.26 11:34:20 | 000,032,522 | ---- | M] () -- C:\Users\Jojo\Desktop\Trinkmengen-des-Saeuglings-im-ersten-Jahr-294x300.jpg
[2017.01.25 01:35:52 | 000,025,586 | ---- | M] () -- C:\Users\Jojo\Desktop\chickenrun.jpg
[2017.01.23 22:11:03 | 000,002,699 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2017.01.21 16:27:49 | 000,000,890 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2017.01.21 15:06:45 | 000,002,887 | ---- | M] () -- C:\Users\Public\Desktop\SOLIDWORKS Composer Player 2016 - x64 Edition.lnk
[2017.01.21 15:06:45 | 000,002,751 | ---- | M] () -- C:\Users\Public\Desktop\SOLIDWORKS Composer Sync 2016 x64 Edition.lnk
[2017.01.21 15:06:45 | 000,002,741 | ---- | M] () -- C:\Users\Public\Desktop\SOLIDWORKS Composer 2016 x64 Edition.lnk
[2017.01.21 14:55:48 | 000,002,757 | ---- | M] () -- C:\Users\Public\Desktop\SOLIDWORKS 2016 x64 Edition.lnk
[2017.01.21 14:55:48 | 000,002,727 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk
[2017.01.21 12:16:06 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2017.01.21 03:01:42 | 000,001,605 | ---- | M] () -- C:\Users\Public\Desktop\Lightroom 5.7 64-Bit.lnk
[2017.01.21 01:58:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2017.01.21 01:21:31 | 000,000,823 | ---- | M] () -- C:\Users\Jojo\Desktop\JDownloader 2.lnk
[2017.01.21 01:12:18 | 000,007,600 | ---- | M] () -- C:\Users\Jojo\AppData\Local\Resmon.ResmonCfg
[2017.01.20 22:41:14 | 000,802,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2017.01.20 22:41:14 | 000,144,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2017.01.20 18:39:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2017.01.20 17:44:00 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2017.01.20 17:44:00 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2017.01.20 17:43:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2017.02.13 13:05:51 | 000,565,850 | ---- | C] () -- C:\Users\Jojo\Desktop\0df9f52e-2680-4eee-be00-526851354d99.PNG._CB523813079_.png
[2017.02.13 04:02:23 | 000,001,605 | ---- | C] () -- C:\Users\Jojo\Desktop\Adobe Photoshop CS2.lnk
[2017.02.13 04:01:16 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk
[2017.02.13 04:01:09 | 000,001,381 | ---- | C] () -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2017.02.13 04:00:57 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk
[2017.02.13 04:00:35 | 000,001,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2017.02.13 04:00:35 | 000,001,600 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2017.02.13 02:47:42 | 000,001,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2017.01.26 11:35:07 | 000,084,320 | ---- | C] () -- C:\Users\Jojo\Desktop\Magengroesse.jpg
[2017.01.26 11:34:20 | 000,032,522 | ---- | C] () -- C:\Users\Jojo\Desktop\Trinkmengen-des-Saeuglings-im-ersten-Jahr-294x300.jpg
[2017.01.25 01:35:52 | 000,025,586 | ---- | C] () -- C:\Users\Jojo\Desktop\chickenrun.jpg
[2017.01.23 22:11:03 | 000,002,699 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2017.01.21 16:30:34 | 000,001,904 | ---- | C] () -- C:\Windows\SysNative\SetupBD.din
[2017.01.21 16:30:24 | 000,003,315 | ---- | C] () -- C:\Windows\SysNative\e1y62x64.din
[2017.01.21 16:27:40 | 000,000,890 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2017.01.21 15:06:45 | 000,002,887 | ---- | C] () -- C:\Users\Public\Desktop\SOLIDWORKS Composer Player 2016 - x64 Edition.lnk
[2017.01.21 15:06:45 | 000,002,751 | ---- | C] () -- C:\Users\Public\Desktop\SOLIDWORKS Composer Sync 2016 x64 Edition.lnk
[2017.01.21 15:06:45 | 000,002,741 | ---- | C] () -- C:\Users\Public\Desktop\SOLIDWORKS Composer 2016 x64 Edition.lnk
[2017.01.21 14:55:48 | 000,002,757 | ---- | C] () -- C:\Users\Public\Desktop\SOLIDWORKS 2016 x64 Edition.lnk
[2017.01.21 14:55:48 | 000,002,727 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS 2016 Fast Start.lnk
[2017.01.21 12:16:06 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2017.01.21 03:01:42 | 000,001,613 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.7 64-Bit.lnk
[2017.01.21 03:01:42 | 000,001,605 | ---- | C] () -- C:\Users\Public\Desktop\Lightroom 5.7 64-Bit.lnk
[2017.01.21 01:58:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2017.01.21 01:21:31 | 000,000,823 | ---- | C] () -- C:\Users\Jojo\Desktop\JDownloader 2.lnk
[2017.01.21 01:12:18 | 000,007,600 | ---- | C] () -- C:\Users\Jojo\AppData\Local\Resmon.ResmonCfg
[2017.01.20 18:41:53 | 003,531,136 | ---- | C] () -- C:\Windows\SysNative\drivers\snp2uvc.sys
[2017.01.20 18:41:53 | 000,306,176 | ---- | C] ( ) -- C:\Windows\SysNative\csnp2uvc.dll
[2017.01.20 18:41:53 | 000,232,448 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2017.01.20 18:41:53 | 000,230,912 | ---- | C] ( ) -- C:\Windows\SysNative\rsnp2uvc.dll
[2017.01.20 18:41:53 | 000,035,456 | ---- | C] () -- C:\Windows\SysNative\drivers\sncduvc.sys
[2017.01.20 18:41:53 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2017.01.20 18:41:53 | 000,013,021 | ---- | C] () -- C:\Windows\snp2uvc.src
[2017.01.20 18:40:27 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2017.01.20 18:40:27 | 000,002,888 | ---- | C] () -- C:\Windows\SysNative\atipblup.dat
[2017.01.20 18:39:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2017.01.20 18:39:27 | 001,991,936 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.cpa
[2017.01.20 18:39:27 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2017.01.20 18:39:27 | 000,982,240 | ---- | C] () -- C:\Windows\SysNative\igkrng500.bin
[2017.01.20 18:39:27 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2017.01.20 18:39:27 | 000,439,308 | ---- | C] () -- C:\Windows\SysNative\igcompkrng500.bin
[2017.01.20 18:39:27 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2017.01.20 18:39:27 | 000,092,356 | ---- | C] () -- C:\Windows\SysNative\igfcg500m.bin
[2017.01.20 18:39:27 | 000,060,254 | ---- | C] () -- C:\Windows\SysNative\iglhxg64.vp
[2017.01.20 18:39:27 | 000,060,226 | ---- | C] () -- C:\Windows\SysNative\iglhxc64.vp
[2017.01.20 18:39:27 | 000,060,015 | ---- | C] () -- C:\Windows\SysNative\iglhxo64.vp
[2017.01.20 18:39:27 | 000,005,436 | ---- | C] () -- C:\Windows\SysNative\iglhxs64.vp
[2017.01.20 18:39:27 | 000,004,096 | ---- | C] ( ) -- C:\Windows\SysNative\IGFXDEVLib.dll
[2017.01.20 18:39:27 | 000,001,090 | ---- | C] () -- C:\Windows\SysNative\iglhxa64.vp
[2017.01.20 18:39:26 | 000,653,056 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2017.01.20 18:39:26 | 000,653,056 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2017.01.20 18:39:26 | 000,223,990 | ---- | C] () -- C:\Windows\SysNative\atiicdxx.dat
[2017.01.20 18:39:26 | 000,189,552 | ---- | C] () -- C:\Windows\SysNative\Gfxres.th-TH.resources
[2017.01.20 18:39:26 | 000,178,407 | ---- | C] () -- C:\Windows\SysNative\Gfxres.el-GR.resources
[2017.01.20 18:39:26 | 000,165,395 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ru-RU.resources
[2017.01.20 18:39:26 | 000,152,856 | ---- | C] () -- C:\Windows\SysNative\difx64.exe
[2017.01.20 18:39:26 | 000,139,909 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ar-SA.resources
[2017.01.20 18:39:26 | 000,136,401 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ja-JP.resources
[2017.01.20 18:39:26 | 000,133,746 | ---- | C] () -- C:\Windows\SysNative\Gfxres.he-IL.resources
[2017.01.20 18:39:26 | 000,125,558 | ---- | C] () -- C:\Windows\SysNative\Gfxres.it-IT.resources
[2017.01.20 18:39:26 | 000,123,230 | ---- | C] () -- C:\Windows\SysNative\Gfxres.ko-KR.resources
[2017.01.20 18:39:26 | 000,122,927 | ---- | C] () -- C:\Windows\SysNative\Gfxres.es-ES.resources
[2017.01.20 18:39:26 | 000,122,709 | ---- | C] () -- C:\Windows\SysNative\Gfxres.de-DE.resources
[2017.01.20 18:39:26 | 000,121,173 | ---- | C] () -- C:\Windows\SysNative\Gfxres.tr-TR.resources
[2017.01.20 18:39:26 | 000,120,800 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fr-FR.resources
[2017.01.20 18:39:26 | 000,120,366 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-BR.resources
[2017.01.20 18:39:26 | 000,119,616 | ---- | C] () -- C:\Windows\SysNative\Gfxres.hu-HU.resources
[2017.01.20 18:39:26 | 000,119,586 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nl-NL.resources
[2017.01.20 18:39:26 | 000,119,360 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sv-SE.resources
[2017.01.20 18:39:26 | 000,119,067 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pt-PT.resources
[2017.01.20 18:39:26 | 000,118,745 | ---- | C] () -- C:\Windows\SysNative\Gfxres.cs-CZ.resources
[2017.01.20 18:39:26 | 000,118,697 | ---- | C] () -- C:\Windows\SysNative\Gfxres.fi-FI.resources
[2017.01.20 18:39:26 | 000,118,409 | ---- | C] () -- C:\Windows\SysNative\Gfxres.pl-PL.resources
[2017.01.20 18:39:26 | 000,118,058 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sk-SK.resources
[2017.01.20 18:39:26 | 000,114,852 | ---- | C] () -- C:\Windows\SysNative\Gfxres.nb-NO.resources
[2017.01.20 18:39:26 | 000,114,372 | ---- | C] () -- C:\Windows\SysNative\Gfxres.sl-SI.resources
[2017.01.20 18:39:26 | 000,114,261 | ---- | C] () -- C:\Windows\SysNative\Gfxres.da-DK.resources
[2017.01.20 18:39:26 | 000,110,214 | ---- | C] () -- C:\Windows\SysNative\Gfxres.en-US.resources
[2017.01.20 18:39:26 | 000,104,044 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-TW.resources
[2017.01.20 18:39:26 | 000,102,883 | ---- | C] () -- C:\Windows\SysNative\Gfxres.zh-CN.resources
[2017.01.20 18:39:26 | 000,100,640 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2017.01.20 18:39:26 | 000,022,190 | ---- | C] () -- C:\Windows\atiogl.xml
[2017.01.20 18:39:26 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2017.01.20 18:39:26 | 000,002,888 | ---- | C] () -- C:\Windows\SysNative\atipblag.dat
[2017.01.20 18:39:26 | 000,000,268 | ---- | C] () -- C:\Windows\SysNative\GfxUI.exe.config
[2017.01.20 17:46:47 | 000,001,421 | ---- | C] () -- C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2017.01.20 17:43:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2017.01.20 17:42:33 | 2065,715,199 | -HS- | C] () -- C:\hiberfil.sys
[2015.02.23 12:33:53 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2015.08.06 20:04:07 | 014,176,768 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2015.08.06 19:44:51 | 012,875,776 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Seitenanfang Seitenende
16.02.2017, 11:11
MaTo
Gesperrt

Beiträge: 15
#3 Hi Pad,

so wie es sich ließt nutzt du Windows 10.

Daher als erstes mal die Datensammelwut von Microsoft abschalten: https://www.oo-software.com/de/shutup10

Anschließend mal ADW Cleaner durchlaufen lassen (Nach dem Scan macht der ein Neustart - alle Programme vorher schließen) https://toolslib.net/downloads/viewdownload/1-adwcleaner/

ggf auch mal http://pandacloudcleaner.pandasecurity.com/facebook/ (Bei Installation Toolbar rausnehmen)

ggf auch mal ein Virenscan mit einer BootCD/BootStick durchlaufen lassen. ct' Desinfect liegt dir bestimmt nicht vor, oder? sonst hier mal schauen: https://www.botfrei.de/de/eucleaner/index.html

Empfehlung: Malwarebytes, Antibot

MFG Ton
Seitenanfang Seitenende
16.02.2017, 17:38
PadHead
Gesperrt

Themenstarter

Beiträge: 3
#4 Hi Mato,

nope, Windows 7... ;)
hat alles nichts gebracht, die Meldungen von Eset kommen immer noch. Ich habe einen Scan mit Eset Sysrescue vom Bootstick gemacht, dieser hat aber auch nichts gefunden..
Seitenanfang Seitenende
23.02.2017, 08:02
MaTo
Gesperrt

Beiträge: 15
#5 Guten Morgen,

dann empfehle ich die Fehlermeldung direkt mal an ESET schicken. Bei einer Gültigen Lizenz hat man zumindest einen Email Support.

Wenn die o.g. Programme nichts gefunden haben, dann kann es ja auch an ESET selbst liegen, ist halt eine vom Menschen programmierte Software :-)
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1