| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Positive Finds ads auf meinem PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.02.2015, 23:53
| #1 |
| |  Positive Finds ads auf meinem PC Wer kann mir helfen. Bin das erste Mal überhaupt in einem Forum unterwegs. Habe mir gestern oder vorgestern bei Chip.de Software heruntergeladen. Seit dem kann ich nicht mehr Surfen ohne das ständig ein Fenster mit Werbung aufgeht. Mein Rechner ist langsamer geworden. Sonst hat sich nichts geändert. Wie bekomme ich die Malware, Virus oder was auch immer es ist, wieder von meinem Rechner. Danke |
|
03.02.2015, 00:00
| #2 |
| Ruhe in Frieden † 2019     | Positive Finds ads auf meinem PC Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.02.2015, 21:44
| #3 |
| | Positive Finds ads auf meinem PC FRST:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Doreen Kiele (administrator) on DOREENKIELE-PC on 05-02-2015 21:29:32
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxducoms.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
() C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe
() C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4\Plugin.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-10-08] (CyberLink)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2014-12-21] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-12-25] (Oracle Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2014-12-25] (Adobe Systems Incorporated)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2015-01-07] ()
HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2015-01-07] ()
HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2015-01-07] ()
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1949080 2014-12-19] (APN)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1531739928-432372518-3359910063-1000] => localhost:21320
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_fs_15_05&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0Bzy0C0A0AyC0Dzyzy0DtCtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAtA0BtByD0FyBtGzzyC0F0FtGtB0FzzzztGzzyB0CyEtGyC0BtBzzyEyB0F0DtBtC0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0CyDzzyDyC0FtGyC0ByCzytGyEtB0A0AtGzytBtCyEtG0CtD0BtBtAyCyByE0F0D0CtA2Q&cr=786535476&ir=
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_fs_15_05&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0Bzy0C0A0AyC0Dzyzy0DtCtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAtA0BtByD0FyBtGzzyC0F0FtGtB0FzzzztGzzyB0CyEtGyC0BtBzzyEyB0F0DtBtC0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0CyDzzyDyC0FtGyC0ByCzytGyEtB0A0AtGzytBtCyEtG0CtD0BtBtAyCyByE0F0D0CtA2Q&cr=786535476&ir=
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Lexmark Symbolleiste -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Positive Finds -> {30c85a3d-1d96-4589-b63f-91fb7ef45a41} -> C:\Program Files\Positive Finds\Extensions\30c85a3d-1d96-4589-b63f-91fb7ef45a41.dll No File
BHO: Search App by Ask -> {41564952-412D-5350-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Lexmark -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
Toolbar: HKLM - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> Search App by Ask - {41564952-412D-5350-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-SP\Passport.dll (APN LLC.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Extension: Avira Browser Safety - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\abs@avira.com [2014-12-20]
FF Extension: DVDVideoSoft Menu - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2014-12-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-20]
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-13]
FF HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-21]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-20]
CHR Extension: (BILD Online) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\akelcgelcacijekkjghmpikldlfpjpho [2014-12-21]
CHR Extension: (STERN.DE) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apeagpappkcpkenmhnofdpfpaminilfj [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
CHR Extension: (YouTube) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-20]
CHR Extension: (Daylight Karte & Time Zone) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\chkjdbfmbgffpbmkihefmpmeonemloom [2014-12-21]
CHR Extension: (Candy Matcher Deluxe) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-12-21]
CHR Extension: (Google Tabellen) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-20]
CHR Extension: (Avira Browserschutz) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-21]
CHR Extension: (World of Solitaire) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2014-12-21]
CHR Extension: (KCals Kalorienzähler) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipifmjfbmblepifflinikiiboakalboc [2014-12-21]
CHR Extension: (eBay Deutschland) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknjndilpbgfjegfncoipgnhficfffoa [2014-12-21]
CHR Extension: (Gem of a Kind) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpdnogahpolnfpmnofheendeponbmla [2014-12-21]
CHR Extension: (Tetris) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhicelaffdlcajmemnjfccipcemjlki [2014-12-21]
CHR Extension: (Gute Mathe-Fragen!) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhdclppneongknbjpmifccllhgipanc [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
CHR Extension: (Bubble Shooter) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk [2014-12-21]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2014-12-21]
CHR HKLM\...\Chrome\Extension: [aaaaafhgaihilbkellglkpeiegabpjem] - C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaafhgaihilbkellglkpeiegabpjem.crx [2014-12-20]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [177560 2014-12-19] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
S2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2015-01-07] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [594600 2015-01-07] ( )
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2015-01-13] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2015-01-13] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 Service Mgr PositiveFinds; C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe [549624 2015-02-05] ()
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2015-01-18] (Syntek America Inc.) [File not signed]
R2 Update Mgr PositiveFinds; C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe [351992 2015-02-02] ()
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2009-01-07] (Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-01-07] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-12-20] (Avira Operations GmbH & Co. KG)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [150560 2008-08-26] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2015-01-18] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2015-01-18] (Syntek America Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2008-10-17] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 21:27 - 2015-02-05 21:29 - 00079811 _____ () C:\Users\Doreen Kiele\Desktop\Addition.txt
2015-02-05 21:25 - 2015-02-05 21:29 - 00029191 _____ () C:\Users\Doreen Kiele\Desktop\FRST.txt
2015-02-05 21:25 - 2015-02-05 21:29 - 00000000 ____D () C:\FRST
2015-02-05 21:22 - 2015-02-05 21:23 - 01123328 _____ (Farbar) C:\Users\Doreen Kiele\Desktop\FRST.exe
2015-02-02 21:48 - 2006-09-18 22:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150202-214813.backup
2015-02-02 21:38 - 2015-02-05 21:09 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-02 23:31 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-02 21:42 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-02 21:37 - 2015-02-02 21:37 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:37 - 2015-02-02 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-02 21:37 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-02 21:36 - 2015-02-02 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:36 - 2015-02-02 22:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-02 16:07 - 2015-02-02 16:09 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-02-02 16:07 - 2015-02-02 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-02-02 16:04 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-02 15:49 - 2015-02-02 16:07 - 00000000 ____D () C:\Program Files\CheckPoint
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-01 20:19 - 2015-02-01 20:19 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm
2015-02-01 18:56 - 2015-02-05 20:56 - 00000322 _____ () C:\Windows\Tasks\Vosteran_helper.job
2015-02-01 18:56 - 2015-02-01 19:01 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Vosteran
2015-02-01 18:53 - 2015-02-01 18:53 - 00035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 00000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2015-02-01 18:53 - 2015-02-01 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp
2015-02-01 13:20 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\CyberLink
2015-02-01 12:32 - 2015-02-01 12:32 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\FreeVideoEditor
2015-02-01 12:31 - 2015-02-05 20:56 - 00000000 ____D () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-02-01 12:31 - 2015-02-02 15:12 - 00000000 ____D () C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
2015-01-31 19:56 - 2015-01-31 19:56 - 00000104 _____ () C:\Users\Doreen Kiele\Computer - Verknüpfung.lnk
2015-01-31 17:29 - 2015-01-31 17:29 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Datenrettung
2015-01-30 18:49 - 2015-01-30 18:49 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\dvdcss
2015-01-30 18:24 - 2015-01-30 18:24 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2015-01-30 18:23 - 2015-01-30 18:23 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Canneverbe Limited
2015-01-30 18:11 - 2015-01-31 19:57 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Brennprogramm
2015-01-30 17:51 - 2015-01-30 17:51 - 00000000 ____D () C:\ProgramData\NtiDvdCopy
2015-01-18 22:44 - 2015-01-18 22:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\DVDVideoSoft_Ltd
2015-01-18 21:21 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\CyberLink
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\SoftDMA
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\PlayMovie
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\CyberLink
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Acer Arcade Deluxe
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\ProgramData\PlayMovie
2015-01-18 20:07 - 2015-01-18 21:46 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\Ulead VideoStudio SE
2015-01-18 19:39 - 2015-01-18 20:11 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Ulead Systems
2015-01-18 19:25 - 2015-01-18 19:25 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-18 19:23 - 2015-01-18 22:24 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-01-18 19:19 - 2015-01-18 19:19 - 10479603 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAPipe.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00653988 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAPin.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00242728 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkACamd.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00241628 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAMini.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00106496 _____ (Syntek America Inc.) C:\Windows\Stk1150.exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00053248 _____ (Syntek America Inc.) C:\Windows\system32\StkAWIA.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00053248 _____ (Syntek America Inc.) C:\Windows\system32\StkAProp.ax
2015-01-18 19:19 - 2015-01-18 19:19 - 00045056 _____ (Syntek America Inc.) C:\Windows\system32\StkAVFW.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00024576 _____ (Syntek America Inc.) C:\Windows\system32\StkASv2K.exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00024576 _____ (Syntek America Inc.) C:\Windows\system32\StkASSrv.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00018754 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkASam.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00004772 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkScan.sys
2015-01-18 19:19 - 2006-07-18 06:46 - 00061440 _____ (Syntek America Inc.) C:\Windows\StkATVAp.exe
2015-01-18 19:14 - 2015-01-18 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device
2015-01-17 17:21 - 2015-01-17 17:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\5600-6600 Series
2015-01-14 12:12 - 2015-01-14 12:12 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:08 - 2015-01-19 19:00 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Microsoft Games
2015-01-14 11:59 - 2015-01-14 11:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:59 - 2015-01-14 11:59 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 11:59 - 2015-01-14 11:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 11:58 - 2015-01-14 11:58 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 11:38 - 2015-01-13 11:38 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\PDF Architect 2
2015-01-13 11:36 - 2015-01-13 11:36 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\PDFCreator
2015-01-13 11:36 - 2015-01-13 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2015-01-13 11:35 - 2015-01-13 11:40 - 00000000 ____D () C:\Program Files\PDF Architect 2
2015-01-13 11:35 - 2015-01-13 11:35 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\PDF Architect 2
2015-01-13 11:32 - 2015-01-13 11:41 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-13 11:32 - 2015-01-13 11:32 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\pdfforge
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-07 17:58 - 2015-01-07 17:58 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Lexmark Productivity Studio
2015-01-07 09:02 - 2015-02-02 23:50 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-07 08:54 - 2015-01-07 08:57 - 00360448 _____ () C:\Windows\system32\lxducoin.dll
2015-01-07 08:54 - 2008-03-03 15:42 - 00065632 _____ () C:\Windows\system32\lxduprpr.chm
2015-01-07 08:52 - 2015-01-07 08:52 - 00040960 _____ () C:\Windows\system32\lxduvs.dll
2015-01-07 08:50 - 2015-01-07 08:50 - 01036288 _____ () C:\Windows\system32\lxdudrs.dll
2015-01-07 08:50 - 2015-01-07 08:50 - 00081920 _____ () C:\Windows\system32\lxducaps.dll
2015-01-07 08:50 - 2015-01-07 08:50 - 00069632 _____ () C:\Windows\system32\lxducnv4.dll
2015-01-07 08:50 - 2008-09-10 10:41 - 00032768 _____ () C:\Windows\system32\LXDUFXPU.DLL
2015-01-07 08:50 - 2008-05-01 01:41 - 00045056 _____ () C:\Windows\system32\LXDUPMON.DLL
2015-01-07 08:49 - 2015-01-07 18:16 - 00000000 ____D () C:\Program Files\Abbyy FineReader 6.0 Sprint
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\ProgramData\5600-6600 Series
2015-01-07 08:49 - 2008-09-10 10:43 - 00086016 _____ () C:\Windows\system32\lxduoem.dll
2015-01-07 08:49 - 2008-09-10 10:41 - 00339968 _____ (Data Techniques, Inc.) C:\Windows\system32\IMGMAN32.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00098345 _____ (Data Techniques, Inc.) C:\Windows\system32\IMHOST32.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00098304 _____ (Data Techniques, Inc.) C:\Windows\system32\IM31XPNG.DEL
2015-01-07 08:49 - 2008-09-10 10:41 - 00069632 _____ (Data Techniques, Inc.) C:\Windows\system32\IM31XTIF.DEL
2015-01-07 08:49 - 2008-09-10 10:41 - 00049152 _____ (Data Techniques, Inc.) C:\Windows\system32\IM31IMG.DIL
2015-01-07 08:48 - 2015-01-07 08:48 - 00000000 ____D () C:\Program Files\Lexmark Tools for Office
2015-01-07 08:47 - 2015-01-07 08:48 - 00000000 ____D () C:\Program Files\Lexmark Toolbar
2015-01-07 08:47 - 2015-01-07 08:47 - 00017064 _____ (Lexmark International, Inc.) C:\Windows\system32\LXDUwupd.exe
2015-01-07 08:47 - 2015-01-07 08:47 - 00000000 ____D () C:\Program Files\Lexmark Printable Web
2015-01-07 08:47 - 2008-04-15 12:08 - 00352256 _____ (Lexmark International, Inc.) C:\Windows\system32\LXDUwupd.dll
2015-01-07 08:47 - 2006-12-06 05:19 - 00000044 _____ () C:\Windows\system32\lxdurwrd.ini
2015-01-07 08:46 - 2015-01-07 09:02 - 00168694 _____ () C:\Windows\system32\LexFiles.ulf
2015-01-07 08:46 - 2015-01-07 09:01 - 00594600 _____ ( ) C:\Windows\system32\lxducoms.exe
2015-01-07 08:46 - 2015-01-07 09:01 - 00369320 _____ ( ) C:\Windows\system32\lxducfg.exe
2015-01-07 08:46 - 2015-01-07 09:01 - 00328360 _____ ( ) C:\Windows\system32\lxduih.exe
2015-01-07 08:46 - 2015-01-07 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series
2015-01-07 08:46 - 2008-05-23 13:50 - 00001867 _____ () C:\Windows\system32\lxdu.loc
2015-01-07 08:46 - 2008-05-23 13:16 - 01069056 _____ ( ) C:\Windows\system32\lxduserv.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00851968 _____ ( ) C:\Windows\system32\lxduusb1.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00765952 _____ ( ) C:\Windows\system32\lxducomc.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00679936 _____ ( ) C:\Windows\system32\lxduhbn3.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00651264 _____ ( ) C:\Windows\system32\lxdupmui.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00577536 _____ ( ) C:\Windows\system32\lxdulmpm.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00376832 _____ ( ) C:\Windows\system32\lxducomm.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00364544 _____ ( ) C:\Windows\system32\lxduinpa.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00339968 _____ ( ) C:\Windows\system32\lxduiesc.dll
2015-01-07 08:46 - 2008-05-23 13:06 - 00208896 _____ () C:\Windows\system32\lxdugrd.dll
2015-01-07 08:46 - 2008-05-15 07:12 - 00114688 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduinsr.dll
2015-01-07 08:46 - 2008-05-15 07:12 - 00036864 _____ (Lexmark International, Inc.) C:\Windows\system32\lxducur.dll
2015-01-07 08:46 - 2008-05-15 07:11 - 00147456 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdujswr.dll
2015-01-07 08:46 - 2008-05-06 22:49 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduinsb.dll
2015-01-07 08:46 - 2008-05-06 22:48 - 00090112 _____ (Lexmark International, Inc.) C:\Windows\system32\lxducub.dll
2015-01-07 08:46 - 2008-05-06 22:47 - 00176128 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduins.dll
2015-01-07 08:46 - 2008-05-06 22:47 - 00081920 _____ (Lexmark International, Inc.) C:\Windows\system32\lxducu.dll
2015-01-07 08:46 - 2008-05-06 22:45 - 00524288 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduutil.dll
2015-01-07 08:46 - 2008-05-02 20:26 - 00438272 _____ ( ) C:\Windows\system32\LXDUhcp.dll
2015-01-07 08:46 - 2008-05-02 20:25 - 00389120 _____ () C:\Windows\system32\LXDUinst.dll
2015-01-07 08:46 - 2008-02-21 06:12 - 00077906 _____ (Lexmark International) C:\Windows\system32\LXDUcfg.dll
2015-01-07 08:46 - 2007-10-09 23:27 - 00983121 _____ (Microsoft Corporation) C:\Windows\system32\lxdugf.dll
2015-01-07 08:45 - 2015-01-07 08:58 - 00000000 ____D () C:\Program Files\Lexmark 5600-6600 Series
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 21:17 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 21:17 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 21:09 - 2014-12-20 19:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 21:09 - 2014-12-20 17:40 - 01242303 _____ () C:\Windows\WindowsUpdate.log
2015-02-05 21:08 - 2014-12-20 19:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-02 23:31 - 2009-01-22 06:59 - 00000147 _____ () C:\Windows\system32\agent.log
2015-02-02 23:31 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-02 23:30 - 2008-01-21 03:47 - 04465918 _____ () C:\Windows\PFRO.log
2015-02-02 23:29 - 2006-11-02 14:01 - 00020546 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-02 21:45 - 2014-12-20 18:15 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-02-02 19:45 - 2006-11-02 11:33 - 01661528 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-02 17:37 - 2014-12-29 09:01 - 00000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2015-02-02 16:08 - 2014-12-20 17:52 - 00000000 ____D () C:\Users\Doreen Kiele
2015-02-02 16:06 - 2014-12-20 21:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 16:06 - 2014-12-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 16:06 - 2014-12-20 18:56 - 00000000 ____D () C:\Program Files\Avira
2015-02-02 15:56 - 2014-12-20 19:27 - 00000000 ____D () C:\Program Files\Comodo
2015-02-02 15:53 - 2014-12-20 19:27 - 00000000 ____D () C:\ProgramData\Comodo
2015-02-02 15:20 - 2006-11-02 13:47 - 00402808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 22:10 - 2014-12-20 18:46 - 00150528 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 22:07 - 2014-12-20 17:55 - 00114184 _____ () C:\Users\Doreen Kiele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 19:15 - 2008-11-14 03:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-01 13:19 - 2014-12-23 13:22 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\vlc
2015-02-01 12:55 - 2014-12-20 20:54 - 00009398 _____ () C:\Windows\WisAutorun.log
2015-02-01 12:33 - 2014-12-21 10:56 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-01 12:32 - 2014-12-21 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 12:32 - 2014-12-21 10:43 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-01 12:31 - 2014-12-21 10:54 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-01 12:30 - 2014-12-21 10:54 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\RHEng
2015-02-01 12:30 - 2014-12-21 10:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\DVDVideoSoft
2015-01-31 20:36 - 2009-01-22 06:55 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll
2015-01-31 19:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-31 18:02 - 2014-12-20 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Video Soft FreeStudio
2015-01-31 18:02 - 2014-12-20 17:54 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\VirtualStore
2015-01-31 16:53 - 2014-12-21 10:43 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\DVDVideoSoft
2015-01-18 22:35 - 2014-12-20 18:18 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\PowerCinema
2015-01-18 22:35 - 2014-12-20 18:16 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-18 21:27 - 2009-01-22 07:39 - 00030226 _____ () C:\Windows\DirectX.log
2015-01-18 21:21 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-18 19:23 - 2009-01-22 07:03 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-18 19:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2015-01-17 17:32 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-14 12:12 - 2014-12-20 21:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:59 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 11:29 - 2014-12-20 18:54 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\PDF Creator
2015-01-13 11:24 - 2009-01-22 07:16 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-13 11:23 - 2014-12-20 18:46 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Adobe
2015-01-11 20:21 - 2006-11-02 13:52 - 00131632 _____ () C:\Windows\setupact.log
2015-01-09 15:51 - 2014-12-20 21:26 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-02-01 18:53 - 2015-02-01 18:53 - 0035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 0000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2014-12-29 09:01 - 2015-02-02 17:37 - 0000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2014-12-20 18:46 - 2015-02-01 22:10 - 0150528 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 18:12 - 2014-12-20 18:13 - 0091953 _____ () C:\Users\Doreen Kiele\AppData\Local\edsinstaller.txt-20141220.log
2014-12-20 18:16 - 2014-12-20 18:20 - 0006065 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-01-07 08:43 - 2015-01-07 08:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Some content of TEMP:
====================
C:\Users\Doreen Kiele\AppData\Local\Temp\avgnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-02 23:40
==================== End Of Log ============================
|
|
05.02.2015, 21:45
| #4 |
| | Positive Finds ads auf meinem PCCode:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Doreen Kiele at 2015-02-05 21:27:02
Running from C:\Users\Doreen Kiele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3013 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{F2F8821D-9C68-6040-8BF7-FF21D26592B5}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
ccc-core-static (Version: 2008.1210.1623.29379 - Ihr Firmenname) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Free DVD Video Converter version 2.0.25.128 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.128 - DVDVideoSoft Ltd.)
Free Studio version 5.0.9 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free Video Editor version 1.4.10.128 (HKLM\...\Free Video Editor_is1) (Version: 1.4.10.128 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.56.128 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java(TM) 6 Update 23 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.230 - Oracle)
Launch Manager (HKLM\...\LManager) (Version: - )
Lexmark (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Symbolleiste (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM\...\{41564952-412D-5350-00A7-A758B70C1700}) (Version: 12.23.0.34 - APN, LLC) <==== ATTENTION
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-01-2015 08:51:11 Gerätetreiber-Paketinstallation: Lexmark Bildverarbeitungsgeräte
07-01-2015 08:56:59 Gerätetreiber-Paketinstallation: Lexmark Inkjet-Treiber Drucker
11-01-2015 20:22:55 Windows Update
13-01-2015 11:35:10 Installed PDF Architect 2 View Module
13-01-2015 11:38:14 Installed PDF Architect 2 Create Module
13-01-2015 11:40:04 Installed PDF Architect 2 Edit Module
14-01-2015 11:57:50 Windows Update
17-01-2015 17:46:11 Windows Update
17-01-2015 19:04:43 Installiert USB2.0 Capture Device
18-01-2015 19:13:42 Installiert USB2.0 Capture Device
18-01-2015 19:19:14 Gerätetreiber-Paketinstallation: Syntek America Inc. Bildverarbeitungsgeräte
18-01-2015 19:22:53 Installiert Ulead VideoStudio
18-01-2015 22:23:18 Entfernt Ulead VideoStudio
19-01-2015 10:42:38 Windows Update
23-01-2015 21:19:54 Windows Update
28-01-2015 11:03:53 Windows Update
31-01-2015 20:09:18 Microsoft Visual C++ 2005 Redistributable wird installiert
01-02-2015 12:56:14 Installiert PowerDirector
01-02-2015 19:03:53 Konfiguriert PowerDirector
02-02-2015 15:44:19 Removed COMODO Firewall
02-02-2015 16:04:16 Windows Update
02-02-2015 16:07:51 Gerätetreiber-Paketinstallation: Check Point Software Technologies Ltd. Netzwerkdienst
02-02-2015 19:41:05 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {23B28225-65E4-4239-8BA2-1751113A480A} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {3C41FE0F-981F-4EAB-A626-62E6FBD50BB4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-25] (Oracle Corporation)
Task: {AA43FBD5-D48C-4B95-AE4A-1A6EEA1239CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.)
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - System32\Tasks\Vosteran_helper => C:\Users\DOREEN~1\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe <==== ATTENTION
Task: {D474A348-5306-4384-BAF9-D18B46930DF2} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {D9317D58-89FE-45F4-BA22-EA179E15D626} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {E2C78A30-5F28-4F78-A14B-1AB89494D0A0} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E95C38D1-EFCF-479C-A943-AF5B573C9360} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2015-01-07] ()
Task: {FE1BEE1C-DE89-4BB2-8AC6-A2BFF145D6E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Vosteran_helper.job => C:\Users\DOREEN~1\AppData\Local\Vosteran\APPLIC~1\Vosteran\helper.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) ==============
2008-09-10 10:57 - 2008-09-10 10:57 - 00372736 _____ () C:\Program Files\Lexmark Toolbar\toolband.dll
2015-01-07 08:48 - 2008-09-10 10:57 - 00458752 _____ () C:\Program Files\Lexmark Toolbar\resource.dll
2015-01-07 08:50 - 2008-05-01 01:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL
2015-01-07 08:49 - 2008-09-10 10:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
2015-01-07 08:58 - 2015-01-07 08:52 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00811008 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduptpc.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00149504 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdudrui.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00198144 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdudr.dll
2008-04-02 16:07 - 2015-01-07 08:52 - 01388544 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxduHPEC.DLL
2015-01-07 08:52 - 2015-01-07 08:52 - 00188416 _____ () C:\Windows\system32\spool\DRIVERS\W32X86\3\lxdudatr.dll
2014-12-21 02:32 - 2009-01-07 22:46 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-12-20 18:19 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-12-20 18:10 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2009-01-22 07:17 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-22 07:17 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-02-02 21:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-02 21:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-02-01 10:12 - 2015-02-02 03:12 - 00351992 _____ () C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe
2014-12-21 02:32 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-07-29 17:52 - 2008-07-29 17:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00835584 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2015-01-07 08:47 - 2015-01-07 08:47 - 00676520 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
2015-01-07 08:47 - 2008-09-10 10:56 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00188416 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxdudatr.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
2015-01-07 08:47 - 2008-09-10 10:40 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
2015-01-07 08:48 - 2015-01-07 08:48 - 00025256 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
2015-01-07 08:47 - 2008-05-27 04:36 - 00028672 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2015-01-07 08:47 - 2008-05-27 04:36 - 00036864 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2015-01-07 08:47 - 2008-05-27 04:35 - 00065536 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2015-01-07 08:47 - 2008-03-25 05:53 - 00012288 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2015-02-01 11:12 - 2015-02-05 09:49 - 00549624 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe
2015-02-05 02:49 - 2015-02-05 02:49 - 00503032 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\plugin.exe
2015-02-02 00:12 - 2015-02-02 15:12 - 00700664 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\plugin.exe
2015-02-02 15:57 - 2015-02-05 20:57 - 00246008 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\0c967511-e9bb-4a6f-b01c-a80548f542d9.dll
2015-02-04 22:49 - 2015-02-04 22:49 - 00518904 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\plugin.exe
2015-02-04 22:49 - 2015-02-04 22:49 - 00400120 _____ () C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4\plugin.exe
2015-01-28 17:23 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-01-28 17:23 - 2015-01-25 07:08 - 14913864 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\PepperFlash\pepflashplayer.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2008-07-29 17:52 - 2008-07-29 17:52 - 00057904 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\MailFormat_U.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-12-20 19:19 - 2014-02-10 12:44 - 04592128 _____ () C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-12-20 19:19 - 2014-02-10 12:44 - 00112128 _____ () C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Stk1150.exe:$CmdTcID
AlternateDataStreams: C:\Windows\StkATVAp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayDriverLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cbsra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chsbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chtbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compcln.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrstub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfsr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ff_vfw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FunctionDiscoveryFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigReader.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsilog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducaps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducnv4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxdudrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduvs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LXDUwupd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\milcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexch40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexcl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjet40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjetoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjint40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjter40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjtes40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msltus40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2VDEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd2x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd3x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrepl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msstrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstext40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstlsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswdat10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswstr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetProjW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oobefldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdfcmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propdefs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavenge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetIEInstalledDate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCommDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLLUA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slmgr.vbs:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUINotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spcmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sperror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAProp.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASv2K.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAVFW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAWIA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thawbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxsms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whealogr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcao.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WscEapPr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Dumpata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\exfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mup.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\npfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\raspppoe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\smb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spsys.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkACamd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAMini.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPin.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPipe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkASam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Doreen:$CmdTcID
AlternateDataStreams: C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part:$CmdTcID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doreen Kiele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1531739928-432372518-3359910063-500 - Administrator - Disabled)
Doreen Kiele (S-1-5-21-1531739928-432372518-3359910063-1000 - Administrator - Enabled) => C:\Users\Doreen Kiele
Gast (S-1-5-21-1531739928-432372518-3359910063-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/05/2015 09:04:07 PM) (Source: Avira Service Host) (EventID: 0) (User: )
Description: Fehler beim Verarbeiten von Sitzungsänderung. System.ComponentModel.Win32Exception (0x80004005): Key (Users\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall) could not be opened Error: 87, Hive: Users, Key: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.CheckResultAndThrowWin32Exception(Int32 result, String message)
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.OpenRegKey()
bei Avira.OE.WinCore.Utility.RegistryValueWatcher.Start()
bei Avira.OE.ServiceHost.AppInfoRepositoryFactory.CreateRegistryAppInfoRepository(RegistryHive registryHive, String registryPath, RegistryView registryView)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateUserAppInfoRepository(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.UpdateOnNewUserSid(String userSid)
bei Avira.OE.ServiceHost.DesktopApplications.OnSessionChange(Int32 sessionId, SessionChangeReason reason)
bei Avira.OE.ServiceHost.ServiceHost.OnSessionChange(SessionChangeDescription changeDescription)
bei S...
Error: (02/02/2015 11:32:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 09:43:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 07:44:28 PM) (Source: Perflib) (EventID: 1015) (User: )
Description: PerfProcC:\Windows\system32\perfproc.dll0
Error: (02/02/2015 04:29:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 03:54:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 03:22:36 PM) (Source: Avira Antivirus) (EventID: 4122) (User: NT-AUTORITÄT)
Description: Die Datei AvShadow konnte nicht geladen werden.
Fehlercode: 0x5
Error: (02/02/2015 03:21:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2015 10:08:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm dvdmaker.exe, Version 6.0.6002.18005 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: 1b84
Anfangszeit: 01d03e6307574a70
Zeitpunkt der Beendigung: 32
Error: (02/01/2015 07:34:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung DVDStyler.exe, Version 0.0.0.0, Zeitstempel 0x00000000, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x65a53000,
Prozess-ID 0x18e0, Anwendungsstartzeit DVDStyler.exe0.
System errors:
=============
Error: (02/02/2015 11:34:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Service Mgr PositiveFinds
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Empowering Technology Service
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/02/2015 09:45:16 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Service Mgr PositiveFinds
Error: (02/02/2015 09:43:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (02/02/2015 09:43:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (02/02/2015 09:43:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/02/2015 09:43:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-12-23 11:25:49.092
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 11:25:48.920
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 11:25:48.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 11:25:48.639
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-23 11:25:48.468
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 21:33:57.127
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 21:33:57.017
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 21:33:56.908
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 21:33:56.768
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-20 21:33:56.659
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72
Percentage of memory in use: 68%
Total physical RAM: 2429.36 MB
Available physical RAM: 766.41 MB
Total Pagefile: 5085.29 MB
Available Pagefile: 2821.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1895.02 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:50.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:142.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4BFDD482)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
==================== End Of Log ============================
|
|
06.02.2015, 00:26
| #5 |
| Ruhe in Frieden † 2019 | Positive Finds ads auf meinem PC Hallo, Schritt 1 Bitte deinstalliere folgende Programme: Java(TM) 6 Update 23 Search App by Ask Dazu gehe auf Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> suche das Programm in der Liste --> entfernen Falls du ein Programm nicht deinstallieren kannst, lade dir von hier den Revo-uninstaller herunter und deinstalliere es damit, wähle dabei den moderaten Modus. Schritt 2 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3 Downloade Dir bitte Malwarebytes Anti-Malware
Schritt 4 Starte noch einmal FRST.
|
|
06.02.2015, 12:32
| #6 |
| | Positive Finds ads auf meinem PCCode:
ATTFilter # AdwCleaner v4.110 - Bericht erstellt 06/02/2015 um 11:17:53
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-05.2 [Lokal]
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (x86)
# Benutzername : Doreen Kiele - DOREENKIELE-PC
# Gestarted von : C:\Users\Doreen Kiele\Desktop\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Service Mgr PositiveFinds
Dienst Gelöscht : Update Mgr PositiveFinds
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602
Ordner Gelöscht : C:\Users\DOREEN~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\Doreen Kiele\AppData\Local\Vosteran
Ordner Gelöscht : C:\Users\Doreen Kiele\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Doreen Kiele\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Doreen Kiele\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{987D9269-F8A1-408F-BF62-4397D2F5363E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0722BEB-FDA1-4AA1-A2A8-15A74A5B3F70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F1963E76-845B-474C-8C7F-D69A96D8AA34}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{744E0E81-BC79-4719-A58B-C98F7E78EE5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{50F60937-910A-4C05-8E36-FE4E299191CF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{06DEB529-DE09-43EC-B6E2-451AAB0FF000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E00DE9B9-B128-4C39-B732-B5D85013FA48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63C63464-1423-4FDB-BA5D-6F75F491C63E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30C85A3D-1D96-4589-B63F-91FB7EF45A41}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5350-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5350-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{41564952-412D-5350-00A7-7A786E7484D7}]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8EEAC88A-079B-4b2c-80C1-7836F79EB40A}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Vosteran Browser
Schlüssel Gelöscht : HKLM\SOFTWARE\PositiveFinds
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:21320
***** [ Internetbrowser ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Mozilla Firefox v
-\\ Google Chrome v40.0.2214.93
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.zonealarm.com/search?src=sp&tbid=HFA5&Lan=DE&q={searchTerms}&gu=6086b4534a494fdc86d7ec64ff8bd3c4&tu=10G9y00IC1D30q0&sku=&tstsId=&ver=&
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3321540&octid=EB_ORIGINAL_CTID&ISID=M11E230B0-C22B-4067-B73A-96A0B59E84B2&SearchSource=58&CUI=&UM=5&UP=SPB9875253-B2CB-4CF9-BBBB-41AA630217D5&q={searchTerms}&SSPV=
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3281675&CUI=UN27703654992431027&UM=2&SSPV=SP_IENSP08
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^DE&apn_uid=06f1d0c3-9489-49c6-bc84-02d7f15ed072&apn_sauid=850E82F2-028D-4990-938F-C3995BD10C4D
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=^FV&apn_dtid=^YYYYYY^YY^DE&apn_uid=06f1d0c3-9489-49c6-bc84-02d7f15ed072&apn_sauid=850E82F2-028D-4990-938F-C3995BD10C4D
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3322288&octid=EB_ORIGINAL_CTID&ISID=M39CF8674-1C09-4A8B-BAD6-81071F9F9614&SearchSource=58&CUI=&UM=6&UP=SP5BF58CB8-C8A0-407A-8791-9CEC438AD1F0&q={searchTerms}&SSPV=
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=240e99d100000000000000242b9caa6d&r=874
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_fs_15_05&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0Bzy0C0A0AyC0Dzyzy0DtCtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAtA0BtByD0FyBtGzzyC0F0FtGtB0FzzzztGzzyB0CyEtGyC0BtBzzyEyB0F0DtBtC0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0CyDzzyDyC0FtGyC0ByCzytGyEtB0A0AtGzytBtCyEtG0CtD0BtBtAyCyByE0F0D0CtA2Q&cr=786535476&ir=
[C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_fs_15_05&cd=2XzuyEtN2Y1L1QzutDtDtByEtB0Bzy0C0A0AyC0Dzyzy0DtCtN0D0Tzu0StCtCtByBtN1L2XzutAtFyBtFtCtFtBtN1L1CzutCyEtBzytDyD1V1BtAtN1L1G1B1V1N2Y1L1Qzu2SyEtAtA0BtByD0FyBtGzzyC0F0FtGtB0FzzzztGzzyB0CyEtGyC0BtBzzyEyB0F0DtBtC0Bzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCtD0CyDzzyDyC0FtGyC0ByCzytGyEtB0A0AtGzytBtCyEtG0CtD0BtBtAyCyByE0F0D0CtA2Q&cr=786535476&ir=
*************************
AdwCleaner[R0].txt - [9969 Bytes] - [06/02/2015 11:14:45]
AdwCleaner[S0].txt - [9891 Bytes] - [06/02/2015 11:17:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9950 Bytes] ##########
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 06.02.2015 11:34:54, SYSTEM, DOREENKIELE-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, Update, 06.02.2015 11:34:54, SYSTEM, DOREENKIELE-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, Update, 06.02.2015 11:35:33, SYSTEM, DOREENKIELE-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.6.3, (end) FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2015
Ran by Doreen Kiele (administrator) on DOREENKIELE-PC on 06-02-2015 12:25:40
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Microsoft Corporation) C:\Windows\System32\PresentationSettings.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxducoms.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Realtek Semiconductor Corp.) C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-10-08] (CyberLink)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2014-12-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2014-12-25] (Adobe Systems Incorporated)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2015-01-07] ()
HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2015-01-07] ()
HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2015-01-07] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Lexmark Symbolleiste -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Lexmark -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Extension: Avira Browser Safety - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\abs@avira.com [2014-12-20]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-20]
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-13]
FF HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-21]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "https://www.google.de/?gws_rd=ssl"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-20]
CHR Extension: (BILD Online) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\akelcgelcacijekkjghmpikldlfpjpho [2014-12-21]
CHR Extension: (STERN.DE) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apeagpappkcpkenmhnofdpfpaminilfj [2014-12-21]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
CHR Extension: (YouTube) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-20]
CHR Extension: (Daylight Karte & Time Zone) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\chkjdbfmbgffpbmkihefmpmeonemloom [2014-12-21]
CHR Extension: (Candy Matcher Deluxe) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2014-12-21]
CHR Extension: (Google Tabellen) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-20]
CHR Extension: (Avira Browserschutz) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-21]
CHR Extension: (World of Solitaire) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2014-12-21]
CHR Extension: (KCals Kalorienzähler) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipifmjfbmblepifflinikiiboakalboc [2014-12-21]
CHR Extension: (eBay Deutschland) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknjndilpbgfjegfncoipgnhficfffoa [2014-12-21]
CHR Extension: (Gem of a Kind) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkpdnogahpolnfpmnofheendeponbmla [2014-12-21]
CHR Extension: (Tetris) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhicelaffdlcajmemnjfccipcemjlki [2014-12-21]
CHR Extension: (Gute Mathe-Fragen!) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhdclppneongknbjpmifccllhgipanc [2014-12-21]
CHR Extension: (Google Wallet) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-20]
CHR Extension: (Bubble Shooter) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk [2014-12-21]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2014-12-21]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2015-01-07] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [594600 2015-01-07] ( )
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2015-01-13] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2015-01-13] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2015-01-18] (Syntek America Inc.) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2009-01-07] (Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-01-07] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-12-20] (Avira Operations GmbH & Co. KG)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [150560 2008-08-26] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2015-01-18] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2015-01-18] (Syntek America Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2008-10-17] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 12:25 - 2015-02-06 12:26 - 00025132 _____ () C:\Users\Doreen Kiele\Desktop\FRST.txt
2015-02-06 12:23 - 2015-02-06 12:23 - 00000386 _____ () C:\Users\Doreen Kiele\Desktop\mbam.txt
2015-02-06 12:21 - 2015-02-06 12:21 - 00000903 _____ () C:\Users\Doreen Kiele\Desktop\mbam - Verknüpfung.lnk
2015-02-06 11:34 - 2015-02-06 12:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-06 11:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 11:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 11:34 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 11:32 - 2015-02-06 11:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Doreen Kiele\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-06 11:14 - 2015-02-06 11:18 - 00000000 ____D () C:\AdwCleaner
2015-02-06 11:10 - 2015-02-06 11:10 - 02112512 _____ () C:\Users\Doreen Kiele\Desktop\AdwCleaner_4.110.exe
2015-02-05 21:25 - 2015-02-06 12:25 - 00000000 ____D () C:\FRST
2015-02-05 21:22 - 2015-02-05 21:23 - 01123328 _____ (Farbar) C:\Users\Doreen Kiele\Desktop\FRST.exe
2015-02-02 21:48 - 2006-09-18 22:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150202-214813.backup
2015-02-02 21:38 - 2015-02-06 12:11 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-05 21:09 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-02 21:42 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-02 21:37 - 2015-02-02 21:37 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:37 - 2015-02-02 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-02 21:37 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-02 21:36 - 2015-02-02 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:36 - 2015-02-02 22:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-02 16:07 - 2015-02-02 16:09 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-02-02 16:07 - 2015-02-02 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-02-02 16:04 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-02 15:49 - 2015-02-02 16:07 - 00000000 ____D () C:\Program Files\CheckPoint
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-01 20:19 - 2015-02-01 20:19 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm
2015-02-01 18:53 - 2015-02-01 18:53 - 00035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 00000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2015-02-01 18:53 - 2015-02-01 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp
2015-02-01 13:20 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\CyberLink
2015-02-01 12:32 - 2015-02-01 12:32 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\FreeVideoEditor
2015-01-31 19:56 - 2015-01-31 19:56 - 00000104 _____ () C:\Users\Doreen Kiele\Computer - Verknüpfung.lnk
2015-01-31 17:29 - 2015-01-31 17:29 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Datenrettung
2015-01-30 18:49 - 2015-01-30 18:49 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\dvdcss
2015-01-30 18:24 - 2015-01-30 18:24 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2015-01-30 18:23 - 2015-01-30 18:23 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Canneverbe Limited
2015-01-30 18:11 - 2015-01-31 19:57 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Brennprogramm
2015-01-30 17:51 - 2015-01-30 17:51 - 00000000 ____D () C:\ProgramData\NtiDvdCopy
2015-01-18 22:44 - 2015-01-18 22:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\DVDVideoSoft_Ltd
2015-01-18 21:21 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\CyberLink
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\SoftDMA
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\PlayMovie
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\CyberLink
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Acer Arcade Deluxe
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\ProgramData\PlayMovie
2015-01-18 20:07 - 2015-01-18 21:46 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\Ulead VideoStudio SE
2015-01-18 19:39 - 2015-01-18 20:11 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Ulead Systems
2015-01-18 19:25 - 2015-01-18 19:25 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-18 19:23 - 2015-01-18 22:24 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-01-18 19:19 - 2015-01-18 19:19 - 10479603 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAPipe.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00653988 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAPin.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00242728 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkACamd.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00241628 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAMini.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00106496 _____ (Syntek America Inc.) C:\Windows\Stk1150.exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00053248 _____ (Syntek America Inc.) C:\Windows\system32\StkAWIA.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00053248 _____ (Syntek America Inc.) C:\Windows\system32\StkAProp.ax
2015-01-18 19:19 - 2015-01-18 19:19 - 00045056 _____ (Syntek America Inc.) C:\Windows\system32\StkAVFW.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00024576 _____ (Syntek America Inc.) C:\Windows\system32\StkASv2K.exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00024576 _____ (Syntek America Inc.) C:\Windows\system32\StkASSrv.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00018754 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkASam.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00004772 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkScan.sys
2015-01-18 19:19 - 2006-07-18 06:46 - 00061440 _____ (Syntek America Inc.) C:\Windows\StkATVAp.exe
2015-01-18 19:14 - 2015-01-18 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device
2015-01-17 17:21 - 2015-01-17 17:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\5600-6600 Series
2015-01-14 12:12 - 2015-01-14 12:12 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:08 - 2015-01-19 19:00 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Microsoft Games
2015-01-14 11:59 - 2015-01-14 11:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:59 - 2015-01-14 11:59 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 11:59 - 2015-01-14 11:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 11:58 - 2015-01-14 11:58 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 11:38 - 2015-01-13 11:38 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\PDF Architect 2
2015-01-13 11:36 - 2015-01-13 11:36 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\PDFCreator
2015-01-13 11:36 - 2015-01-13 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2015-01-13 11:35 - 2015-01-13 11:40 - 00000000 ____D () C:\Program Files\PDF Architect 2
2015-01-13 11:35 - 2015-01-13 11:35 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\PDF Architect 2
2015-01-13 11:32 - 2015-01-13 11:41 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-13 11:32 - 2015-01-13 11:32 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2015-01-07 17:58 - 2015-01-07 17:58 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Lexmark Productivity Studio
2015-01-07 09:02 - 2015-02-02 23:50 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-01-07 08:54 - 2015-01-07 08:57 - 00360448 _____ () C:\Windows\system32\lxducoin.dll
2015-01-07 08:54 - 2008-03-03 15:42 - 00065632 _____ () C:\Windows\system32\lxduprpr.chm
2015-01-07 08:52 - 2015-01-07 08:52 - 00040960 _____ () C:\Windows\system32\lxduvs.dll
2015-01-07 08:50 - 2015-01-07 08:50 - 01036288 _____ () C:\Windows\system32\lxdudrs.dll
2015-01-07 08:50 - 2015-01-07 08:50 - 00081920 _____ () C:\Windows\system32\lxducaps.dll
2015-01-07 08:50 - 2015-01-07 08:50 - 00069632 _____ () C:\Windows\system32\lxducnv4.dll
2015-01-07 08:50 - 2008-09-10 10:41 - 00032768 _____ () C:\Windows\system32\LXDUFXPU.DLL
2015-01-07 08:50 - 2008-05-01 01:41 - 00045056 _____ () C:\Windows\system32\LXDUPMON.DLL
2015-01-07 08:49 - 2015-01-07 18:16 - 00000000 ____D () C:\Program Files\Abbyy FineReader 6.0 Sprint
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 6.0 Sprint
2015-01-07 08:49 - 2015-01-07 08:49 - 00000000 ____D () C:\ProgramData\5600-6600 Series
2015-01-07 08:49 - 2008-09-10 10:43 - 00086016 _____ () C:\Windows\system32\lxduoem.dll
2015-01-07 08:49 - 2008-09-10 10:41 - 00339968 _____ (Data Techniques, Inc.) C:\Windows\system32\IMGMAN32.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00098345 _____ (Data Techniques, Inc.) C:\Windows\system32\IMHOST32.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00098304 _____ (Data Techniques, Inc.) C:\Windows\system32\IM31XPNG.DEL
2015-01-07 08:49 - 2008-09-10 10:41 - 00069632 _____ (Data Techniques, Inc.) C:\Windows\system32\IM31XTIF.DEL
2015-01-07 08:49 - 2008-09-10 10:41 - 00049152 _____ (Data Techniques, Inc.) C:\Windows\system32\IM31IMG.DIL
2015-01-07 08:48 - 2015-01-07 08:48 - 00000000 ____D () C:\Program Files\Lexmark Tools for Office
2015-01-07 08:47 - 2015-01-07 08:48 - 00000000 ____D () C:\Program Files\Lexmark Toolbar
2015-01-07 08:47 - 2015-01-07 08:47 - 00017064 _____ (Lexmark International, Inc.) C:\Windows\system32\LXDUwupd.exe
2015-01-07 08:47 - 2015-01-07 08:47 - 00000000 ____D () C:\Program Files\Lexmark Printable Web
2015-01-07 08:47 - 2008-04-15 12:08 - 00352256 _____ (Lexmark International, Inc.) C:\Windows\system32\LXDUwupd.dll
2015-01-07 08:47 - 2006-12-06 05:19 - 00000044 _____ () C:\Windows\system32\lxdurwrd.ini
2015-01-07 08:46 - 2015-01-07 09:02 - 00168694 _____ () C:\Windows\system32\LexFiles.ulf
2015-01-07 08:46 - 2015-01-07 09:01 - 00594600 _____ ( ) C:\Windows\system32\lxducoms.exe
2015-01-07 08:46 - 2015-01-07 09:01 - 00369320 _____ ( ) C:\Windows\system32\lxducfg.exe
2015-01-07 08:46 - 2015-01-07 09:01 - 00328360 _____ ( ) C:\Windows\system32\lxduih.exe
2015-01-07 08:46 - 2015-01-07 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 5600-6600 Series
2015-01-07 08:46 - 2008-05-23 13:50 - 00001867 _____ () C:\Windows\system32\lxdu.loc
2015-01-07 08:46 - 2008-05-23 13:16 - 01069056 _____ ( ) C:\Windows\system32\lxduserv.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00851968 _____ ( ) C:\Windows\system32\lxduusb1.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00765952 _____ ( ) C:\Windows\system32\lxducomc.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00679936 _____ ( ) C:\Windows\system32\lxduhbn3.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00651264 _____ ( ) C:\Windows\system32\lxdupmui.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00577536 _____ ( ) C:\Windows\system32\lxdulmpm.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00376832 _____ ( ) C:\Windows\system32\lxducomm.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00364544 _____ ( ) C:\Windows\system32\lxduinpa.dll
2015-01-07 08:46 - 2008-05-23 13:16 - 00339968 _____ ( ) C:\Windows\system32\lxduiesc.dll
2015-01-07 08:46 - 2008-05-23 13:06 - 00208896 _____ () C:\Windows\system32\lxdugrd.dll
2015-01-07 08:46 - 2008-05-15 07:12 - 00114688 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduinsr.dll
2015-01-07 08:46 - 2008-05-15 07:12 - 00036864 _____ (Lexmark International, Inc.) C:\Windows\system32\lxducur.dll
2015-01-07 08:46 - 2008-05-15 07:11 - 00147456 _____ (Lexmark International, Inc.) C:\Windows\system32\lxdujswr.dll
2015-01-07 08:46 - 2008-05-06 22:49 - 00200704 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduinsb.dll
2015-01-07 08:46 - 2008-05-06 22:48 - 00090112 _____ (Lexmark International, Inc.) C:\Windows\system32\lxducub.dll
2015-01-07 08:46 - 2008-05-06 22:47 - 00176128 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduins.dll
2015-01-07 08:46 - 2008-05-06 22:47 - 00081920 _____ (Lexmark International, Inc.) C:\Windows\system32\lxducu.dll
2015-01-07 08:46 - 2008-05-06 22:45 - 00524288 _____ (Lexmark International, Inc.) C:\Windows\system32\lxduutil.dll
2015-01-07 08:46 - 2008-05-02 20:26 - 00438272 _____ ( ) C:\Windows\system32\LXDUhcp.dll
2015-01-07 08:46 - 2008-05-02 20:25 - 00389120 _____ () C:\Windows\system32\LXDUinst.dll
2015-01-07 08:46 - 2008-02-21 06:12 - 00077906 _____ (Lexmark International) C:\Windows\system32\LXDUcfg.dll
2015-01-07 08:46 - 2007-10-09 23:27 - 00983121 _____ (Microsoft Corporation) C:\Windows\system32\lxdugf.dll
2015-01-07 08:45 - 2015-01-07 08:58 - 00000000 ____D () C:\Program Files\Lexmark 5600-6600 Series
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-06 12:21 - 2014-12-20 17:40 - 01291571 _____ () C:\Windows\WindowsUpdate.log
2015-02-06 12:13 - 2014-12-20 18:15 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-02-06 12:11 - 2014-12-20 19:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 12:11 - 2009-01-22 06:59 - 00000147 _____ () C:\Windows\system32\agent.log
2015-02-06 12:11 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 12:11 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-06 12:11 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 12:10 - 2008-01-21 03:47 - 04887940 _____ () C:\Windows\PFRO.log
2015-02-06 12:09 - 2006-11-02 14:01 - 00021302 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 12:08 - 2014-12-20 19:01 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 12:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Resources
2015-02-06 11:04 - 2014-12-20 21:01 - 00000000 ____D () C:\Program Files\Java
2015-02-02 19:45 - 2006-11-02 11:33 - 01661528 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-02 17:37 - 2014-12-29 09:01 - 00000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2015-02-02 16:08 - 2014-12-20 17:52 - 00000000 ____D () C:\Users\Doreen Kiele
2015-02-02 16:06 - 2014-12-20 21:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 16:06 - 2014-12-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 16:06 - 2014-12-20 18:56 - 00000000 ____D () C:\Program Files\Avira
2015-02-02 15:56 - 2014-12-20 19:27 - 00000000 ____D () C:\Program Files\Comodo
2015-02-02 15:53 - 2014-12-20 19:27 - 00000000 ____D () C:\ProgramData\Comodo
2015-02-02 15:20 - 2006-11-02 13:47 - 00402808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 22:10 - 2014-12-20 18:46 - 00150528 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 22:07 - 2014-12-20 17:55 - 00114184 _____ () C:\Users\Doreen Kiele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 19:15 - 2008-11-14 03:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-01 13:19 - 2014-12-23 13:22 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\vlc
2015-02-01 12:55 - 2014-12-20 20:54 - 00009398 _____ () C:\Windows\WisAutorun.log
2015-02-01 12:33 - 2014-12-21 10:56 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-01 12:32 - 2014-12-21 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 12:32 - 2014-12-21 10:43 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-01 12:31 - 2014-12-21 10:54 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-01 12:30 - 2014-12-21 10:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\DVDVideoSoft
2015-01-31 20:36 - 2009-01-22 06:55 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll
2015-01-31 19:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-31 18:02 - 2014-12-20 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Video Soft FreeStudio
2015-01-31 18:02 - 2014-12-20 17:54 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\VirtualStore
2015-01-31 16:53 - 2014-12-21 10:43 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\DVDVideoSoft
2015-01-18 22:35 - 2014-12-20 18:18 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\PowerCinema
2015-01-18 22:35 - 2014-12-20 18:16 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-18 21:27 - 2009-01-22 07:39 - 00030226 _____ () C:\Windows\DirectX.log
2015-01-18 21:21 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-18 19:23 - 2009-01-22 07:03 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-18 19:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2015-01-17 17:32 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-14 12:12 - 2014-12-20 21:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:59 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 11:29 - 2014-12-20 18:54 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\PDF Creator
2015-01-13 11:24 - 2009-01-22 07:16 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-13 11:23 - 2014-12-20 18:46 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Adobe
2015-01-11 20:21 - 2006-11-02 13:52 - 00131632 _____ () C:\Windows\setupact.log
2015-01-09 15:51 - 2014-12-20 21:26 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-02-01 18:53 - 2015-02-01 18:53 - 0035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 0000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2014-12-29 09:01 - 2015-02-02 17:37 - 0000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2014-12-20 18:46 - 2015-02-01 22:10 - 0150528 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 18:12 - 2014-12-20 18:13 - 0091953 _____ () C:\Users\Doreen Kiele\AppData\Local\edsinstaller.txt-20141220.log
2014-12-20 18:16 - 2014-12-20 18:20 - 0006065 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-01-07 08:43 - 2015-01-07 08:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Some content of TEMP:
====================
C:\Users\Doreen Kiele\AppData\Local\Temp\avgnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\Quarantine.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-06 12:25
==================== End Of Log ============================
--- --- --- |
|
06.02.2015, 15:30
| #7 |
| | Positive Finds ads auf meinem PC Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-02-2015
Ran by Doreen Kiele at 2015-02-06 12:27:28
Running from C:\Users\Doreen Kiele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3013 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{F2F8821D-9C68-6040-8BF7-FF21D26592B5}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
ccc-core-static (Version: 2008.1210.1623.29379 - Ihr Firmenname) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Free DVD Video Converter version 2.0.25.128 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.128 - DVDVideoSoft Ltd.)
Free Studio version 5.0.9 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free Video Editor version 1.4.10.128 (HKLM\...\Free Video Editor_is1) (Version: 1.4.10.128 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.56.128 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.93 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
Lexmark (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Symbolleiste (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
13-01-2015 11:35:10 Installed PDF Architect 2 View Module
13-01-2015 11:38:14 Installed PDF Architect 2 Create Module
13-01-2015 11:40:04 Installed PDF Architect 2 Edit Module
14-01-2015 11:57:50 Windows Update
17-01-2015 17:46:11 Windows Update
17-01-2015 19:04:43 Installiert USB2.0 Capture Device
18-01-2015 19:13:42 Installiert USB2.0 Capture Device
18-01-2015 19:19:14 Gerätetreiber-Paketinstallation: Syntek America Inc. Bildverarbeitungsgeräte
18-01-2015 19:22:53 Installiert Ulead VideoStudio
18-01-2015 22:23:18 Entfernt Ulead VideoStudio
19-01-2015 10:42:38 Windows Update
23-01-2015 21:19:54 Windows Update
28-01-2015 11:03:53 Windows Update
31-01-2015 20:09:18 Microsoft Visual C++ 2005 Redistributable wird installiert
01-02-2015 12:56:14 Installiert PowerDirector
01-02-2015 19:03:53 Konfiguriert PowerDirector
02-02-2015 15:44:19 Removed COMODO Firewall
02-02-2015 16:04:16 Windows Update
02-02-2015 16:07:51 Gerätetreiber-Paketinstallation: Check Point Software Technologies Ltd. Netzwerkdienst
02-02-2015 19:41:05 Windows Update
06-02-2015 10:56:19 Windows Update
06-02-2015 10:59:59 Removed Java(TM) 6 Update 23
06-02-2015 11:04:54 Removed Search App by Ask
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3C41FE0F-981F-4EAB-A626-62E6FBD50BB4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-25] (Oracle Corporation)
Task: {AA43FBD5-D48C-4B95-AE4A-1A6EEA1239CB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.)
Task: {ACF7FD16-F4A6-4EFE-8918-CA03425D98FB} - System32\Tasks\PresentationSettingsTurnOff_DoreenKiele-PC_Doreen Kiele => C:\Windows\system32\PresentationSettings.exe [2014-12-23] (Microsoft Corporation)
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
Task: {D474A348-5306-4384-BAF9-D18B46930DF2} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {D9317D58-89FE-45F4-BA22-EA179E15D626} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {E2C78A30-5F28-4F78-A14B-1AB89494D0A0} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E95C38D1-EFCF-479C-A943-AF5B573C9360} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2015-01-07] ()
Task: {FE1BEE1C-DE89-4BB2-8AC6-A2BFF145D6E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-20] (Google Inc.)
Task: {FE9597A1-867D-4DB3-97FF-276672C669AD} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2008-09-10 10:57 - 2008-09-10 10:57 - 00372736 _____ () C:\Program Files\Lexmark Toolbar\toolband.dll
2015-01-07 08:48 - 2008-09-10 10:57 - 00458752 _____ () C:\Program Files\Lexmark Toolbar\resource.dll
2015-01-07 08:50 - 2008-05-01 01:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL
2015-01-07 08:49 - 2008-09-10 10:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
2015-01-07 08:58 - 2015-01-07 08:52 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll
2014-12-21 02:32 - 2009-01-07 22:46 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-12-20 18:19 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-01-22 07:17 - 2008-11-28 10:56 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-01-22 07:17 - 2009-01-22 07:17 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3013.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3013.0__672b450de5a7e94a\Framework.Host.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3013.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2014-12-20 18:14 - 2008-09-11 21:20 - 00016384 ____N () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
2014-12-20 18:15 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2014-12-20 18:15 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2014-12-20 18:15 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2014-12-20 18:15 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2009-01-22 07:17 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-22 07:17 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-02-02 21:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-02-02 21:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-12-20 18:10 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-12-21 02:32 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-07-29 17:52 - 2008-07-29 17:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00835584 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2015-01-07 08:47 - 2015-01-07 08:47 - 00676520 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
2015-01-07 08:47 - 2008-09-10 10:56 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00188416 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxdudatr.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
2015-01-07 08:47 - 2008-09-10 10:40 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
2015-01-07 08:48 - 2015-01-07 08:48 - 00025256 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
2015-01-07 08:47 - 2008-05-27 04:36 - 00028672 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2015-01-07 08:47 - 2008-05-27 04:36 - 00036864 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2015-01-07 08:47 - 2008-05-27 04:35 - 00065536 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2015-01-07 08:47 - 2008-03-25 05:53 - 00012288 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2015-01-28 17:23 - 2015-01-25 07:08 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.93\pdf.dll
2015-02-06 11:34 - 2015-02-03 12:22 - 14964912 _____ () C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\PepperFlash\16.0.0.305\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Stk1150.exe:$CmdTcID
AlternateDataStreams: C:\Windows\StkATVAp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayDriverLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cbsra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chsbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chtbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compcln.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrstub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfsr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ff_vfw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FunctionDiscoveryFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigReader.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsilog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducaps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducnv4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxdudrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduvs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LXDUwupd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\milcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexch40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexcl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjet40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjetoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjint40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjter40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjtes40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msltus40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2VDEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd2x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd3x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrepl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msstrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstext40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstlsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswdat10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswstr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetProjW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oobefldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdfcmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propdefs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavenge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetIEInstalledDate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCommDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLLUA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slmgr.vbs:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUINotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spcmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sperror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAProp.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASv2K.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAVFW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAWIA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thawbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxsms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whealogr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcao.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WscEapPr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Dumpata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\exfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mup.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\npfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\raspppoe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\smb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spsys.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkACamd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAMini.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPin.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPipe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkASam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Doreen:$CmdTcID
AlternateDataStreams: C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part:$CmdTcID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doreen Kiele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1531739928-432372518-3359910063-500 - Administrator - Disabled)
Doreen Kiele (S-1-5-21-1531739928-432372518-3359910063-1000 - Administrator - Enabled) => C:\Users\Doreen Kiele
Gast (S-1-5-21-1531739928-432372518-3359910063-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 00:12:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:09:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/06/2015 11:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 11:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:46 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:46 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
System errors:
=============
Error: (02/06/2015 00:12:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/06/2015 00:12:17 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/06/2015 00:12:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/06/2015 11:23:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/06/2015 11:23:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/06/2015 11:23:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/02/2015 11:34:19 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Service Mgr PositiveFinds
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/02/2015 11:32:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Empowering Technology Service
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-06 12:27:16.124
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:15.760
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:15.415
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:15.059
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:14.469
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:14.088
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:13.744
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 12:27:13.393
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 11:45:31.311
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 11:45:30.982
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72
Percentage of memory in use: 61%
Total physical RAM: 2429.36 MB
Available physical RAM: 924.6 MB
Total Pagefile: 5087.29 MB
Available Pagefile: 3029.43 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.13 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:50.99 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:142.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4BFDD482)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
==================== End Of Log ============================
Hallo Sandra, ich bin mal über Start - Acer - Acer Recovery in mein Wiederherstellungssysterm gegangen. Geht nicht mehr. Ich wollte nur mal schauen, wenn es hart auf hart kommt, wegen einer Formatierung. Mein PC bricht sofort ab, schmeißt mich von jetzt auf gleich raus und muss neu hochfahren. Bild kommt " abgesicherte Modus" oder normal Windows starten. Ich bin jetzt immer auf normal Windows starten gegangen. War jetzt 3x auf meiner Recovery Seite. Jedesmal Absturz. Wie kann ich im Notfall formatieren? Ich nochmal. Habe Google Chrome von meinem Rechner deinstalliert und wieder neu installiert. Bis jetzt ist Werbung weg. Problem mit Acer Recovery besteht weiter. Ist doch noch was auf meinem Rechner (Virus etc.)? |
|
07.02.2015, 01:47
| #8 | ||
| Ruhe in Frieden † 2019 | Positive Finds ads auf meinem PC Hallo, Zitat:
Zitat:
Schritt 1 Starte noch einmal FRST.
|
|
07.02.2015, 21:23
| #9 |
| | Positive Finds ads auf meinem PC FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-02-2015
Ran by Doreen Kiele (administrator) on DOREENKIELE-PC on 07-02-2015 21:04:14
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxducoms.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Check Point Software Technologies Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Realtek Semiconductor Corp.) C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Microsoft Corporation) C:\Windows\ehome\mcupdate.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-10-08] (CyberLink)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2014-12-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2015-01-07] ()
HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2015-01-07] ()
HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2015-01-07] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2014-12-31] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Lexmark Symbolleiste -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Lexmark -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Extension: Avira Browser Safety - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\abs@avira.com [2014-12-20]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-20]
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-13]
FF HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-21]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Präsentationen) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (STERN.DE) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apeagpappkcpkenmhnofdpfpaminilfj [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Daylight Karte & Time Zone) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\chkjdbfmbgffpbmkihefmpmeonemloom [2015-02-06]
CHR Extension: (Candy Matcher Deluxe) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2015-02-06]
CHR Extension: (Google Tabellen) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browserschutz) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (World of Solitaire) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2015-02-06]
CHR Extension: (KCals Kalorienzähler) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipifmjfbmblepifflinikiiboakalboc [2015-02-06]
CHR Extension: (eBay Deutschland) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknjndilpbgfjegfncoipgnhficfffoa [2015-02-06]
CHR Extension: (Tetris) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhicelaffdlcajmemnjfccipcemjlki [2015-02-06]
CHR Extension: (Gute Mathe-Fragen!) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhdclppneongknbjpmifccllhgipanc [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Bubble Shooter) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk [2015-02-06]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2015-02-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [178424 2014-12-31] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2015-01-07] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [594600 2015-01-07] ( )
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2015-01-13] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2015-01-13] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2015-01-18] (Syntek America Inc.) [File not signed]
R2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2009-01-07] (Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-01-07] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-12-20] (Avira Operations GmbH & Co. KG)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [150560 2008-08-26] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2015-01-18] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2015-01-18] (Syntek America Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2008-10-17] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 21:04 - 2015-02-07 21:05 - 00024441 _____ () C:\Users\Doreen Kiele\Desktop\FRST.txt
2015-02-06 15:21 - 2015-02-06 15:21 - 00142984 _____ () C:\Windows\Minidump\Mini020615-04.dmp
2015-02-06 15:11 - 2015-02-06 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-06 15:08 - 2015-02-07 21:02 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 15:08 - 2015-02-07 21:00 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 14:21 - 2015-02-06 14:22 - 00142984 _____ () C:\Windows\Minidump\Mini020615-03.dmp
2015-02-06 14:15 - 2015-02-06 14:15 - 00142984 _____ () C:\Windows\Minidump\Mini020615-02.dmp
2015-02-06 14:08 - 2015-02-06 15:21 - 259947364 _____ () C:\Windows\MEMORY.DMP
2015-02-06 14:08 - 2015-02-06 15:21 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 14:08 - 2015-02-06 14:08 - 00142984 _____ () C:\Windows\Minidump\Mini020615-01.dmp
2015-02-06 12:21 - 2015-02-06 12:21 - 00000903 _____ () C:\Users\Doreen Kiele\Desktop\mbam - Verknüpfung.lnk
2015-02-06 11:34 - 2015-02-06 12:21 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-06 11:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 11:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 11:34 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 11:32 - 2015-02-06 11:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Doreen Kiele\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-06 11:14 - 2015-02-06 11:18 - 00000000 ____D () C:\AdwCleaner
2015-02-06 11:10 - 2015-02-06 11:10 - 02112512 _____ () C:\Users\Doreen Kiele\Desktop\AdwCleaner_4.110.exe
2015-02-05 21:25 - 2015-02-07 21:04 - 00000000 ____D () C:\FRST
2015-02-05 21:22 - 2015-02-07 21:03 - 01124352 _____ (Farbar) C:\Users\Doreen Kiele\Desktop\FRST.exe
2015-02-02 21:48 - 2006-09-18 22:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150202-214813.backup
2015-02-02 21:38 - 2015-02-06 15:22 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-05 21:09 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-02 21:42 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-02 21:37 - 2015-02-02 21:37 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:37 - 2015-02-02 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-02 21:37 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-02 21:36 - 2015-02-02 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:36 - 2015-02-02 22:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-02 16:07 - 2015-02-02 16:09 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-02-02 16:07 - 2015-02-02 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-02-02 16:04 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-02 15:49 - 2015-02-02 16:07 - 00000000 ____D () C:\Program Files\CheckPoint
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-01 20:19 - 2015-02-01 20:19 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm
2015-02-01 18:53 - 2015-02-01 18:53 - 00035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 00000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2015-02-01 18:53 - 2015-02-01 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp
2015-02-01 13:20 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\CyberLink
2015-02-01 12:32 - 2015-02-01 12:32 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\FreeVideoEditor
2015-01-31 19:56 - 2015-01-31 19:56 - 00000104 _____ () C:\Users\Doreen Kiele\Computer - Verknüpfung.lnk
2015-01-31 17:29 - 2015-01-31 17:29 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Datenrettung
2015-01-30 18:49 - 2015-01-30 18:49 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\dvdcss
2015-01-30 18:24 - 2015-01-30 18:24 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2015-01-30 18:23 - 2015-01-30 18:23 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Canneverbe Limited
2015-01-30 18:11 - 2015-01-31 19:57 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Brennprogramm
2015-01-30 17:51 - 2015-01-30 17:51 - 00000000 ____D () C:\ProgramData\NtiDvdCopy
2015-01-18 22:44 - 2015-01-18 22:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\DVDVideoSoft_Ltd
2015-01-18 21:21 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\CyberLink
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\SoftDMA
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\PlayMovie
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\CyberLink
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Acer Arcade Deluxe
2015-01-18 21:21 - 2015-01-18 21:21 - 00000000 ____D () C:\ProgramData\PlayMovie
2015-01-18 20:07 - 2015-01-18 21:46 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\Ulead VideoStudio SE
2015-01-18 19:39 - 2015-01-18 20:11 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Ulead Systems
2015-01-18 19:25 - 2015-01-18 19:25 - 00000000 ____D () C:\ProgramData\InstallShield
2015-01-18 19:23 - 2015-01-18 22:24 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-01-18 19:19 - 2015-01-18 19:19 - 10479603 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAPipe.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00653988 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAPin.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00242728 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkACamd.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00241628 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkAMini.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00106496 _____ (Syntek America Inc.) C:\Windows\Stk1150.exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00053248 _____ (Syntek America Inc.) C:\Windows\system32\StkAWIA.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00053248 _____ (Syntek America Inc.) C:\Windows\system32\StkAProp.ax
2015-01-18 19:19 - 2015-01-18 19:19 - 00045056 _____ (Syntek America Inc.) C:\Windows\system32\StkAVFW.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00024576 _____ (Syntek America Inc.) C:\Windows\system32\StkASv2K.exe
2015-01-18 19:19 - 2015-01-18 19:19 - 00024576 _____ (Syntek America Inc.) C:\Windows\system32\StkASSrv.dll
2015-01-18 19:19 - 2015-01-18 19:19 - 00018754 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkASam.sys
2015-01-18 19:19 - 2015-01-18 19:19 - 00004772 _____ (Syntek America Inc.) C:\Windows\system32\Drivers\StkScan.sys
2015-01-18 19:19 - 2006-07-18 06:46 - 00061440 _____ (Syntek America Inc.) C:\Windows\StkATVAp.exe
2015-01-18 19:14 - 2015-01-18 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB2.0 Capture Device
2015-01-17 17:21 - 2015-01-17 17:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\5600-6600 Series
2015-01-14 12:12 - 2015-01-14 12:12 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 12:08 - 2015-01-19 19:00 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Microsoft Games
2015-01-14 11:59 - 2015-01-14 11:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 11:59 - 2015-01-14 11:59 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-14 11:59 - 2015-01-14 11:59 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-14 11:58 - 2015-01-14 11:58 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 11:38 - 2015-01-13 11:38 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\PDF Architect 2
2015-01-13 11:36 - 2015-01-13 11:36 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\PDFCreator
2015-01-13 11:36 - 2015-01-13 11:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2015-01-13 11:35 - 2015-01-13 11:40 - 00000000 ____D () C:\Program Files\PDF Architect 2
2015-01-13 11:35 - 2015-01-13 11:35 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\PDF Architect 2
2015-01-13 11:32 - 2015-01-13 11:41 - 00000000 ____D () C:\Program Files\PDFCreator
2015-01-13 11:32 - 2015-01-13 11:32 - 00098488 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2015-01-13 11:32 - 2015-01-13 11:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-07 21:02 - 2014-12-20 17:40 - 01307189 _____ () C:\Windows\WindowsUpdate.log
2015-02-07 21:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-07 21:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-06 15:23 - 2014-12-20 18:15 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-02-06 15:22 - 2009-01-22 06:59 - 00000147 _____ () C:\Windows\system32\agent.log
2015-02-06 15:22 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-06 15:21 - 2008-01-21 03:47 - 04936506 _____ () C:\Windows\PFRO.log
2015-02-06 15:11 - 2014-12-20 17:55 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Google
2015-02-06 15:11 - 2014-12-20 17:53 - 00000000 ____D () C:\Program Files\Google
2015-02-06 14:56 - 2014-12-25 22:00 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-06 12:09 - 2006-11-02 14:01 - 00022342 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-06 12:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Resources
2015-02-06 11:04 - 2014-12-20 21:01 - 00000000 ____D () C:\Program Files\Java
2015-02-02 23:50 - 2015-01-07 09:02 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-02-02 19:45 - 2006-11-02 11:33 - 01661528 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-02 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-02 17:37 - 2014-12-29 09:01 - 00000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2015-02-02 16:08 - 2014-12-20 17:52 - 00000000 ____D () C:\Users\Doreen Kiele
2015-02-02 16:06 - 2014-12-20 21:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-02 16:06 - 2014-12-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-02 16:06 - 2014-12-20 18:56 - 00000000 ____D () C:\Program Files\Avira
2015-02-02 15:56 - 2014-12-20 19:27 - 00000000 ____D () C:\Program Files\Comodo
2015-02-02 15:53 - 2014-12-20 19:27 - 00000000 ____D () C:\ProgramData\Comodo
2015-02-02 15:20 - 2006-11-02 13:47 - 00402808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 22:10 - 2014-12-20 18:46 - 00150528 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 22:07 - 2014-12-20 17:55 - 00114184 _____ () C:\Users\Doreen Kiele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 19:15 - 2008-11-14 03:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-01 13:19 - 2014-12-23 13:22 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\vlc
2015-02-01 12:55 - 2014-12-20 20:54 - 00009398 _____ () C:\Windows\WisAutorun.log
2015-02-01 12:33 - 2014-12-21 10:56 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-01 12:32 - 2014-12-21 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 12:32 - 2014-12-21 10:43 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-01 12:31 - 2014-12-21 10:54 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-01 12:30 - 2014-12-21 10:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\DVDVideoSoft
2015-01-31 20:36 - 2009-01-22 06:55 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll
2015-01-31 19:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-31 18:02 - 2014-12-20 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Video Soft FreeStudio
2015-01-31 18:02 - 2014-12-20 17:54 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\VirtualStore
2015-01-31 16:53 - 2014-12-21 10:43 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\DVDVideoSoft
2015-01-18 22:35 - 2014-12-20 18:18 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\PowerCinema
2015-01-18 22:35 - 2014-12-20 18:16 - 00000000 ____D () C:\ProgramData\CyberLink
2015-01-18 21:27 - 2009-01-22 07:39 - 00030226 _____ () C:\Windows\DirectX.log
2015-01-18 21:21 - 2006-11-02 13:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-01-18 19:23 - 2009-01-22 07:03 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-01-18 19:19 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\twain_32
2015-01-17 17:32 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-14 12:12 - 2014-12-20 21:27 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 11:59 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-13 11:29 - 2014-12-20 18:54 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\PDF Creator
2015-01-13 11:24 - 2009-01-22 07:16 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-13 11:23 - 2014-12-20 18:46 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Adobe
2015-01-11 20:21 - 2006-11-02 13:52 - 00131632 _____ () C:\Windows\setupact.log
2015-01-09 15:51 - 2014-12-20 21:26 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-02-01 18:53 - 2015-02-01 18:53 - 0035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 0000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2014-12-29 09:01 - 2015-02-02 17:37 - 0000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2014-12-20 18:46 - 2015-02-01 22:10 - 0150528 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 18:12 - 2014-12-20 18:13 - 0091953 _____ () C:\Users\Doreen Kiele\AppData\Local\edsinstaller.txt-20141220.log
2014-12-20 18:16 - 2014-12-20 18:20 - 0006065 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-01-07 08:43 - 2015-01-07 08:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Some content of TEMP:
====================
C:\Users\Doreen Kiele\AppData\Local\Temp\avgnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\Quarantine.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-06 15:28
==================== End Of Log ============================
--- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-02-2015
Ran by Doreen Kiele at 2015-02-07 21:05:40
Running from C:\Users\Doreen Kiele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3013 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{F2F8821D-9C68-6040-8BF7-FF21D26592B5}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
ccc-core-static (Version: 2008.1210.1623.29379 - Ihr Firmenname) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Free DVD Video Converter version 2.0.25.128 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.128 - DVDVideoSoft Ltd.)
Free Studio version 5.0.9 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free Video Editor version 1.4.10.128 (HKLM\...\Free Video Editor_is1) (Version: 1.4.10.128 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.56.128 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
Lexmark (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Symbolleiste (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
13-01-2015 11:35:10 Installed PDF Architect 2 View Module
13-01-2015 11:38:14 Installed PDF Architect 2 Create Module
13-01-2015 11:40:04 Installed PDF Architect 2 Edit Module
14-01-2015 11:57:50 Windows Update
17-01-2015 17:46:11 Windows Update
17-01-2015 19:04:43 Installiert USB2.0 Capture Device
18-01-2015 19:13:42 Installiert USB2.0 Capture Device
18-01-2015 19:19:14 Gerätetreiber-Paketinstallation: Syntek America Inc. Bildverarbeitungsgeräte
18-01-2015 19:22:53 Installiert Ulead VideoStudio
18-01-2015 22:23:18 Entfernt Ulead VideoStudio
19-01-2015 10:42:38 Windows Update
23-01-2015 21:19:54 Windows Update
28-01-2015 11:03:53 Windows Update
31-01-2015 20:09:18 Microsoft Visual C++ 2005 Redistributable wird installiert
01-02-2015 12:56:14 Installiert PowerDirector
01-02-2015 19:03:53 Konfiguriert PowerDirector
02-02-2015 15:44:19 Removed COMODO Firewall
02-02-2015 16:04:16 Windows Update
02-02-2015 16:07:51 Gerätetreiber-Paketinstallation: Check Point Software Technologies Ltd. Netzwerkdienst
02-02-2015 19:41:05 Windows Update
06-02-2015 10:56:19 Windows Update
06-02-2015 10:59:59 Removed Java(TM) 6 Update 23
06-02-2015 11:04:54 Removed Search App by Ask
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3C41FE0F-981F-4EAB-A626-62E6FBD50BB4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-25] (Oracle Corporation)
Task: {88B8AFEB-6370-42D2-A9B2-DBBFB5F3503B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
Task: {D474A348-5306-4384-BAF9-D18B46930DF2} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {D9317D58-89FE-45F4-BA22-EA179E15D626} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {E2C78A30-5F28-4F78-A14B-1AB89494D0A0} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E35FD31F-2D85-4E2B-9854-3B4E5F860B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {E95C38D1-EFCF-479C-A943-AF5B573C9360} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2015-01-07] ()
Task: {EDD879BF-569E-45E5-A256-B184D562A9A6} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2015-02-02 21:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-07 08:50 - 2008-05-01 01:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL
2015-01-07 08:49 - 2008-09-10 10:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
2015-01-07 08:58 - 2015-01-07 08:52 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll
2014-12-21 02:32 - 2009-01-07 22:46 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-12-20 18:19 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-01-22 07:17 - 2008-11-28 10:56 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-01-22 07:17 - 2009-01-22 07:17 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3013.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3013.0__672b450de5a7e94a\Framework.Host.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3013.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2014-12-20 18:14 - 2008-09-11 21:20 - 00016384 ____N () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
2014-12-20 18:15 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2014-12-20 18:15 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2014-12-20 18:15 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2014-12-20 18:15 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2009-01-22 07:17 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-22 07:17 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-02-02 21:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-12-20 18:10 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-12-21 02:32 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-07-29 17:52 - 2008-07-29 17:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00835584 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2015-01-07 08:47 - 2015-01-07 08:47 - 00676520 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
2015-01-07 08:47 - 2008-09-10 10:56 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00188416 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxdudatr.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
2015-01-07 08:47 - 2008-09-10 10:40 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
2015-01-07 08:48 - 2015-01-07 08:48 - 00025256 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
2015-01-07 08:47 - 2008-05-27 04:36 - 00028672 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2015-01-07 08:47 - 2008-05-27 04:36 - 00036864 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2015-01-07 08:47 - 2008-05-27 04:35 - 00065536 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2015-01-07 08:47 - 2008-03-25 05:53 - 00012288 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2015-02-06 15:11 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Stk1150.exe:$CmdTcID
AlternateDataStreams: C:\Windows\StkATVAp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayDriverLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cbsra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chsbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chtbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compcln.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrstub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfsr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ff_vfw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FunctionDiscoveryFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigReader.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsilog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducaps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducnv4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxdudrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduvs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LXDUwupd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\milcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MpSigStub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexch40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexcl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjet40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjetoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjint40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjter40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjtes40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msltus40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2VDEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd2x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd3x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrepl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msstrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstext40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstlsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswdat10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswstr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetProjW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oobefldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdfcmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propdefs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavenge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetIEInstalledDate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCommDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLLUA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slmgr.vbs:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUINotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spcmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sperror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAProp.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASv2K.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAVFW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAWIA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thawbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxsms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whealogr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcao.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WscEapPr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Dumpata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\exfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mup.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\npfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\raspppoe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\smb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spsys.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkACamd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAMini.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPin.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPipe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkASam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Doreen:$CmdTcID
AlternateDataStreams: C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part:$CmdTcID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Registry Areas =====================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doreen Kiele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1531739928-432372518-3359910063-500 - Administrator - Disabled)
Doreen Kiele (S-1-5-21-1531739928-432372518-3359910063-1000 - Administrator - Enabled) => C:\Users\Doreen Kiele
Gast (S-1-5-21-1531739928-432372518-3359910063-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/06/2015 03:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 02:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 02:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 02:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:12:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:09:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (02/06/2015 11:23:35 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 11:05:50 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
Error: (02/06/2015 11:05:47 AM) (Source: MsiInstaller) (EventID: 10005) (User: DoreenKiele-PC)
Description: Produkt: Search App by Ask -- Fehler 25001. Die folgenden Anwendungen sollten geschlossen werden, bevor Sie mit der Deinstallation fortfahren:
Google Chrome
System errors:
=============
Error: (02/06/2015 03:23:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/06/2015 03:23:10 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/06/2015 03:23:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/06/2015 03:21:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 06.02.2015 um 15:19:39 unerwartet heruntergefahren.
Error: (02/06/2015 02:56:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
Error: (02/06/2015 02:56:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
Error: (02/06/2015 02:56:21 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (02/06/2015 02:23:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/06/2015 02:23:02 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/06/2015 02:23:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-07 21:05:27.243
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:26.962
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:26.681
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:26.401
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:25.886
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:25.558
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:25.246
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:24.950
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 15:26:30.171
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-06 15:26:29.738
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72
Percentage of memory in use: 54%
Total physical RAM: 2429.36 MB
Available physical RAM: 1100.35 MB
Total Pagefile: 5089.3 MB
Available Pagefile: 3317.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.13 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:50.48 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:142.53 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4BFDD482)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
==================== End Of Log ============================
|
|
11.02.2015, 21:45
| #10 |
| Ruhe in Frieden † 2019 | Positive Finds ads auf meinem PC Hallo Doreen, hattest du jemals etwas von Comodo auf dem Rechner, eine Firewall oder so? Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Bitte schau nochmal in Malwarebytes nach dem Suchlaufslog, das ist das Schutzprotokoll.
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
|
19.02.2015, 18:46
| #11 |
| | Positive Finds ads auf meinem PC Hallo Sandra, ja ich hatte die Comodo Firewall auf meinem Rechner. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Doreen Kiele at 2015-02-19 18:33:50 Run:1
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran_helper" => Key deleted successfully.
==== End of Fixlog 18:33:51 ====
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Doreen Kiele at 2015-02-19 18:33:50 Run:1
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran_helper" => Key deleted successfully.
==== End of Fixlog 18:33:51 ====
Ran by Doreen Kiele at 2015-02-19 18:33:50 Run:1 Running from C:\Users\Doreen Kiele\Desktop Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele) Boot Mode: Normal ============================================== Content of fixlist: ***************** Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION ***************** "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran_helper" => Key deleted successfully. ==== End of Fixlog 18:33:51 ==== Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Doreen Kiele at 2015-02-19 18:33:50 Run:1
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran_helper" => Key deleted successfully.
==== End of Fixlog 18:33:51 ====
Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-02-2015 01
Ran by Doreen Kiele at 2015-02-19 18:33:50 Run:1
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Task: {D465151C-39D3-4FD1-9CE6-5A21537444DC} - \Vosteran_helper No Task File <==== ATTENTION
*****************
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D465151C-39D3-4FD1-9CE6-5A21537444DC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Vosteran_helper" => Key deleted successfully.
==== End of Fixlog 18:33:51 ====
|
|
20.02.2015, 19:04
| #13 |
| | Positive Finds ads auf meinem PCCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=60f40d9f186a1849a070bfd5436ccf46
# engine=22569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-20 05:42:36
# local_time=2015-02-20 06:42:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12760 289873846 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 92991 261986884 0 0
# scanned=150722
# found=20
# cleaned=0
# scan_time=8231
sh=F0F5B2B2A8F1266F078EAC065D1AB1B3D935A3B8 ft=1 fh=c0734ba43d6b8974 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.bak.vir"
sh=477A6801C296326E3DE8963AE47D928AA2D3FC50 ft=1 fh=ed994ff798b577a2 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe.vir"
sh=AE649D323EBE08A3CC3D28E481E4B9C7AC871A32 ft=1 fh=546b44de567eae48 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.bak.vir"
sh=77A467D498ABE07A2710320C72B49859A79DAF55 ft=1 fh=bb4597b650626505 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe.vir"
sh=D3567903D9B6BA084529AD2F9ED9B540FB8617A6 ft=1 fh=1cc9cda3a3d834d7 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe.vir"
sh=747648AD8512446187188B604CE608083A6FDC5C ft=1 fh=856be0a504e2a672 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4\Plugin.exe.vir"
sh=DF9F7BE9EC6F129904626FD386DD21FD5BF39F03 ft=1 fh=f352b141ff18eb38 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4bak\Plugin.exe.vir"
sh=20DF02688FA92DE130C4A5404344927D9460CCAB ft=1 fh=265fe55342ab94e2 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe.vir"
sh=A510CAC998B50E82AF15ADE3652B5EDC1F6621DA ft=1 fh=c5234e3a08d587b8 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5bak\Plugin.exe.vir"
sh=A7EBE3516D41856BEB857840E8A7BDF4C0D1D8D4 ft=1 fh=2c654288d370e6bb vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe.vir"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CheckPoint\Install\CUninstallerZA.exe"
sh=AD9F3DAA348EEA4E74B2FAD65EA492F32CA72339 ft=1 fh=ce06389d744632d2 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CheckPoint\Install\zatb.exe"
sh=BD8AB435B2015A9689ADA1D0DC07D10D981B9223 ft=1 fh=3c4f65125da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\Audio Codes\k-lite-codec-pack.exe"
sh=8733E77E5057B75AAA9B6986CF5D5FC9FCE3AC7D ft=1 fh=52ffd16b543cdbea vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\Brennprogramm\Nero Lite - CHIP-Installer.exe"
sh=10C159CED3251D94AD8A4126C9005789CDBF55E6 ft=1 fh=70f2756a7af575ff vn="Win32/FusionCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm\22729_DVDStyler-2.8.1-win32.exe"
sh=50FB7E65AA068DB8251A88E363F775B0DEFA5688 ft=1 fh=56b2b0471fa8b26b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\DVD Shrink\ShrinkTo5 - 2. Tonspur entfernen.exe"
sh=2AB20B5FB718DC8D006F0F8A11C250FA44EED984 ft=1 fh=17b2900a6c3a46de vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\PDF Creator\PDFCreator-2_0_1-setup.exe"
sh=56E762C27ACFD52F1A5482121C4FAD9066D759C0 ft=1 fh=c662d7d46d6c31c5 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="H:\DB\Downloads\SoftonicDownloader_fuer_fat32-format.exe"
sh=50FB7E65AA068DB8251A88E363F775B0DEFA5688 ft=1 fh=56b2b0471fa8b26b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="H:\DB\Downloads\DVD Shrink\ShrinkTo5 - 2. Tonspur entfernen.exe"
sh=BD8AB435B2015A9689ADA1D0DC07D10D981B9223 ft=1 fh=3c4f65125da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\DB\Downloads\Audio Codes\k-lite-codec-pack.exe"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=60f40d9f186a1849a070bfd5436ccf46
# engine=22569
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-02-20 05:42:36
# local_time=2015-02-20 06:42:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 12760 289873846 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 92991 261986884 0 0
# scanned=150722
# found=20
# cleaned=0
# scan_time=8231
sh=F0F5B2B2A8F1266F078EAC065D1AB1B3D935A3B8 ft=1 fh=c0734ba43d6b8974 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.bak.vir"
sh=477A6801C296326E3DE8963AE47D928AA2D3FC50 ft=1 fh=ed994ff798b577a2 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Common Files\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\updater.exe.vir"
sh=AE649D323EBE08A3CC3D28E481E4B9C7AC871A32 ft=1 fh=546b44de567eae48 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.bak.vir"
sh=77A467D498ABE07A2710320C72B49859A79DAF55 ft=1 fh=bb4597b650626505 vn="Variante von Win32/BrowseFox.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugincontainer.exe.vir"
sh=D3567903D9B6BA084529AD2F9ED9B540FB8617A6 ft=1 fh=1cc9cda3a3d834d7 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\3\Plugin.exe.vir"
sh=747648AD8512446187188B604CE608083A6FDC5C ft=1 fh=856be0a504e2a672 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4\Plugin.exe.vir"
sh=DF9F7BE9EC6F129904626FD386DD21FD5BF39F03 ft=1 fh=f352b141ff18eb38 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\4bak\Plugin.exe.vir"
sh=20DF02688FA92DE130C4A5404344927D9460CCAB ft=1 fh=265fe55342ab94e2 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5\Plugin.exe.vir"
sh=A510CAC998B50E82AF15ADE3652B5EDC1F6621DA ft=1 fh=c5234e3a08d587b8 vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\5bak\Plugin.exe.vir"
sh=A7EBE3516D41856BEB857840E8A7BDF4C0D1D8D4 ft=1 fh=2c654288d370e6bb vn="Variante von Win32/BrowseFox.AF evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\d2d4a9d3-f3f1-4c52-8d3f-dddc91fe0602\plugins\8\Plugin.exe.vir"
sh=C25E453070C795849C94FCB0311ED1DDD4F7B74D ft=1 fh=a07ba6255bd749e6 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CheckPoint\Install\CUninstallerZA.exe"
sh=AD9F3DAA348EEA4E74B2FAD65EA492F32CA72339 ft=1 fh=ce06389d744632d2 vn="Win32/Toolbar.Montiera.I evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files\CheckPoint\Install\zatb.exe"
sh=BD8AB435B2015A9689ADA1D0DC07D10D981B9223 ft=1 fh=3c4f65125da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\Audio Codes\k-lite-codec-pack.exe"
sh=8733E77E5057B75AAA9B6986CF5D5FC9FCE3AC7D ft=1 fh=52ffd16b543cdbea vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\Brennprogramm\Nero Lite - CHIP-Installer.exe"
sh=10C159CED3251D94AD8A4126C9005789CDBF55E6 ft=1 fh=70f2756a7af575ff vn="Win32/FusionCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm\22729_DVDStyler-2.8.1-win32.exe"
sh=50FB7E65AA068DB8251A88E363F775B0DEFA5688 ft=1 fh=56b2b0471fa8b26b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\DVD Shrink\ShrinkTo5 - 2. Tonspur entfernen.exe"
sh=2AB20B5FB718DC8D006F0F8A11C250FA44EED984 ft=1 fh=17b2900a6c3a46de vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Doreen Kiele\Downloads\PDF Creator\PDFCreator-2_0_1-setup.exe"
sh=56E762C27ACFD52F1A5482121C4FAD9066D759C0 ft=1 fh=c662d7d46d6c31c5 vn="Variante von Win32/SoftonicDownloader.G evtl. unerwünschte Anwendung" ac=I fn="H:\DB\Downloads\SoftonicDownloader_fuer_fat32-format.exe"
sh=50FB7E65AA068DB8251A88E363F775B0DEFA5688 ft=1 fh=56b2b0471fa8b26b vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="H:\DB\Downloads\DVD Shrink\ShrinkTo5 - 2. Tonspur entfernen.exe"
sh=BD8AB435B2015A9689ADA1D0DC07D10D981B9223 ft=1 fh=3c4f65125da59869 vn="Win32/SoftonicDownloader.A evtl. unerwünschte Anwendung" ac=I fn="H:\DB\Downloads\Audio Codes\k-lite-codec-pack.exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-02-2015 01
Ran by Doreen Kiele (administrator) on DOREENKIELE-PC on 20-02-2015 18:57:46
Running from C:\Users\Doreen Kiele\Desktop
Loaded Profiles: Doreen Kiele (Available profiles: Doreen Kiele)
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
() C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
( ) C:\Windows\System32\lxducoms.exe
() C:\Acer\Mobility Center\MobilityService.exe
(NewTech InfoSystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Syntek America Inc.) C:\Windows\System32\StkASv2K.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Check Point Software Technologies, Ltd.) C:\Program Files\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
() C:\Windows\PLFSetI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Egis Incorporated) C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Acer Incorporated) C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
(CyberLink Corp.) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
(CyberLink) C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\Lexmark 5600-6600 Series\lxdumsdmon.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor Corp.) C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-25] (Synaptics, Inc.)
HKLM\...\Run: [BkupTray] => C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe [28672 2008-04-25] ()
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6294048 2008-09-19] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Windows\Skytel.exe [1833504 2008-09-19] (Realtek Semiconductor Corp.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2007-10-23] ()
HKLM\...\Run: [LManager] => C:\Program Files\Launch Manager\LManager.exe [858632 2008-12-17] (Dritek System Inc.)
HKLM\...\Run: [eDataSecurity Loader] => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe [526896 2008-07-29] (Egis Incorporated)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [405504 2008-08-01] (Acer Inc.)
HKLM\...\Run: [eAudio] => C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe [544768 2008-09-11] (Acer Incorporated)
HKLM\...\Run: [ArcadeDeluxeAgent] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [147456 2008-10-08] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] => C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe [167936 2008-10-08] (CyberLink)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-20] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2014-12-21] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [lxdumon.exe] => C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe [676520 2015-01-07] ()
HKLM\...\Run: [lxduamon] => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [16040 2015-01-07] ()
HKLM\...\Run: [Lexmark 5600-6600 Series Fax Server] => C:\Program Files\Lexmark 5600-6600 Series\fm3032.exe [311976 2015-01-07] ()
HKLM\...\Run: [ZoneAlarm] => C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe [134624 2014-07-23] (Check Point Software Technologies Ltd.)
HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc.)
BootExecute: autocheck autochk * sdnclean.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=1214&m=aspire_8530
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com
SearchScopes: HKLM -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =
SearchScopes: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Lexmark Symbolleiste -> {1017A80C-6F09-4548-A84D-EDD6AC9525F0} -> C:\Program Files\Lexmark Toolbar\toolband.dll ()
BHO: PDF Architect Helper -> {691B33B0-B86E-47F3-81C7-56E4FE3B929C} -> C:\Program Files\PDF Architect 2\creator-ie-helper.dll (pdfforge GmbH)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: ShowBarObj Class -> {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} -> C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
BHO: Lexmark -> {D2C5E510-BE6D-42CC-9F61-E4F939078474} -> C:\Program Files\Lexmark Printable Web\bho.dll ()
Toolbar: HKLM - Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
Toolbar: HKLM - Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
Toolbar: HKLM - PDF Architect Toolbar - {DEEB13D7-CEA9-45FB-B77C-E039BEC85221} - C:\Program Files\PDF Architect 2\creator-ie-plugin.dll (pdfforge GmbH)
Toolbar: HKU\S-1-5-21-1531739928-432372518-3359910063-1000 -> Lexmark Symbolleiste - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: PDF Architect 2 -> C:\Program Files\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Extension: Avira Browser Safety - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\abs@avira.com [2014-12-20]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Doreen Kiele\AppData\Roaming\Mozilla\Firefox\Profiles\bdSeA9l8.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900} [2014-12-21]
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Mozilla Firefox\browser\extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2014-12-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-12-20]
FF HKLM\...\Firefox\Extensions: [pdf_architect_2_conv@pdfarchitect.org] - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension
FF Extension: PDF Architect 2 Creator - C:\Program Files\PDF Architect 2\resources\pdfarchitect2firefoxextension [2015-01-13]
FF HKU\S-1-5-21-1531739928-432372518-3359910063-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-12-21]
Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-06]
CHR Extension: (STERN.DE) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\apeagpappkcpkenmhnofdpfpaminilfj [2015-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-06]
CHR Extension: (YouTube) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-06]
CHR Extension: (Daylight Map & Time Zone) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\chkjdbfmbgffpbmkihefmpmeonemloom [2015-02-06]
CHR Extension: (Candy Matcher Deluxe) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehehgijaidopomcfpkigakimeoglkjpa [2015-02-06]
CHR Extension: (Google Sheets) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-06]
CHR Extension: (Avira Browser Safety) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2015-02-06]
CHR Extension: (World of Solitaire) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2015-02-06]
CHR Extension: (KCals Calorie Counter) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipifmjfbmblepifflinikiiboakalboc [2015-02-06]
CHR Extension: (eBay Deutschland) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\jknjndilpbgfjegfncoipgnhficfffoa [2015-02-06]
CHR Extension: (Tetris) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdhicelaffdlcajmemnjfccipcemjlki [2015-02-06]
CHR Extension: (Gute Mathe-Fragen!) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhdclppneongknbjpmifccllhgipanc [2015-02-06]
CHR Extension: (Google Wallet) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-06]
CHR Extension: (Bubble Shooter) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omenbmgpkbkmloombbdefdpfcclpcjdk [2015-02-06]
CHR Extension: (TV Movie Fernsehprogramm) - C:\Users\Doreen Kiele\AppData\Local\Google\Chrome\User Data\Default\Extensions\omigcnbanchckjpihkioagdjjdhkhhdh [2015-02-06]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [992560 2014-12-20] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG)
R2 BUNAgentSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [16384 2008-03-03] (NewTech Infosystems, Inc.) [File not signed]
R2 CLHNService; C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [69632 2008-10-04] () [File not signed]
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2008-11-28] () [File not signed]
R2 LightScribeService; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [61440 2007-01-17] (Hewlett-Packard Company) [File not signed]
S2 lxduCATSCustConnectService; C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxduserv.exe [98984 2015-01-07] (Lexmark International, Inc.)
R2 lxdu_device; C:\Windows\system32\lxducoms.exe [594600 2015-01-07] ( )
R2 MobilityService; C:\Acer\Mobility Center\MobilityService.exe [110592 2007-12-06] () [File not signed]
R2 NTIBackupSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [45056 2008-04-25] (NewTech InfoSystems, Inc.) [File not signed]
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [131072 2008-04-25] () [File not signed]
S3 PDF Architect 2; C:\Program Files\PDF Architect 2\ws.exe [1771560 2015-01-13] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files\PDF Architect 2\crash-handler-ws.exe [861736 2015-01-13] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 StkASSrv; C:\Windows\System32\StkASv2K.exe [24576 2015-01-18] (Syntek America Inc.) [File not signed]
S2 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe [3596240 2014-07-23] (Check Point Software Technologies Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [93712 2014-07-03] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2009-01-07] (Advanced Micro Devices, Inc)
R3 amdkmdag; C:\Windows\System32\DRIVERS\atipmdag.sys [4172288 2009-01-07] (ATI Technologies Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-12-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2014-12-20] (Avira Operations GmbH & Co. KG)
R3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2008-10-08] (Windows (R) Codename Longhorn DDK provider)
R3 nuvotonhidgeneric; C:\Windows\System32\DRIVERS\nuvotonhidgeneric.sys [22528 2008-10-08] (Nuvoton Technology Corporation)
R3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [150560 2008-08-26] (Realtek Semiconductor Corp.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 StkAMini; C:\Windows\System32\Drivers\StkAMini.sys [241628 2015-01-18] (Syntek America Inc.) [File not signed]
S3 StkScan; C:\Windows\System32\Drivers\StkScan.sys [4772 2015-01-18] (Syntek America Inc.) [File not signed]
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [456088 2014-07-23] (Check Point Software Technologies Ltd.)
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl [87536 2008-10-17] (CyberLink Corp.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WisINT15; \??\C:\Elements\1stboot\WisINT15.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 18:57 - 2015-02-20 18:59 - 00024120 _____ () C:\Users\Doreen Kiele\Desktop\FRST.txt
2015-02-20 16:11 - 2015-02-20 16:11 - 02347384 _____ (ESET) C:\Users\Doreen Kiele\Desktop\esetsmartinstaller_deu.exe
2015-02-11 13:48 - 2015-02-11 13:48 - 00000000 __SHD () C:\Windows\system32\%APPDATA%
2015-02-06 15:21 - 2015-02-06 15:21 - 00142984 _____ () C:\Windows\Minidump\Mini020615-04.dmp
2015-02-06 15:11 - 2015-02-06 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-02-06 15:08 - 2015-02-20 18:21 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-06 15:08 - 2015-02-20 16:01 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-06 14:21 - 2015-02-06 14:22 - 00142984 _____ () C:\Windows\Minidump\Mini020615-03.dmp
2015-02-06 14:15 - 2015-02-06 14:15 - 00142984 _____ () C:\Windows\Minidump\Mini020615-02.dmp
2015-02-06 14:08 - 2015-02-06 15:21 - 259947364 _____ () C:\Windows\MEMORY.DMP
2015-02-06 14:08 - 2015-02-06 15:21 - 00000000 ____D () C:\Windows\Minidump
2015-02-06 14:08 - 2015-02-06 14:08 - 00142984 _____ () C:\Windows\Minidump\Mini020615-01.dmp
2015-02-06 12:21 - 2015-02-06 12:21 - 00000903 _____ () C:\Users\Doreen Kiele\Desktop\mbam - Verknüpfung.lnk
2015-02-06 11:34 - 2015-02-19 18:44 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-06 11:34 - 2015-02-06 11:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2015-02-06 11:34 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-06 11:34 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-06 11:34 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-06 11:32 - 2015-02-06 11:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Doreen Kiele\Desktop\mbam-setup-2.0.4.1028.exe
2015-02-06 11:14 - 2015-02-06 11:18 - 00000000 ____D () C:\AdwCleaner
2015-02-06 11:10 - 2015-02-06 11:10 - 02112512 _____ () C:\Users\Doreen Kiele\Desktop\AdwCleaner_4.110.exe
2015-02-05 21:25 - 2015-02-20 18:57 - 00000000 ____D () C:\FRST
2015-02-05 21:22 - 2015-02-19 18:32 - 01126400 _____ (Farbar) C:\Users\Doreen Kiele\Desktop\FRST.exe
2015-02-02 21:48 - 2006-09-18 22:41 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.20150202-214813.backup
2015-02-02 21:38 - 2015-02-20 16:01 - 00000644 _____ () C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-11 14:00 - 00000616 _____ () C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2015-02-02 21:38 - 2015-02-02 21:42 - 00000446 _____ () C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2015-02-02 21:37 - 2015-02-02 21:37 - 00001974 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-02-02 21:37 - 2015-02-02 21:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-02-02 21:37 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2015-02-02 21:36 - 2015-02-02 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-02 21:36 - 2015-02-02 22:05 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2015-02-02 16:07 - 2015-02-02 16:09 - 00431395 _____ () C:\Windows\system32\Drivers\vsconfig.xml
2015-02-02 16:07 - 2015-02-02 16:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2015-02-02 16:04 - 2010-04-05 21:00 - 00221568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-02 15:49 - 2015-02-02 16:07 - 00000000 ____D () C:\Program Files\CheckPoint
2015-02-02 15:48 - 2015-02-02 15:48 - 00000000 ____D () C:\ProgramData\CheckPoint
2015-02-01 20:19 - 2015-02-01 20:19 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm
2015-02-01 18:53 - 2015-02-01 18:53 - 00035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 00000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2015-02-01 18:53 - 2015-02-01 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp
2015-02-01 13:20 - 2015-02-01 13:20 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\CyberLink
2015-02-01 12:32 - 2015-02-01 12:32 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\FreeVideoEditor
2015-01-31 19:56 - 2015-01-31 19:56 - 00000104 _____ () C:\Users\Doreen Kiele\Computer - Verknüpfung.lnk
2015-01-31 17:29 - 2015-01-31 17:29 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Datenrettung
2015-01-30 18:49 - 2015-01-30 18:49 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\dvdcss
2015-01-30 18:24 - 2015-01-30 18:24 - 00000000 ____D () C:\ProgramData\Canneverbe Limited
2015-01-30 18:23 - 2015-01-30 18:23 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\Canneverbe Limited
2015-01-30 18:11 - 2015-01-31 19:57 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\Brennprogramm
2015-01-30 17:51 - 2015-01-30 17:51 - 00000000 ____D () C:\ProgramData\NtiDvdCopy
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-20 18:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 18:01 - 2006-11-02 13:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 17:43 - 2014-12-20 17:40 - 01530671 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 16:12 - 2006-11-02 11:33 - 01685144 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 16:06 - 2006-11-02 13:52 - 00133224 _____ () C:\Windows\setupact.log
2015-02-20 16:02 - 2014-12-20 18:15 - 00000000 _____ () C:\Windows\system32\LogConfigTemp.xml
2015-02-20 16:01 - 2009-01-22 06:59 - 00000147 _____ () C:\Windows\system32\agent.log
2015-02-20 16:01 - 2008-01-21 03:47 - 04937724 _____ () C:\Windows\PFRO.log
2015-02-20 16:01 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 15:50 - 2014-12-20 18:46 - 00165376 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-14 20:36 - 2006-11-02 14:01 - 00022980 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-14 18:05 - 2014-12-20 21:05 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\FFOutput
2015-02-11 14:22 - 2015-01-07 09:02 - 00000000 ____D () C:\ProgramData\Lx_cats
2015-02-11 13:48 - 2014-12-20 21:42 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-11 13:47 - 2014-12-20 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-02-11 13:47 - 2014-12-20 18:56 - 00000000 ____D () C:\Program Files\Avira
2015-02-06 15:11 - 2014-12-20 17:55 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\Google
2015-02-06 15:11 - 2014-12-20 17:53 - 00000000 ____D () C:\Program Files\Google
2015-02-06 14:56 - 2014-12-25 22:00 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-06 12:08 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Resources
2015-02-06 11:04 - 2014-12-20 21:01 - 00000000 ____D () C:\Program Files\Java
2015-02-02 19:13 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-02 17:37 - 2014-12-29 09:01 - 00000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2015-02-02 16:08 - 2014-12-20 17:52 - 00000000 ____D () C:\Users\Doreen Kiele
2015-02-02 15:56 - 2014-12-20 19:27 - 00000000 ____D () C:\Program Files\Comodo
2015-02-02 15:53 - 2014-12-20 19:27 - 00000000 ____D () C:\ProgramData\Comodo
2015-02-02 15:20 - 2006-11-02 13:47 - 00402808 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-01 22:07 - 2014-12-20 17:55 - 00114184 _____ () C:\Users\Doreen Kiele\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-01 19:15 - 2008-11-14 03:56 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-01 13:20 - 2015-01-18 21:21 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\CyberLink
2015-02-01 13:19 - 2014-12-23 13:22 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\vlc
2015-02-01 12:55 - 2014-12-20 20:54 - 00009398 _____ () C:\Windows\WisAutorun.log
2015-02-01 12:33 - 2014-12-21 10:56 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2015-02-01 12:32 - 2014-12-21 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-02-01 12:32 - 2014-12-21 10:43 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2015-02-01 12:31 - 2014-12-21 10:54 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2015-02-01 12:30 - 2014-12-21 10:44 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Roaming\DVDVideoSoft
2015-01-31 20:36 - 2009-01-22 06:55 - 00001024 ___RH () C:\Users\Public\Documents\NTIMP3.dll
2015-01-31 19:30 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-31 18:02 - 2014-12-20 18:53 - 00000000 ____D () C:\Users\Doreen Kiele\Downloads\DVD Video Soft FreeStudio
2015-01-31 18:02 - 2014-12-20 17:54 - 00000000 ____D () C:\Users\Doreen Kiele\AppData\Local\VirtualStore
2015-01-31 16:53 - 2014-12-21 10:43 - 00000000 ____D () C:\Users\Doreen Kiele\Documents\DVDVideoSoft
==================== Files in the root of some directories =======
2015-02-01 18:53 - 2015-02-01 18:53 - 0035044 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS
2015-02-01 18:53 - 2015-02-01 18:53 - 0000265 _____ () C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part
2014-12-29 09:01 - 2015-02-02 17:37 - 0000680 _____ () C:\Users\Doreen Kiele\AppData\Local\d3d9caps.dat
2014-12-20 18:46 - 2015-02-20 15:50 - 0165376 _____ () C:\Users\Doreen Kiele\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-20 18:12 - 2014-12-20 18:13 - 0091953 _____ () C:\Users\Doreen Kiele\AppData\Local\edsinstaller.txt-20141220.log
2014-12-20 18:16 - 2014-12-20 18:20 - 0006065 _____ () C:\ProgramData\ArcadeDeluxe2.log
2015-01-07 08:43 - 2015-01-07 08:43 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt
Some content of TEMP:
====================
C:\Users\Doreen Kiele\AppData\Local\Temp\avgnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\Quarantine.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\RtkBtMnt.exe
C:\Users\Doreen Kiele\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-20 16:17
==================== End Of Log ============================
--- --- --- |
|
20.02.2015, 19:05
| #14 |
| | Positive Finds ads auf meinem PC Additional Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-02-2015 01
Ran by Doreen Kiele at 2015-02-20 18:59:37
Running from C:\Users\Doreen Kiele\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: ZoneAlarm Free Firewall Firewall (Disabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 1 (SP1) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}) (Version: - Microsoft)
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.2146.41621 - ABBYY Software House)
Acer Arcade Deluxe (HKLM\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 2.0.5817 - CyberLink Corp.)
Acer Arcade Deluxe (Version: 2.0.5817 - CyberLink Corp.) Hidden
Acer Crystal Eye webcam Ver:1.1.57.409 (HKLM\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.57.409 - Chicony Electronics Co.,Ltd.)
Acer eAudio Management (HKLM\...\{57265292-228A-41FA-9AEC-4620CBCC2739}) (Version: 3.0.3009 - CyberLink Corp.)
Acer eDataSecurity Management (HKLM\...\{A5633652-3795-4829-BB0B-644F0279E279}) (Version: 3.0.3065 - Egis Inc.)
Acer Empowering Technology (HKLM\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.0.3013 - Acer Incorporated)
Acer ePower Management (HKLM\...\{58E5844B-7CE2-413D-83D1-99294BF6C74F}) (Version: 3.0.3014 - Acer Incorporated)
Acer eRecovery Management (HKLM\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 3.0.3014 - Acer Incorporated)
Acer eSettings Management (HKLM\...\{13D85C14-2B85-419F-AC41-C7F21E68B25D}) (Version: 3.0.3007 - Acer Incorporated)
Acer GridVista (HKLM\...\GridVista) (Version: 2.72.317 - )
Acer Mobility Center Plug-In (HKLM\...\{11316260-6666-467B-AC34-183FCB5D4335}) (Version: 3.0.3000 - Acer Inc.)
Acer Product Registration (HKLM\...\{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}) (Version: 3.0.0.10 - Acer Incorporated)
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.1.102.64 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.5.155 - Adobe Systems, Inc.)
AMD USB Audio Driver Filter (HKLM\...\{A3AB35FA-943E-4799-99DC-46EFD59E998F}) (Version: 1.0.7.0031 - Advanced Micro Devices, Inc.)
ATI Catalyst Install Manager (HKLM\...\{F2F8821D-9C68-6040-8BF7-FF21D26592B5}) (Version: 3.0.704.0 - ATI Technologies, Inc.)
Avira (HKLM\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom Gigabit Integrated Controller (HKLM\...\{F870B987-18BC-45FC-9BE8-35C02DCDA10F}) (Version: 11.32.03 - Broadcom Corporation)
ccc-core-static (Version: 2008.1210.1623.29379 - Ihr Firmenname) Hidden
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
FormatFactory 2.70 (HKLM\...\FormatFactory) (Version: 2.70 - Free Time)
Free DVD Video Converter version 2.0.25.128 (HKLM\...\Free DVD Video Converter_is1) (Version: 2.0.25.128 - DVDVideoSoft Ltd.)
Free Studio version 5.0.9 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Free Video Editor version 1.4.10.128 (HKLM\...\Free Video Editor_is1) (Version: 1.4.10.128 - DVDVideoSoft Ltd.)
Free Video to DVD Converter version 5.0.56.128 (HKLM\...\Free Video to DVD Converter_is1) (Version: 5.0.56.128 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.52.1215 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.52.1215 - DVDVideoSoft Ltd.)
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Update Helper (Version: 1.3.21.165 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
Java 8 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Launch Manager (HKLM\...\LManager) (Version: - )
Lexmark (HKLM\...\{D2C5E510-BE6D-42CC-9F61-E4F939078474}) (Version: 1.0.0.0 - )
Lexmark 5600-6600 Series (HKLM\...\Lexmark 5600-6600 Series) (Version: - Lexmark International, Inc.)
Lexmark Symbolleiste (HKLM\...\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}) (Version: 4.0.53.0 - )
Lexmark Tools for Office (HKLM\...\{10812DE7-2E57-4740-B226-6B3BE34AF9D7}) (Version: 1.24.0.0 - )
LightScribe 1.4.142.1 (Version: 1.4.142.1 - hxxp://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works (HKLM\...\{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}) (Version: 08.05.0822 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NTI Backup Now 5 (HKLM\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.606 - NewTech Infosystems)
NTI Backup Now Standard (Version: 5.1.2.606 - NewTech Infosystems) Hidden
NTI Media Maker 8 (HKLM\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.2.6329 - NewTech Infosystems)
NTI Media Maker 8 (Version: 8.0.2.6329 - NewTech Infosystems) Hidden
Nuvoton EC Generic HID Driver (HKLM\...\{302E9B7B-2B6A-4C29-9A02-9F2110649779}) (Version: 7.80.5000 - Nuvoton Technology Corporation)
PDF Architect 2 (HKLM\...\PDF Architect 2) (Version: 2.0.51.17865 - pdfforge GmbH)
PDF Architect 2 Create Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 Edit Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDF Architect 2 View Module (Version: 2.1.6.19758 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5704 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM\...\{DC24971E-1946-445D-8A82-CE685433FA7D}) (Version: 3.0.1.3 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.1.4.0 - Synaptics)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Office 2007 (KB946691) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{A420F522-7395-4872-9882-C591B4B92278}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
USB2.0 Capture Device (HKLM\...\{E337B156-DF81-48D8-8977-B1574EE87BCF}) (Version: 1.0.3.0 - )
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
ZoneAlarm Firewall (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM\...\ZoneAlarm Free Firewall) (Version: 13.3.052.000 - Check Point)
ZoneAlarm Security (Version: 13.3.052.000 - Check Point Software Technologies Ltd.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
19-01-2015 10:42:38 Windows Update
23-01-2015 21:19:54 Windows Update
28-01-2015 11:03:53 Windows Update
31-01-2015 20:09:18 Microsoft Visual C++ 2005 Redistributable wird installiert
01-02-2015 12:56:14 Installiert PowerDirector
01-02-2015 19:03:53 Konfiguriert PowerDirector
02-02-2015 15:44:19 Removed COMODO Firewall
02-02-2015 16:04:16 Windows Update
02-02-2015 16:07:51 Gerätetreiber-Paketinstallation: Check Point Software Technologies Ltd. Netzwerkdienst
02-02-2015 19:41:05 Windows Update
06-02-2015 10:56:19 Windows Update
06-02-2015 10:59:59 Removed Java(TM) 6 Update 23
06-02-2015 11:04:54 Removed Search App by Ask
11-02-2015 13:47:51 Windows Update
18-02-2015 15:52:54 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3C41FE0F-981F-4EAB-A626-62E6FBD50BB4} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2014-12-25] (Oracle Corporation)
Task: {88B8AFEB-6370-42D2-A9B2-DBBFB5F3503B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {D474A348-5306-4384-BAF9-D18B46930DF2} - System32\Tasks\Scan the system (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
Task: {D9317D58-89FE-45F4-BA22-EA179E15D626} - System32\Tasks\Refresh immunization (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {E2C78A30-5F28-4F78-A14B-1AB89494D0A0} - System32\Tasks\Check for updates (Spybot - Search & Destroy) => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {E35FD31F-2D85-4E2B-9854-3B4E5F860B5E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-02-06] (Google Inc.)
Task: {E95C38D1-EFCF-479C-A943-AF5B573C9360} - System32\Tasks\Installation App Launcher => C:\Program Files\Lexmark 5600-6600 Series\lxduamon.exe [2015-01-07] ()
Task: {F9D30869-1610-4776-9621-CA61ADEEC4C9} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
==================== Loaded Modules (whitelisted) ==============
2008-09-10 10:57 - 2008-09-10 10:57 - 00372736 _____ () C:\Program Files\Lexmark Toolbar\toolband.dll
2015-01-07 08:48 - 2008-09-10 10:57 - 00458752 _____ () C:\Program Files\Lexmark Toolbar\resource.dll
2015-02-02 21:36 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-02-02 21:36 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-07 08:50 - 2008-05-01 01:41 - 00045056 _____ () C:\Windows\System32\LXDUPMON.DLL
2015-01-07 08:49 - 2008-09-10 10:43 - 00086016 _____ () C:\Windows\System32\LXDUOEM.DLL
2015-01-07 08:49 - 2008-09-10 10:41 - 00032768 _____ () C:\Program Files\Lexmark 5600-6600 Series\ipcmt.dll
2015-01-07 08:58 - 2015-01-07 08:52 - 00121856 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\lxdudrpp.dll
2014-12-21 02:32 - 2009-01-07 22:46 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 01024000 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACE.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00098304 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML.dll
2007-06-24 19:09 - 2007-06-24 19:09 - 00061440 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\ACEXML_Parser.dll
2014-12-20 18:19 - 2008-10-04 04:09 - 00069632 _____ () C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2009-01-22 07:17 - 2008-11-28 10:56 - 00024576 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2009-01-22 07:17 - 2009-01-22 07:17 - 00032768 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.3013.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00020480 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3013.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00061440 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3013.0__3036420f80dd6947\Framework.Library.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00028672 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.3013.0__672b450de5a7e94a\Framework.Host.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00016384 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.3013.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2014-12-20 18:14 - 2008-09-11 21:20 - 00016384 ____N () C:\Program Files\Acer\Empowering Technology\eAudio\eAudioSrvPlugin.dll
2009-01-22 07:17 - 2009-01-22 07:17 - 00036864 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3013.0__4df5dcab8860d239\Framework.Utility.dll
2014-12-20 18:15 - 2008-05-26 14:40 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.ServicePlugin.dll
2014-12-20 18:15 - 2008-05-26 14:37 - 00016384 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Logger.dll
2014-12-20 18:15 - 2008-05-26 14:39 - 00143360 _____ () C:\Program Files\Acer\Empowering Technology\eSettings\eSettings.Model.Computer.dll
2014-12-20 18:15 - 2008-05-26 14:37 - 00036864 _____ () C:\Program Files\Acer\Empowering Technology\Service\eSettings.Model.ComputerInterface.dll
2009-01-22 07:17 - 2007-12-06 16:15 - 00110592 _____ () C:\Acer\Mobility Center\MobilityService.exe
2009-01-22 07:17 - 2007-11-27 15:08 - 00032768 _____ () C:\Acer\Mobility Center\MobilityInterface.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00131072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2015-02-02 21:36 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-02-02 21:36 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-02-02 21:36 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2008-04-25 21:36 - 2008-04-25 21:36 - 00028672 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
2008-04-28 09:49 - 2008-04-28 09:49 - 00003072 _____ () C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll
2014-12-20 18:10 - 2007-10-23 10:56 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-12-21 02:32 - 2003-06-07 22:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2008-07-29 17:52 - 2008-07-29 17:52 - 00227888 _____ () C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00835584 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMediaLibrary.dll
2008-10-08 21:49 - 2008-10-08 21:49 - 00007680 ____N () C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvcPS.dll
2015-01-07 08:47 - 2015-01-07 08:47 - 00676520 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxdumon.exe
2015-01-07 08:47 - 2008-09-10 10:56 - 00380928 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduscw.dll
2015-01-07 08:52 - 2015-01-07 08:52 - 00188416 _____ () C:\Windows\system32\spool\drivers\w32x86\3\lxdudatr.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 01036288 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduDRS.dll
2015-01-07 08:47 - 2008-09-10 10:56 - 00081920 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducaps.dll
2015-01-07 08:47 - 2008-09-10 10:40 - 00069632 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxducnv4.dll
2015-01-07 08:48 - 2015-01-07 08:48 - 00025256 _____ () C:\Program Files\Lexmark 5600-6600 Series\lxduMsdMon.exe
2015-01-07 08:47 - 2008-05-27 04:36 - 00028672 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Common.dll
2015-01-07 08:47 - 2008-05-27 04:36 - 00036864 _____ () C:\Program Files\Lexmark 5600-6600 Series\App4R.Monitor.Core.dll
2015-01-07 08:47 - 2008-05-27 04:35 - 00065536 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.dll
2015-01-07 08:47 - 2008-03-25 05:53 - 00012288 _____ () C:\Program Files\Lexmark 5600-6600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
2015-02-06 15:11 - 2015-02-04 10:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Stk1150.exe:$CmdTcID
AlternateDataStreams: C:\Windows\StkATVAp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayDriverLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cbsra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chsbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chtbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compcln.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrstub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfsr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ff_vfw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FunctionDiscoveryFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigReader.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsilog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducaps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducnv4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxdudrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduvs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LXDUwupd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\milcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexch40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexcl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjet40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjetoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjint40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjter40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjtes40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msltus40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2VDEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd2x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd3x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrepl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msstrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstext40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstlsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswdat10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswstr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetProjW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oobefldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdfcmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propdefs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavenge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetIEInstalledDate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCommDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLLUA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slmgr.vbs:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUINotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spcmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sperror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAProp.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASv2K.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAVFW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAWIA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thawbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxsms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whealogr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcao.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WscEapPr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Dumpata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\exfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mup.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\npfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\raspppoe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\smb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spsys.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkACamd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAMini.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPin.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPipe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkASam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Doreen:$CmdTcID
AlternateDataStreams: C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part:$CmdTcID
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1531739928-432372518-3359910063-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Doreen Kiele\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1531739928-432372518-3359910063-500 - Administrator - Disabled)
Doreen Kiele (S-1-5-21-1531739928-432372518-3359910063-1000 - Administrator - Enabled) => C:\Users\Doreen Kiele
Gast (S-1-5-21-1531739928-432372518-3359910063-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/20/2015 05:39:45 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DOREEN KIELE\MUSIC\ALBEN\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 05:39:42 PM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\DOREEN KIELE\MUSIC\ALBEN\DESKTOP.INI> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (02/20/2015 04:02:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 08:40:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 03:23:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 02:23:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 02:16:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 02:10:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:12:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/06/2015 00:09:16 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
System errors:
=============
Error: (02/20/2015 04:02:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/20/2015 04:02:01 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Error: (02/20/2015 04:02:01 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Parallel port driver%%1058
Error: (02/20/2015 04:01:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 20.02.2015 um 15:55:16 unerwartet heruntergefahren.
Error: (02/14/2015 08:40:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (02/14/2015 08:40:32 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (02/14/2015 08:40:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Spybot-S&D 2 Scanner Service%%1053
Error: (02/14/2015 08:40:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Spybot-S&D 2 Scanner Service
Error: (02/14/2015 08:40:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: lxduCATSCustConnectService%%1053
Error: (02/14/2015 08:40:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000lxduCATSCustConnectService
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-02-20 18:59:28.566
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:28.147
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:27.828
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:27.434
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:26.753
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:26.348
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:26.038
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-20 18:59:25.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:27.243
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-07 21:05:26.962
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Turion(tm) X2 Dual-Core Mobile RM-72
Percentage of memory in use: 64%
Total physical RAM: 2429.36 MB
Available physical RAM: 858.34 MB
Total Pagefile: 5087.29 MB
Available Pagefile: 3159.77 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.87 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:142.65 GB) (Free:50.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:142.67 GB) (Free:142.53 GB) NTFS
Drive f: () (Removable) (Total:15.05 GB) (Free:5.53 GB) FAT32
Drive g: (INTENSO) (Removable) (Total:60.09 GB) (Free:60.09 GB) FAT32
Drive h: (FREECOM HDD) (Fixed) (Total:931.28 GB) (Free:634.36 GB) FAT32
Drive i: (DOREEN 4 GB) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 4BFDD482)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=142.7 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3 GB) - (Type=12)
========================================================
Disk: 1 (Size: 15.1 GB) (Disk ID: 6E652072)
No partition Table on disk 1.
========================================================
Disk: 2 (Size: 60.1 GB) (Disk ID: 06C1B905)
Partition 1: (Not Active) - (Size=60.1 GB) - (Type=0C)
========================================================
Disk: 3 (Size: 931.5 GB) (Disk ID: 09C97C5B)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=0C)
========================================================
Disk: 4 (Size: 3.7 GB) (Disk ID: 6E652072)
No partition Table on disk 4.
==================== End Of Log ============================
|
|
22.02.2015, 01:23
| #15 |
| Ruhe in Frieden † 2019 | Positive Finds ads auf meinem PC Hallo, schau bitte, wenn du das nächste mal was runterlädst, dass du das erstens immer benutzerdefiniert installierst und alles abwählst, was dir an Gratiszusatzangeboten gemacht wird und zweitens nicht bei Chip oder Softonic und wenn dann nur manuell. Spybot ist outdated  Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Program Files\CheckPoint\Install\CUninstallerZA.exe
C:\Program Files\CheckPoint\Install\zatb.exe
C:\Users\Doreen Kiele\Downloads\Audio Codes\k-lite-codec-pack.exe
C:\Users\Doreen Kiele\Downloads\Brennprogramm\Nero Lite - CHIP-Installer.exe
C:\Users\Doreen Kiele\Downloads\DVD Menü Erstellung + Brennprogramm\22729_DVDStyler-2.8.1-win32.exe
C:\Users\Doreen Kiele\Downloads\DVD Shrink\ShrinkTo5 - 2. Tonspur entfernen.exe
C:\Users\Doreen Kiele\Downloads\PDF Creator\PDFCreator-2_0_1-setup.exe
H:\DB\Downloads\SoftonicDownloader_fuer_fat32-format.exe
H:\DB\Downloads\DVD Shrink\ShrinkTo5 - 2. Tonspur entfernen.exe
H:\DB\Downloads\Audio Codes\k-lite-codec-pack.exe
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\Stk1150.exe:$CmdTcID
AlternateDataStreams: C:\Windows\StkATVAp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\accessibilitycpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsldpc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apds.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appwiz.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autochk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoconv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autofmt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\autoplay.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayCpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayDriverLib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\AuxiliaryDisplayServices.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\azroles.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basecsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BFE.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bitsigd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\brcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browseui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\BthMtpContextHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthprops.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\bthudtask.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cbsra.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnroll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CertEnrollUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certreq.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chajei.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chsbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\chtbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CHxReadingStringIME.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cipher.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmdial32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cmmon32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comdlg32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\compcln.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comsvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comuid.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\conime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\connect.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\csrstub.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10level9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10_1core.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dataclen.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dbgeng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DeviceEject.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairing.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DevicePairingWizard.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dfsr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagperf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskpart.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskraid.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmsynth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dmusic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3cfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3msm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dot3svc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpapimig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnsvr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvinst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\drvstore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsound.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dsprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwm.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapp3hst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eappgnui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eapphost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorAuthn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorPwdMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EhStorShell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\emdmgmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\es.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\eudcedit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\f3ahvoas.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Faultrep.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdBthProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdeploy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdProxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdSSDP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWCN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fdWSD.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\feclient.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ff_vfw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\findstr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ftp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FunctionDiscoveryFolder.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fundisc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FwRemoteSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpresult.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gpupdate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\halmacpi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hbaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hccoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hcrstco.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hdwwiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\hidserv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasacct.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasads.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasdatastore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iashlpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IasMigReader.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iaspolcy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrad.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iasrecst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassam.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassdo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iassvcs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iexpress.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ifmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imagehlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imapi2fs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10.IME:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imkr80.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\imm32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\infocardcpl.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\input.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipconfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPHLPAPI.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsecsnp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IPSECSVC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ipsmsnap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iscsilog.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\java.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaw.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\javaws.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kd1394.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kdusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\korwbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Kswdmcap.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\l2nacp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logagent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducaps.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducfg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducnv4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxducoms.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxdudrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduih.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lxduvs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\LXDUwupd.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Magnify.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mblctr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mciseq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcmde.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MediaMetadataHandler.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\midimap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\milcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mimefilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcico.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmcndmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MMDevAPI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mmsys.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\modemui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Mpeg2Data.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mpr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mprapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MPSSVC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mrt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msacm32.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscandui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsCtfMonitor.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctfui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtcprx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdtctm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSDvbNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexch40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msexcl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msfeedssync.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msftedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimtf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msinfo32.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msisip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjet40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjetoledb40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjint40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjter40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msjtes40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msltus40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSMPEG2VDEC.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSNP.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mspbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd2x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrd3x40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msrepl40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshooks.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msshsq.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssitlb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssprxy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msstrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstext40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstlsapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msutb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcp60.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msvcrt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MSVidCtl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswdat10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswsock.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mswstr10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxbde40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mtxclu.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NaturalLanguage6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NcdProp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncryptui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ncsi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netcenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netlogon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netplwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NetProjW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netshell.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkexplorer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkitemfactory.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\networkmap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\newdev.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlaapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nlhtml.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0007.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\NlsLexicons0009.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nslookup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntkrnlpa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntmarta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ocsetup.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbcconf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\odbccp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\offfilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleacc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaccrc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleprn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\olepro32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\onex.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oobefldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\P2PGraph.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\p2psvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pcaui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdfcmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PerfCenterCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\perfdisk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\phon.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PhotoScreensaver.scr:$CmdTcID
AlternateDataStreams: C:\Windows\system32\photowiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pidgenx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PkgMgr.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnidui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pnpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPUnattend.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PnPutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PNPXAssoc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceClassExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceConnectApi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceTypes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PortableDeviceWMDRM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\powrprof.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationNative_v0300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PresentationSettings.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printcom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printfilterpipelinesvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\printui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\prnntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propdefs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\propsys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\PSHED.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisdecd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\psisrndr.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\puiapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\QAGENTRT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\qmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Query.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\quick.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RacEngn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\raschap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdiag.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdial.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasgcw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmans.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasmontr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasplap.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rasppp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpencom.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\reg.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RegisterIEPKEYs.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\regsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rekeywiz.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RelMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\riched20.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rpcss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rsaenh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rtffilt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\samsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scansetting.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SCardSvr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavenge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scecli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scksp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrobj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sdohlp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sendmail.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\services.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sethc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SetIEInstalledDate.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setupapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shlwapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shsetup.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shwebsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLC.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCExt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slcinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLCommDlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLLUA.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slmgr.vbs:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLsvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUI.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SLUINotify.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwga.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\slwmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SMBHelperClass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SmiEngine.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SndVol.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SnippingTool.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\softkbd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spcmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sperror.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spinstall.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolss.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spreview.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwinsat.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwizui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sqlsrv32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srchadmin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\srvsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAProp.ax:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASSrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkASv2K.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAVFW.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\StkAWIA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Storprop.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sud.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\swprv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SyncCenter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysclass.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\SysFxUI.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmon.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\systemcpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tapisrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpipcfg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tcpmon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\thawbrkr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themecpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\themeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tintlgnt.ime:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSTheme.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uDWM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAnimation.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIAutomationCore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\UIRibbonRes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ulib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\umpnpmgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\unimdm.tsp:$CmdTcID
AlternateDataStreams: C:\Windows\system32\untfs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usercpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\userenv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Utilman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uxsms.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdmdbg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vds.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsdyn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vdsutil.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\version.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vssapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\VSSVC.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\w32time.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcncsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WcnNetsh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wcnwiz2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wdfres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdmaud.drv:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wdscore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wercon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFault.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WerFaultSecure.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wersvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wevtutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wextract.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\whealogr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaaut.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiafbdrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wiaservc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsAnytimeUpgradeCPL.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winhttp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winmm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winrnr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSAT.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WinSCard.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winusb.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wisptis.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlangpui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanpref.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlanui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Wldap32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wlgpclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMALFXGFXDSP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMNetMgr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmpeffects.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVDECOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVENCOD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVSDECD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMVXENCD.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wow32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcao.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpccpl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpcsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdbusenum.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShextAutoplay.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDShServiceObj.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WPDSp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wpd_ci.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WscEapPr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscisvif.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscntfy.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscui.cpl:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsdchngr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSDMon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsepno.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshbth.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshcon.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshext.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wsnmp32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wusa.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmlfilter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsGdiConverter.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XpsPrint.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\zipfldr.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\acpi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\bridge.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\cdrom.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Classpnp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\crashdmp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\disk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\drmk.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Dumpata.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ecache.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\exfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fastfat.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fltMgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fs_rec.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hdaudbus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidclass.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidparse.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\hidusb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\kbdhid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ks.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msrpc.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mup.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndis.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ndiswan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\netbt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\npfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nwifi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pacer.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\pci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\portcls.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\raspppoe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rassstp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdbss.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rmcast.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\smb.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\spsys.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkACamd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAMini.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPin.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkAPipe.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkASam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\StkScan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\termdd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\udfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usb8023.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBAUDIO.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBCAMD2.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbscan.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\usbvideo.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volmgrx.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\volsnap.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\watchdog.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Wdf01000.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WdfLdr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID
AlternateDataStreams: C:\Users\Doreen:$CmdTcID
AlternateDataStreams: C:\Users\Doreen Kiele\AppData\Local\4A9A4070_stp.CIS.part:$CmdTcID
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
OK So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Deinstalliere Deinen Reader und lade Dir die neueste Version von hier herunter. Schaue, ob sich noch etwas mit installieren möchte und entferne den Haken gegebenenfalls.
Java ist eine große Sicherheitslücke auf deinem System, es werden immer wieder neue Schwachstellen entdeckt, die ausgenutzt werden um Rechner zu infizieren. Sofern du Java nicht zwingend benötigst, solltest du es komplett deinstallieren. Windows XP Gehe auf: Start --> Systemsteuerung --> Software --> Javaversionen auswählen --> entfernen Windows Vista Gehe auf: Start --> Systemsteuerung -- > Programme --> Programme deinstallieren --> Javaversionen suchen --> entfernen Windows 7 Dazu gehe auf: den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Javaversionen auswählen --> entfernen Windows 8 Dazu drücke auf: Windowstaste und X dann: Programme und Funktionen -->Javaversionen auswählen --> entfernen Falls du Java doch unbedingt benötigst, dann
und sorge dafür, dass Java automatisch updated. Dazu:
Hier findest du eine Anleitung dazu. |
|
| Themen zu Positive Finds ads auf meinem PC |
| ads, chip.de, erste mal, fenster, finds, forum, gestern, langsamer, malware, nicht mehr, nichts, positive, positive finds, positive finds ads, rechner, software, surfe, surfen, virus, werbung, überhaupt |
Mach die anderen Schritte bitte auch noch, danke 
Linear-Darstellung
