|
Log-Analyse und Auswertung: Win7: Verdacht auf Rootkit, kein Ergebnis über VirenscanWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.07.2015, 10:37 | #1 |
| Win7: Verdacht auf Rootkit, kein Ergebnis über Virenscan Ich lasse GMER unregelmäßig immer mal wieder auf meinem Rechner laufen. Gestern ist dort ein Thread NTDLL.DLL als Malware angezeigt worden. Bin jetzt unsicher, um was es sich dabei handelt. Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 11:00 on 06/07/2015 (MGA) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015 Ran by MDG (ATTENTION: The logged in user is not administrator) on MDG-PC-NEU on 06-07-2015 11:01:16 Running from E:\Download\Emergency Loaded Profiles: MGA & MDG (Available Profiles: MGA & MDG) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> cmdagent.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> SbieSvc.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> schedul2.exe Failed to access process -> armsvc.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> svchost.exe Failed to access process -> HeciServer.exe Failed to access process -> Jhi_service.exe Failed to access process -> ViakaraokeSrv.exe Failed to access process -> vmware-usbarbitrator.exe Failed to access process -> vmnat.exe Failed to access process -> vmware-authd.exe Failed to access process -> vmnetdhcp.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> LMS.exe Failed to access process -> wmpnetwk.exe Failed to access process -> SearchIndexer.exe Failed to access process -> UNS.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe Failed to access process -> svchost.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe Failed to access process -> TeamViewer_Service.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe Failed to access process -> tv_w32.exe Failed to access process -> tv_x64.exe Failed to access process -> SbieSvc.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\32\SbieSvc.exe Failed to access process -> cavwp.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieRpcSs.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieDcomLaunch.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieCrypto.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SandboxieBITS.exe Failed to access process -> TeamViewer_Desktop.exe (Google Inc.) D:\Sandbox\MDG\GoogleChrome\drive\C\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe Failed to access process -> SearchProtocolHost.exe Failed to access process -> SearchFilterHost.exe Failed to access process -> cmdvirth.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2015-01-17] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-01-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129648 2011-03-25] (VMware, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-01-31] (Adobe Systems Inc.) HKLM-x32\...\RunOnce: [{9334B453-6239-47DF-B6EC-A74C55F36214}] => cmd.exe /C start /D "C:\Users\MGA\AppData\Local\Temp" /B {9334B453-6239-47DF-B6EC-A74C55F36214}.exe -accepteula -accepteulaksn -activeimages -postboot HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-01-15] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.) HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {0a99f426-71f6-11e3-9d23-005056c00008} - M:\setup.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {1a89f61a-723f-11e3-8428-005056c00008} - N:\setup.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {2daba32a-712b-11e3-a1b1-005056c00008} - H:\Programs\PStart.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {7bb2d7b3-72da-11e3-b590-005056c00008} - M:\setup\rsrc\Autorun.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {7bb2d7e0-72da-11e3-b590-005056c00008} - M:\setup\rsrc\Autorun.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {7bb2d7e4-72da-11e3-b590-005056c00008} - N:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-09-04] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1839428087-913458323-2622912977-1009\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1839428087-913458323-2622912977-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp URLSearchHook: [S-1-5-21-1839428087-913458323-2622912977-1001] ATTENTION ==> Default URLSearchHook is missing BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-04] (LastPass) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated) BHO-x32: PDF Architect Helper -> {3A2D5EBA-F86D-4BD3-A177-019765996711} -> C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-04-08] (pdfforge GmbH) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-04] (LastPass) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-04] (LastPass) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll [2013-04-08] (pdfforge GmbH) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-04] (LastPass) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation) Winsock: Catalog9 11 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736 2011-03-25] (VMware, Inc.) Winsock: Catalog9 12 C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll [346736 2011-03-25] (VMware, Inc.) Winsock: Catalog9-x64 11 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576 2011-03-25] (VMware, Inc.) Winsock: Catalog9-x64 12 C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll [446576 2011-03-25] (VMware, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{73922EE3-AC66-40D7-9164-91A24560AF14}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{DD890A96-155D-4021-AC73-75CF83D8CB30}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{ED36C01F-24E0-497B-BB94-DB8A6C1517F3}: [DhcpNameServer] 172.20.10.1 FireFox: ======== FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-09-04] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-09-04] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-06] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-31] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-31] Chrome: ======= CHR Profile: C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Translate) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-16] CHR Extension: (Adblock Plus) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-16] CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-13] CHR Extension: (LastPass: Free Password Manager) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-03] CHR Extension: (FlashControl) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-01-16] CHR Extension: (Google Wallet) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-03-03] (Apple Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO) R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC) S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-01-15] (Safer-Networking Ltd.) S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-01-15] (Safer-Networking Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-07-06] (TeamViewer GmbH) S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO) S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-02-14] (Digiarty Software, Inc.) S3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 WIMMount; \??\D:\WinPE\Win8pese\Projects\Tools\Win8PESE\X64\wimmount.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 11:00 - 2015-07-06 11:01 - 00000000 ____D C:\FRST 2015-07-06 11:00 - 2015-07-06 11:00 - 00000000 _____ C:\Users\MGA\defogger_reenable ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 11:00 - 2015-01-15 10:04 - 00127518 _____ C:\Windows\system32\Drivers\fvstore.dat 2015-07-06 11:00 - 2013-05-22 11:44 - 00000000 ____D C:\Users\MGA 2015-07-06 10:54 - 2014-01-13 23:38 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2015-07-06 10:40 - 2015-01-15 08:30 - 00000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-07-06 10:40 - 2015-01-15 08:30 - 00000979 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-07-06 10:40 - 2013-05-25 00:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-07-06 10:33 - 2015-03-23 20:07 - 00015364 ____H C:\Users\MDG\.DS_Store 2015-07-06 10:33 - 2015-01-16 13:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-06 10:32 - 2009-07-14 06:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-06 10:32 - 2009-07-14 06:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-06 10:28 - 2011-04-12 09:43 - 00772804 _____ C:\Windows\system32\perfh007.dat 2015-07-06 10:28 - 2011-04-12 09:43 - 00217432 _____ C:\Windows\system32\perfc007.dat 2015-07-06 10:28 - 2009-07-14 07:13 - 01768484 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-06 10:27 - 2013-05-22 11:45 - 01099360 _____ C:\Windows\WindowsUpdate.log 2015-07-06 10:24 - 2013-05-30 22:00 - 00000000 ____D C:\ProgramData\VMware 2015-07-06 10:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-06 10:24 - 2009-07-14 06:51 - 00055297 _____ C:\Windows\setupact.log 2015-07-06 10:18 - 2015-01-16 13:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-06 10:11 - 2013-05-25 16:29 - 00041422 _____ C:\Windows\Sandboxie.ini ==================== Files in the root of some directories ======= 2015-01-15 08:11 - 2015-01-15 08:11 - 6000640 _____ () C:\Program Files (x86)\GUT6A47.tmp 2013-09-04 08:38 - 2013-09-04 08:38 - 15641088 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-01-16 10:24 - 2015-03-02 13:35 - 0000600 _____ () C:\Users\MDG\AppData\Local\PUTTY.RND 2013-05-28 12:03 - 2013-05-28 12:03 - 0392184 _____ () C:\ProgramData\1369735270.bdinstall.bin 2014-01-13 21:48 - 2014-01-13 21:48 - 0227394 _____ () C:\ProgramData\1389638880.bdinstall.bin 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Dance 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Dance Kit 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Database 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Displays 2013-05-29 10:48 - 2015-01-15 12:21 - 0008941 _____ () C:\ProgramData\LMabscan.log 2013-06-18 14:17 - 2013-06-18 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2013-06-18 14:17 - 2013-06-18 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2013-06-18 14:17 - 2015-03-22 02:00 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2013-06-18 14:17 - 2013-06-18 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Some files in TEMP: ==================== C:\Users\MDG\AppData\Local\Temp\Ableton Swapper.exe C:\Users\MDG\AppData\Local\Temp\SandboxieInstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015 Ran by MDG at 2015-07-06 11:01:45 Running from E:\Download\Emergency Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1839428087-913458323-2622912977-500 - Administrator - Disabled) Gast (S-1-5-21-1839428087-913458323-2622912977-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1839428087-913458323-2622912977-1007 - Limited - Enabled) MDG (S-1-5-21-1839428087-913458323-2622912977-1009 - Limited - Enabled) => C:\Users\MDG MDG_O (S-1-5-21-1839428087-913458323-2622912977-1008 - Limited - Disabled) MGA (S-1-5-21-1839428087-913458323-2622912977-1001 - Administrator - Enabled) => C:\Users\MGA __vmware_user__ (S-1-5-21-1839428087-913458323-2622912977-1011 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Enabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 9 Standard (HKLM\...\{BDEBF6AC-273C-4D69-ADD0-93B5EB085DEB}) (Version: 9.0.0.0 - Ableton) Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis) Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - ) CIB pdf brewer (HKLM\...\{3B88F2B3-B0CA-4564-BFB9-00151AB1742C}) (Version: 2.6.0049 - CIB software GmbH) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010.6 - Poikosoft) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen) Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse) Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.135 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MOBackup - Datensicherung für Outlook (Testversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 7.51 - Heiko Schröder) NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon) Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.0.2.0814a - QNAP Systems, Inc.) RoboMirror (HKLM-x32\...\{D3F69CEB-C0BF-4EB8-A6D1-79A45CEF4E2F}) (Version: 0.5.0.0 - Martin Kinkelin) Samsung CLX-6260 Series (HKLM-x32\...\Samsung CLX-6260 Series) (Version: 1.16 (10.12.2014) - Samsung Electronics Co., Ltd.) Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (30.10.2014) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(30.10.2014) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC) Scratch Live 2.4.4 (21) (HKLM-x32\...\{BFB1739B-3B75-4270-8F46-CD8A7628CA40}) (Version: 2.4.4 - Serato Inc LP) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0051-0000-1000-0000000FF1CE}_Office15.VISPROR_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Tag&Rename 3.7.5 beta 1 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7.5 beta 1 - Softpointer Inc) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon) VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.1.4.16648 - VMware, Inc) VMware Workstation (x32 Version: 7.1.4.16648 - VMware, Inc.) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis) windata 8 (HKLM-x32\...\{41E3E33D-38BC-4AB1-B327-7125EC2B389A}) (Version: 08.08.0000 - windata GmbH & Co.KG) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows-Treiberpaket - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2012-06-16 09:59 - 00001321 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 adobeereg.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 192.150.18.108 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-12-08 12:10 - 2014-12-08 12:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-09-08 14:39 - 2015-01-17 12:38 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\TotalUninstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\Wiainst64.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AdobePDF.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AdobePDFUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\SaErHdlr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SaImgFlt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SaMinDrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SBuySupplies.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Ssusbp64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssy3cci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssy3cci.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssy3clm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MFC71ESP.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Ssusbpn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl64.sys:$CmdTcID AlternateDataStreams: C:\ProgramData\TEMP:4769CB2A AlternateDataStreams: C:\Users\MDG\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MDG\Desktop\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MDG\Downloads\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MDG\Downloads\FileZilla_3.10.0.1_win32-setup.exe:$CmdTcID AlternateDataStreams: C:\Users\MDG\Downloads\FileZilla_3.10.1.1_win32-setup.exe:$CmdTcID AlternateDataStreams: C:\Users\MDG\Downloads\iTunes64Setup (1).exe:BDU AlternateDataStreams: C:\Users\MDG\Documents\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MGA\Downloads\tdsskiller.zip:$CmdZnID AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01720810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42942412.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01720810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42942412.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1839428087-913458323-2622912977-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\MDG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Fax => 3 MSCONFIG\Services: PDF Architect Helper Service => 2 MSCONFIG\Services: PDF Architect Service => 2 MSCONFIG\Services: rpcapd => 3 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^windata 8 Zahlungserinnerung.lnk => C:\Windows\pss\windata 8 Zahlungserinnerung.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{132DFECA-BC8E-463B-8079-C3EEA8EEDF6D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{6EB3435C-CBA3-40D3-BDE9-45C60F769AE9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{D7FEB535-FBC4-4F6E-8585-2C734216815A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{76F9F428-B386-42B0-B435-0A1D4DB23B76}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{69904477-8D00-409F-AB6D-86BA52E03262}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B1BD2BC9-B333-4C7F-BBA4-2FD3D353CD65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D07DC866-B45F-4EE4-AEC6-087FBF0490D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5F58F907-3378-434A-819D-410BB37BA94A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{FDAD7D0D-23CD-47B8-9FE1-D1FD3A7EFBC2}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{DD98C73E-FEF2-437A-A086-99A322718FD1}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{B2691711-88F7-4397-A7FD-834555FA7CB6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{E0487F62-2EE1-4471-91E4-DC4A4871D82A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{DE81AAD9-592E-4127-A823-2C6F4A3C7B42}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{4B79F3DF-0249-4284-B89A-FA1584936D08}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{56E4C75F-319B-4C9C-864C-790E86CE00CF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{3516FDBF-D67E-4619-AFC6-6D3518E4D787}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [TCP Query User{52727094-7841-4AB6-B49A-CE27DB8D0134}D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe] => (Allow) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{7F6E5E21-FF5F-4E44-9F8F-BF31EF14136C}D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe] => (Allow) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [{B8E33901-804C-481D-AEE3-936F26ADB8E4}] => (Block) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [{6309E5A0-4E8A-456D-BBFF-9B648F904D8F}] => (Block) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{98413DB9-F5D7-415A-B073-1D8A44163E6E}C:\program files (x86)\qnap\qfinder\qfinder.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [UDP Query User{3AB57E27-F1F1-4D44-8E58-E09270F6F8A4}C:\program files (x86)\qnap\qfinder\qfinder.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [{7A95DD2E-E177-4188-B59B-8C1F67393A7B}] => (Block) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [{D020EA29-9745-48B2-B672-D5E70DE44DEE}] => (Block) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [TCP Query User{E6576D4F-808D-4157-9342-41DB209EC4DB}C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [UDP Query User{3568D83A-E998-43A8-B448-95412D28C1C8}C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{A02387A4-F256-4144-94C2-E8A3B12CDFA8}] => (Block) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{77B9F661-0C2B-41FD-BEE5-1392AE75F094}] => (Block) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{813F09AE-2685-4AC2-96C9-C97ABE8CEB07}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{B61FD00E-EC2F-4561-993D-C4566D1D7C5A}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{EE216906-A7D0-44EA-9572-0017475BA7C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{D2DACD41-4FED-462C-8BAF-BCE9A0ACDCCD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{7353E603-5C4E-442B-ABEF-4C17B7263E9F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{688104B6-134B-4D1B-A0C2-5E040A3583E9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{68C8EF24-488B-4691-87AF-F8000449767E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{50C49960-AA85-442A-B0F7-9F8C6C4E5775}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{F905191D-0B6B-4E22-8080-AAE649809CE3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{1F1595F6-2948-45E9-B4C9-1CC73E113F75}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{CF166489-A3B8-4ACD-A6A0-DE9D4E49B361}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{0B612361-E5F6-47D2-A250-39E1C2D0D239}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{43A30FF8-8AAE-4718-BCE8-29819196743C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{26533BF8-4239-4E71-A897-7F24CC413651}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{01A927B1-0536-4373-8D86-41E400E85013}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B5E3F4D5-6436-4E1E-AD72-A48A6485C998}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{40FF716E-033B-4227-A696-757BBDB10787}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6DD290A7-04E1-49EE-9D25-0AE4CE7CA841}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: M:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/06/2015 10:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:14:09 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (07/06/2015 10:14:08 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (07/06/2015 10:09:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/08/2015 11:20:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4 Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c92c Ausnahmecode: 0xc0000005 Fehleroffset: 0x000000000000957b ID des fehlerhaften Prozesses: 0xfec Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Error: (05/08/2015 06:54:52 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/08/2015 06:54:52 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/06/2015 11:50:16 PM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. System errors: ============= Error: (07/06/2015 10:24:18 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 06.07.2015 um 10:23:09 unerwartet heruntergefahren. Error: (07/06/2015 10:07:09 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 09.05.2015 um 03:59:50 unerwartet heruntergefahren. Error: (07/06/2015 10:07:05 AM) (Source: volsnap) (EventID: 29) (User: ) Description: Die Schattenkopien von Volume "C:" wurde während der Ermittlung abgebrochen. Error: (05/06/2015 04:39:13 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 20. Error: (05/05/2015 10:12:13 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 20. Error: (05/01/2015 04:39:13 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 20. Error: (04/21/2015 10:40:08 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (04/16/2015 01:51:17 AM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 80. Error: (04/15/2015 11:55:36 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung empfangen: 80. Error: (04/14/2015 05:53:16 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT) Description: Es wurde eine schwerwiegende Warnung generiert: 43. Der interne Fehlerstatus lautet: 252. Microsoft Office: ========================= Error: (07/06/2015 10:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:14:09 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\updates\extracts\SDWSCSvc.exe Error: (07/06/2015 10:14:08 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\SDWSCSvc.exe Error: (07/06/2015 10:09:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\Updates\Extracts\SDWSCSvc.exe Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\SDWSCSvc.exe Error: (05/08/2015 11:20:53 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Explorer.EXE6.1.7601.175674d672ee4ole32.dll6.1.7601.175144ce7c92cc0000005000000000000957bfec01d086851cb55c4bC:\Windows\Explorer.EXEC:\Windows\system32\ole32.dll86261dab-f563-11e4-b3e7-005056c00008 Error: (05/08/2015 06:54:52 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\Updates\Extracts\SDWSCSvc.exe Error: (05/08/2015 06:54:52 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\SDWSCSvc.exe Error: (05/06/2015 11:50:16 PM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\Updates\Extracts\SDWSCSvc.exe CodeIntegrity Errors: =================================== Date: 2014-01-01 04:01:04.939 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WinPE\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-01 04:01:04.892 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WinPE\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 18:29:24.145 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 18:29:24.123 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 17:17:18.008 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 17:17:17.975 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 11:56:55.679 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 11:56:55.654 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 09:37:40.972 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 09:37:40.931 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz Percentage of memory in use: 17% Total physical RAM: 16076.52 MB Available physical RAM: 13272.63 MB Total Virtual: 32151.22 MB Available Virtual: 29141.68 MB ==================== Drives ================================ Drive c: (SSD 840 Pro Volume 1) (Fixed) (Total:97.66 GB) (Free:15.45 GB) NTFS Drive d: (SSD 840 Pro Volume 2) (Fixed) (Total:140.62 GB) (Free:25.3 GB) NTFS Drive e: (SSD Samsung MMCRE28G) (Fixed) (Total:119.24 GB) (Free:20.05 GB) NTFS Drive f: (HD103UJ Backup) (Fixed) (Total:931.5 GB) (Free:115.94 GB) NTFS Drive g: (Acronis Media) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS Drive s: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive t: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive w: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive y: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive z: () (Network) (Total:3664.62 GB) (Free:987.9 GB) ==================== MBR & Partition Table ================== ==================== End of log ============================ |
06.07.2015, 10:41 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verdacht auf Rootkit, kein Ergebnis über Virenscan Ist das ein gewebrlich genutztes System? Und dann mit Cracks arbeiten?
__________________Zitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
06.07.2015, 11:12 | #3 |
| Win7: Verdacht auf Rootkit, kein Ergebnis über Virenscan Kein gewerbliches System, aber macht die Sache nicht besser.
__________________War mal installiert allerdings schon vor Monaten durch lizenzierte Version ersetzt. |
06.07.2015, 11:30 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Win7: Verdacht auf Rootkit, kein Ergebnis über Virenscan Adware/Junkware/Toolbars entfernen 1. Schritt: Malwarebytes Downloade Dir bitte Malwarebytes Anti-Malware
(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 2. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
3. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
4. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
06.07.2015, 13:28 | #5 |
| Win7: Verdacht auf Rootkit, kein Ergebnis über VirenscanCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 06.07.2015 Suchlaufzeit: 13:14 Protokolldatei: Mbam.txt Administrator: Nein Version: 2.1.8.1057 Malware-Datenbank: v2015.07.06.02 Rootkit-Datenbank: v2015.07.05.03 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: MDG Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319283 Abgelaufene Zeit: 5 Min., 18 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 0 (keine bösartigen Elemente erkannt) Dateien: 0 (keine bösartigen Elemente erkannt) Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter # AdwCleaner v4.207 - Bericht erstellt 06/07/2015 um 13:53:21 # Aktualisiert 21/06/2015 von Xplode # Datenbank : 2015-07-05.2 [Server] # Betriebssystem : Windows 7 Professional Service Pack 1 (x64) # Benutzername : MGA - MDG-PC-NEU # Gestarted von : E:\Download\Emergency\AdwCleaner_4.207.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** [!] Ordner Gelöscht : C:\Windows\System32\drivers\hosts Ordner Gelöscht : C:\Users\MGA\AppData\Roaming\pdfforge Datei Gelöscht : C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage Datei Gelöscht : C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_wlogin.icq.com_0.localstorage-journal Datei Gelöscht : C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.icq.com_0.localstorage Datei Gelöscht : C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.icq.com_0.localstorage-journal Datei Gelöscht : C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage Datei Gelöscht : C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.veoh.com_0.localstorage-journal ***** [ Geplante Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F} Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local ***** [ Internetbrowser ] ***** -\\ Internet Explorer v11.0.9600.17728 -\\ Google Chrome v43.0.2357.130 [C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://sportbild.bild.de/kddb/cms/websearchsport.do?query={searchTerms} [C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms} ************************* AdwCleaner[R0].txt - [2910 Bytes] - [06/07/2015 13:51:00] AdwCleaner[S0].txt - [2832 Bytes] - [06/07/2015 13:53:21] ########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2891 Bytes] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.3.3 (07.06.2015:2) OS: Windows 7 Professional x64 Ran by MGA on 06.07.2015 at 14:05:36,26 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A2D5EBA-F86D-4BD3-A177-019765996711} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711} ~~~ Files Successfully deleted: [File] C:\Program Files (x86)\GUT6A47.tmp Successfully deleted: [File] C:\ProgramData\1369735270.bdinstall.bin Successfully deleted: [File] C:\ProgramData\1389638880.bdinstall.bin ~~~ Folders Successfully deleted: [Folder] C:\Users\MGA\documents\add-in express ~~~ Chrome [C:\Users\MGA\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\MGA\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\MGA\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\MGA\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06.07.2015 at 14:14:17,97 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-07-2015 Ran by MDG (ATTENTION: The logged in user is not administrator) on MDG-PC-NEU on 06-07-2015 14:40:46 Running from E:\Emergency Loaded Profiles: MDG (Available Profiles: MGA & MDG) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) Failed to access process -> smss.exe Failed to access process -> csrss.exe Failed to access process -> wininit.exe Failed to access process -> csrss.exe Failed to access process -> services.exe Failed to access process -> lsass.exe Failed to access process -> lsm.exe Failed to access process -> winlogon.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> cmdagent.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> svchost.exe Failed to access process -> SbieSvc.exe Failed to access process -> spoolsv.exe Failed to access process -> svchost.exe Failed to access process -> schedul2.exe Failed to access process -> armsvc.exe Failed to access process -> AppleMobileDeviceService.exe Failed to access process -> svchost.exe Failed to access process -> HeciServer.exe Failed to access process -> Jhi_service.exe Failed to access process -> svchost.exe Failed to access process -> TeamViewer_Service.exe Failed to access process -> ViakaraokeSrv.exe Failed to access process -> vmware-usbarbitrator.exe Failed to access process -> vmnat.exe Failed to access process -> vmware-authd.exe Failed to access process -> vmnetdhcp.exe Failed to access process -> svchost.exe Failed to access process -> WUDFHost.exe Failed to access process -> cavwp.exe Failed to access process -> IAStorDataMgrSvc.exe Failed to access process -> LMS.exe Failed to access process -> sppsvc.exe Failed to access process -> wmpnetwk.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> SearchIndexer.exe Failed to access process -> UNS.exe Failed to access process -> WmiPrvSE.exe Failed to access process -> TeamViewer_Desktop.exe Failed to access process -> taskeng.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe Failed to access process -> tv_w32.exe Failed to access process -> tv_x64.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe (GARMIN Corp.) C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe (Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe Failed to access process -> svchost.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [395344 2011-09-22] (Acronis) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1426136 2015-04-20] (COMODO) HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [464608 2015-01-17] () HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2015-01-15] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [SAOB Monitor] => C:\Program Files (x86)\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis) HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis) HKLM-x32\...\Run: [vmware-tray] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [129648 2011-03-25] (VMware, Inc.) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2015-01-31] (Adobe Systems Inc.) HKLM\...\RunOnce: [*WerKernelReporting] => C:\Windows\SYSTEM32\WerFault.exe [415232 2009-07-14] (Microsoft Corporation) HKLM-x32\...\RunOnce: [{9334B453-6239-47DF-B6EC-A74C55F36214}] => cmd.exe /C start /D "C:\Users\MGA\AppData\Local\Temp" /B {9334B453-6239-47DF-B6EC-A74C55F36214}.exe -accepteula -accepteulaksn -activeimages -postboot HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2015-07-06] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-02-18] (Sandboxie Holdings, LLC) HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\Run: [ANT Agent] => C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe [14731776 2013-02-15] (GARMIN Corp.) HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {0a99f426-71f6-11e3-9d23-005056c00008} - M:\setup.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {1a89f61a-723f-11e3-8428-005056c00008} - N:\setup.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {2daba32a-712b-11e3-a1b1-005056c00008} - H:\Programs\PStart.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {7bb2d7b3-72da-11e3-b590-005056c00008} - M:\setup\rsrc\Autorun.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {7bb2d7e0-72da-11e3-b590-005056c00008} - M:\setup\rsrc\Autorun.exe HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\MountPoints2: {7bb2d7e4-72da-11e3-b590-005056c00008} - N:\autorun.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2013-09-04] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKU\S-1-5-21-1839428087-913458323-2622912977-1009\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1839428087-913458323-2622912977-1009\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-04] (LastPass) BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-04] (LastPass) BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll [2013-03-11] (FreeDownloadManager.ORG) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-18] (Microsoft Corporation) BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2013-09-04] (LastPass) Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2013-09-04] (LastPass) Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{73922EE3-AC66-40D7-9164-91A24560AF14}: [DhcpNameServer] 172.20.10.1 Tcpip\..\Interfaces\{DD890A96-155D-4021-AC73-75CF83D8CB30}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{ED36C01F-24E0-497B-BB94-DB8A6C1517F3}: [DhcpNameServer] 172.20.10.1 FireFox: ======== FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2013-09-04] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems) FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll [2012-11-02] (GARMIN Corp.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass.dll [2013-09-04] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-06] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-06] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-11-11] (VideoLAN) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-09-12] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-05-31] FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-31] Chrome: ======= CHR Profile: C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Translate) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-01-16] CHR Extension: (Adblock Plus) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-01-16] CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-13] CHR Extension: (LastPass: Free Password Manager) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-01-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-03] CHR Extension: (FlashControl) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-01-16] CHR Extension: (Google Wallet) - C:\Users\MDG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-03-03] (Apple Inc.) R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5540424 2015-04-20] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265816 2015-04-20] (COMODO) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1133880 2015-07-06] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\SysWOW64\svchost.exe [20992 2009-07-14] (Microsoft Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-18] (Sandboxie Holdings, LLC) S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2015-01-15] (Safer-Networking Ltd.) S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2015-01-15] (Safer-Networking Ltd.) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-07-06] (TeamViewer GmbH) S3 ufad-ws60; C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe [191024 2010-08-19] (VMware, Inc.) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20696 2015-04-01] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [797280 2015-04-01] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2015-04-01] (COMODO) S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2014-02-14] (Digiarty Software, Inc.) S3 DSI_SiUSBXp_3_1; C:\Windows\System32\drivers\DSI_SiUSBXp_3_1.sys [16384 2007-09-06] (Silicon Laboratories) R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2015-04-01] (COMODO) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-07-06] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-07-06] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-07-06] (Malwarebytes Corporation) S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-18] (Sandboxie Holdings, LLC) S3 gdrv; \??\C:\Windows\gdrv.sys [X] S3 WIMMount; \??\D:\WinPE\Win8pese\Projects\Tools\Win8PESE\X64\wimmount.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 14:05 - 2015-07-06 14:05 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MDG-PC-NEU-Windows-7-Professional-(64-bit).dat 2015-07-06 14:05 - 2015-07-06 14:05 - 00000000 ____D C:\RegBackup 2015-07-06 12:27 - 2015-07-06 13:09 - 725000223 ____N C:\Windows\MEMORY.DMP 2015-07-06 11:00 - 2015-07-06 14:40 - 00000000 ____D C:\FRST 2015-07-06 11:00 - 2015-07-06 11:00 - 00000000 _____ C:\Users\MGA\defogger_reenable ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-06 14:40 - 2011-04-12 09:43 - 00772804 _____ C:\Windows\system32\perfh007.dat 2015-07-06 14:40 - 2011-04-12 09:43 - 00217432 _____ C:\Windows\system32\perfc007.dat 2015-07-06 14:40 - 2009-07-14 07:13 - 01768484 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-06 14:39 - 2015-01-16 13:15 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-06 14:38 - 2013-05-22 11:45 - 01117800 _____ C:\Windows\WindowsUpdate.log 2015-07-06 14:35 - 2013-05-30 22:00 - 00000000 ____D C:\ProgramData\VMware 2015-07-06 14:35 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-06 14:35 - 2009-07-14 06:51 - 00055521 _____ C:\Windows\setupact.log 2015-07-06 14:34 - 2015-04-26 13:53 - 00000000 ____D C:\Temp 2015-07-06 14:15 - 2015-01-16 13:15 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-06 14:01 - 2009-07-14 06:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-06 14:01 - 2009-07-14 06:45 - 00020304 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-06 13:09 - 2013-09-25 14:33 - 00000000 ____D C:\Windows\Minidump 2015-07-06 13:09 - 2010-11-21 05:47 - 00151330 _____ C:\Windows\PFRO.log 2015-07-06 13:09 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Cursors 2015-07-06 12:55 - 2015-01-15 16:23 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-06 12:54 - 2015-01-15 16:23 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-07-06 12:54 - 2015-01-15 16:23 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-07-06 12:54 - 2015-01-15 16:23 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-07-06 12:54 - 2015-01-15 16:23 - 00001122 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-07-06 12:54 - 2015-01-15 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-07-06 12:54 - 2015-01-15 16:23 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-07-06 12:50 - 2013-05-30 22:04 - 00000000 ____D C:\Users\MDG\AppData\Roaming\VMware 2015-07-06 12:50 - 2013-05-30 22:04 - 00000000 ____D C:\Users\MDG\AppData\Local\VMware 2015-07-06 12:48 - 2015-02-20 22:18 - 00018624 _____ C:\Windows\Sandboxie.LOG 2015-07-06 12:48 - 2013-05-25 16:29 - 00041476 _____ C:\Windows\Sandboxie.ini 2015-07-06 12:44 - 2013-05-25 00:46 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-07-06 12:16 - 2015-01-15 10:04 - 00126364 _____ C:\Windows\system32\Drivers\fvstore.dat 2015-07-06 11:15 - 2015-01-16 13:16 - 00002195 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2015-07-06 11:04 - 2014-01-13 23:38 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat 2015-07-06 11:00 - 2013-05-22 11:44 - 00000000 ____D C:\Users\MGA 2015-07-06 10:40 - 2015-01-15 08:30 - 00000991 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-07-06 10:40 - 2015-01-15 08:30 - 00000979 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk 2015-07-06 10:33 - 2015-03-23 20:07 - 00015364 ____H C:\Users\MDG\.DS_Store ==================== Files in the root of some directories ======= 2013-09-04 08:38 - 2013-09-04 08:38 - 15641088 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-01-16 10:24 - 2015-03-02 13:35 - 0000600 _____ () C:\Users\MDG\AppData\Local\PUTTY.RND 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Dance 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Dance Kit 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Database 2013-06-18 14:17 - 2013-06-18 14:17 - 0000268 ___RH () C:\ProgramData\Displays 2013-05-29 10:48 - 2015-01-15 12:21 - 0008941 _____ () C:\ProgramData\LMabscan.log 2013-06-18 14:17 - 2013-06-18 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT 2013-06-18 14:17 - 2013-06-18 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT 2013-06-18 14:17 - 2015-03-22 02:00 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT 2013-06-18 14:17 - 2013-06-18 14:17 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT Some files in TEMP: ==================== C:\Users\MDG\AppData\Local\Temp\Ableton Swapper.exe C:\Users\MDG\AppData\Local\Temp\SandboxieInstall.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed ==================== End of log ============================ [CODE]Additional FRST Logfile: Code:
ATTFilter scan result of Farbar Recovery Scan Tool (x64) Version:05-07-2015 Ran by MDG at 2015-07-06 14:41:03 Running from E:\Emergency Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1839428087-913458323-2622912977-500 - Administrator - Disabled) Gast (S-1-5-21-1839428087-913458323-2622912977-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-1839428087-913458323-2622912977-1007 - Limited - Enabled) MDG (S-1-5-21-1839428087-913458323-2622912977-1009 - Limited - Enabled) => C:\Users\MDG MDG_O (S-1-5-21-1839428087-913458323-2622912977-1008 - Limited - Disabled) MGA (S-1-5-21-1839428087-913458323-2622912977-1001 - Administrator - Enabled) => C:\Users\MGA __vmware_user__ (S-1-5-21-1839428087-913458323-2622912977-1011 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: COMODO Antivirus (Disabled - Up to date) {F0BC89B2-8937-0933-021B-B17D981F2A71} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Comodo Defense+ (Enabled - Up to date) {4BDD6856-AF0D-06BD-38AB-8A0FE39860CC} FW: COMODO Firewall (Enabled) {C8870897-C358-086B-2944-184866CC6D0A} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Ableton Live 9 Standard (HKLM\...\{BDEBF6AC-273C-4D69-ADD0-93B5EB085DEB}) (Version: 9.0.0.0 - Ableton) Acronis*True*Image*Home 2011 (HKLM-x32\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis) Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems) Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated) Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.) Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.) ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.7 - Atheros Communications Inc.) Benutzerhandbuch anzeigen (HKLM-x32\...\View User Guide) (Version: 3.60.43.0 - ) CIB pdf brewer (HKLM\...\{3B88F2B3-B0CA-4564-BFB9-00151AB1742C}) (Version: 2.6.0049 - CIB software GmbH) Common Desktop Agent (Version: 1.62.0 - OEM) Hidden COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Easy CD-DA Extractor 2010 (HKLM-x32\...\Easy CD-DA Extractor 2010) (Version: 2010.6 - Poikosoft) ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.1.16835 - Landesfinanzdirektion Thüringen) Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden FileZilla Client 3.10.1.1 (HKLM-x32\...\FileZilla Client) (Version: 3.10.1.1 - Tim Kosse) Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Garmin ANT Agent (HKLM\...\{20B0E07B-12EA-4BAB-A3B1-E17D7568EB6F}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin (HKLM-x32\...\{647BB978-2876-487B-9B0E-FDB73F0EA4A2}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin Communicator Plugin x64 (HKLM\...\{237D687E-9E50-4A30-B810-262764CC491B}) (Version: 4.0.4 - Garmin Ltd or its subsidiaries) Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.1.0.1006 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Malware Version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Visio Professional 2013 (HKLM\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) MOBackup - Datensicherung für Outlook (Testversion) (HKLM-x32\...\MOBackup-DatensicherungfürOutlook) (Version: 7.51 - Heiko Schröder) NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles) Nikon Message Center 2 (HKLM-x32\...\{B014EE44-9197-4513-9613-71E6EB1B514E}) (Version: 2.1.0 - Nikon) Nikon Movie Editor (HKLM-x32\...\{5CAD3393-EEC0-44CE-9F93-BCAA365B77FB}) (Version: 2.7.0 - Nikon) Nur Entfernen der CopyTrans Suite möglich (HKU\S-1-5-21-1839428087-913458323-2622912977-1009\...\CopyTrans Suite) (Version: 2.37 - WindSolutions) Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.0 - pdfforge) Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.4.12 - Nikon) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden QNAP Qfinder (HKLM-x32\...\QNAP_FINDER) (Version: 4.0.2.0814a - QNAP Systems, Inc.) RoboMirror (HKLM-x32\...\{D3F69CEB-C0BF-4EB8-A6D1-79A45CEF4E2F}) (Version: 0.5.0.0 - Martin Kinkelin) Samsung CLX-6260 Series (HKLM-x32\...\Samsung CLX-6260 Series) (Version: 1.16 (10.12.2014) - Samsung Electronics Co., Ltd.) Samsung Drucker-Diagnose (HKLM-x32\...\Samsung Printer Diagnostics) (Version: 1.0.0.16 - Samsung Electronics Co., Ltd.) Samsung Easy Document Creator (HKLM-x32\...\Samsung Easy Document Creator) (Version: 1.06.46 (30.10.2014) - Samsung Electronics Co., Ltd.) Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.05.66.00(30.10.2014) - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.) Samsung Scan Process Machine (x32 Version: 1.03.05.18 - Samsung Electronics Co., Ltd.) Hidden Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC) Scratch Live 2.4.4 (21) (HKLM-x32\...\{BFB1739B-3B75-4270-8F46-CD8A7628CA40}) (Version: 2.4.4 - Serato Inc LP) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0051-0000-1000-0000000FF1CE}_Office15.VISPROR_{F0C12872-B60D-4E37-A2F9-20C46A5E1F1A}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital) SNS Upload for Easy Document Creator (HKLM-x32\...\{B6B5F07C-88D5-49D3-A1A7-A6D4BC37DCCC}) (Version: 1.0.0 - Samsung Electronics Co.,Ltd) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Tag&Rename 3.7.5 beta 1 (HKLM-x32\...\Tag&Rename_is1) (Version: 3.7.5 beta 1 - Softpointer Inc) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) ViewNX 2 (HKLM\...\{635BE602-BB9C-4C59-8CC5-93F9366E8A21}) (Version: 2.7.6 - Nikon) VLC media player 2.1.1 (HKLM-x32\...\VLC media player) (Version: 2.1.1 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 7.1.4.16648 - VMware, Inc) VMware Workstation (x32 Version: 7.1.4.16648 - VMware, Inc.) Hidden Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc) WinCDEmu (HKLM-x32\...\WinCDEmu) (Version: 3.6 - Bazis) windata 8 (HKLM-x32\...\{41E3E33D-38BC-4AB1-B327-7125EC2B389A}) (Version: 08.08.0000 - windata GmbH & Co.KG) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies) Windows-Treiberpaket - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations) Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software) WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Restore Points ========================= ATTENTION: System Restore is disabled Check "winmgmt" service or repair WMI. ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-07-06 14:33 - 2015-07-06 14:33 - 00000849 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ==================== Loaded Modules (Whitelisted) ============== 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2014-12-08 12:10 - 2014-12-08 12:10 - 00102176 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll 2010-06-21 19:37 - 2010-06-30 13:10 - 00126264 _____ () C:\Program Files\Easy CD-DA Extractor 2010\ezcddax64.dll 2012-03-19 22:09 - 2012-03-19 22:09 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-09-08 14:39 - 2015-01-17 12:38 - 00464608 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe 2014-09-08 14:38 - 2014-09-08 14:38 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows\TotalUninstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\Wiainst64.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AdobePDF.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AdobePDFUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepdu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eed_ec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\eed_sl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\GEARAspi64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ie4uinit.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\system32\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MRT.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\system32\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\nlasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\osk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\profsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\SaErHdlr.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SaImgFlt.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SaMinDrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\SBuySupplies.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sdnclean64.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Ssusbp64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssy3cci.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssy3cci.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\ssy3clm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\termsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usbaaplrc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID AlternateDataStreams: C:\Windows\system32\winresume.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\capiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cngprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dfshim.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dimsroam.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dpapiprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtmsft.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\dxtrans.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\GEARAspi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\icardagt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\icardres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieapfltr.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iedkcs32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieframe.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iernonce.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iertutil.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iesetup.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieui.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ieUnatt.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\inetcpl.cpl:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\infocardapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\jsproxy.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MFC71ESP.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscorier.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mscories.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msfeeds.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtml.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmled.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msrating.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ncsi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\nlaapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\objsel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\osk.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\qedit.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\Ssusbpn.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\TsWpfWrp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\ubpm.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\urlmon.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\vbscript.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wer.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wincredprovider.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wininet.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\afd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mbamchameleon.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tdx.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID AlternateDataStreams: C:\Windows\system32\Drivers\usbaapl64.sys:$CmdTcID AlternateDataStreams: C:\ProgramData\TEMP:4769CB2A AlternateDataStreams: C:\Users\MDG\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MDG\Desktop\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MDG\Downloads\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MDG\Downloads\FileZilla_3.10.0.1_win32-setup.exe:$CmdTcID AlternateDataStreams: C:\Users\MDG\Downloads\FileZilla_3.10.1.1_win32-setup.exe:$CmdTcID AlternateDataStreams: C:\Users\MDG\Downloads\iTunes64Setup (1).exe:BDU AlternateDataStreams: C:\Users\MDG\Documents\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\MGA\Downloads\tdsskiller.zip:$CmdZnID AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo AlternateDataStreams: C:\Users\Public\Documents\.DS_Store:AFP_AfpInfo ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\01720810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\42942412.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\01720810.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\42942412.sys => ""="Driver" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1839428087-913458323-2622912977-1009\Control Panel\Desktop\\Wallpaper -> C:\Users\MDG\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.2.1 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Fax => 3 MSCONFIG\Services: PDF Architect Helper Service => 2 MSCONFIG\Services: PDF Architect Service => 2 MSCONFIG\Services: rpcapd => 3 MSCONFIG\Services: SDScannerService => 2 MSCONFIG\Services: SDUpdateService => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^windata 8 Zahlungserinnerung.lnk => C:\Windows\pss\windata 8 Zahlungserinnerung.lnk.CommonStartup MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: HDAudDeck => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: Nikon Message Center 2 => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe FirewallRules: [{132DFECA-BC8E-463B-8079-C3EEA8EEDF6D}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{6EB3435C-CBA3-40D3-BDE9-45C60F769AE9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe FirewallRules: [{D7FEB535-FBC4-4F6E-8585-2C734216815A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{76F9F428-B386-42B0-B435-0A1D4DB23B76}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe FirewallRules: [{69904477-8D00-409F-AB6D-86BA52E03262}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{B1BD2BC9-B333-4C7F-BBA4-2FD3D353CD65}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D07DC866-B45F-4EE4-AEC6-087FBF0490D6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{5F58F907-3378-434A-819D-410BB37BA94A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [TCP Query User{FDAD7D0D-23CD-47B8-9FE1-D1FD3A7EFBC2}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [UDP Query User{DD98C73E-FEF2-437A-A086-99A322718FD1}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe FirewallRules: [{B2691711-88F7-4397-A7FD-834555FA7CB6}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{E0487F62-2EE1-4471-91E4-DC4A4871D82A}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{DE81AAD9-592E-4127-A823-2C6F4A3C7B42}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{4B79F3DF-0249-4284-B89A-FA1584936D08}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{56E4C75F-319B-4C9C-864C-790E86CE00CF}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [{3516FDBF-D67E-4619-AFC6-6D3518E4D787}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe FirewallRules: [TCP Query User{52727094-7841-4AB6-B49A-CE27DB8D0134}D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe] => (Allow) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [UDP Query User{7F6E5E21-FF5F-4E44-9F8F-BF31EF14136C}D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe] => (Allow) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [{B8E33901-804C-481D-AEE3-936F26ADB8E4}] => (Block) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [{6309E5A0-4E8A-456D-BBFF-9B648F904D8F}] => (Block) D:\sandbox\mdg\permanentinternetaccess\drive\c\program files\java\jre7\bin\javaw.exe FirewallRules: [TCP Query User{98413DB9-F5D7-415A-B073-1D8A44163E6E}C:\program files (x86)\qnap\qfinder\qfinder.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [UDP Query User{3AB57E27-F1F1-4D44-8E58-E09270F6F8A4}C:\program files (x86)\qnap\qfinder\qfinder.exe] => (Allow) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [{7A95DD2E-E177-4188-B59B-8C1F67393A7B}] => (Block) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [{D020EA29-9745-48B2-B672-D5E70DE44DEE}] => (Block) C:\program files (x86)\qnap\qfinder\qfinder.exe FirewallRules: [TCP Query User{E6576D4F-808D-4157-9342-41DB209EC4DB}C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [UDP Query User{3568D83A-E998-43A8-B448-95412D28C1C8}C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe] => (Allow) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{A02387A4-F256-4144-94C2-E8A3B12CDFA8}] => (Block) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{77B9F661-0C2B-41FD-BEE5-1392AE75F094}] => (Block) C:\users\mga\appdata\local\temp\fritz!wlanrepeater310\fsetup.exe FirewallRules: [{813F09AE-2685-4AC2-96C9-C97ABE8CEB07}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{B61FD00E-EC2F-4561-993D-C4566D1D7C5A}] => (Allow) C:\Windows\twain_32\Samsung\CLX6260\SCNSearch\USDAgent.exe FirewallRules: [{EE216906-A7D0-44EA-9572-0017475BA7C0}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDS.Application.exe FirewallRules: [{D2DACD41-4FED-462C-8BAF-BCE9A0ACDCCD}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\OrderSupplies.exe FirewallRules: [{7353E603-5C4E-442B-ABEF-4C17B7263E9F}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\IDSAlert.exe FirewallRules: [{688104B6-134B-4D1B-A0C2-5E040A3583E9}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\uninstall.exe FirewallRules: [{68C8EF24-488B-4691-87AF-F8000449767E}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\CDAS2PC.exe FirewallRules: [{50C49960-AA85-442A-B0F7-9F8C6C4E5775}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\ScanProcess.exe FirewallRules: [{F905191D-0B6B-4E22-8080-AAE649809CE3}] => (Allow) C:\Program Files (x86)\Samsung\Easy Printer Manager\CDAS2PC\Scan2PCNotify.exe FirewallRules: [{1F1595F6-2948-45E9-B4C9-1CC73E113F75}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{CF166489-A3B8-4ACD-A6A0-DE9D4E49B361}] => (Allow) C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe FirewallRules: [{0B612361-E5F6-47D2-A250-39E1C2D0D239}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{43A30FF8-8AAE-4718-BCE8-29819196743C}] => (Allow) C:\Program Files (x86)\Samsung\Easy Document Creator\EDC.exe FirewallRules: [{01A927B1-0536-4373-8D86-41E400E85013}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B5E3F4D5-6436-4E1E-AD72-A48A6485C998}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{40FF716E-033B-4227-A696-757BBDB10787}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{6DD290A7-04E1-49EE-9D25-0AE4CE7CA841}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{D497BE33-0921-41CD-8D8A-B507AAEAC0CD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service ==================== Faulty Device Manager Devices ============= Name: M:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/06/2015 02:37:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 01:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 01:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 00:29:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:14:09 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (07/06/2015 10:14:08 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (07/06/2015 10:09:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName1". Die Einstellung "hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayName" ist nicht registriert. System errors: ============= Error: (07/06/2015 02:07:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/06/2015 02:07:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/06/2015 02:07:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/06/2015 02:07:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/06/2015 02:07:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VMware DHCP Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/06/2015 02:07:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VMware Authorization Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/06/2015 02:07:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VMware NAT Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/06/2015 02:07:13 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "VMware USB Arbitration Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/06/2015 02:07:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "VIA Karaoke digital mixer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/06/2015 02:07:13 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Microsoft Office: ========================= Error: (07/06/2015 02:37:46 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 01:55:52 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 01:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 00:29:15 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:26:12 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/06/2015 10:14:09 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\updates\extracts\SDWSCSvc.exe Error: (07/06/2015 10:14:08 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\SDWSCSvc.exe Error: (07/06/2015 10:09:03 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\Updates\Extracts\SDWSCSvc.exe Error: (05/09/2015 00:07:30 AM) (Source: SideBySide) (EventID: 81) (User: ) Description: hxxp://schemas.microsoft.com/SMI/2005/WindowsSettings^antispywareProductDisplayNamec:\program files (x86)\spybot - search & destroy 2\SDWSCSvc.exe CodeIntegrity Errors: =================================== Date: 2014-01-01 04:01:04.939 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WinPE\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-01-01 04:01:04.892 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WinPE\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 18:29:24.145 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 18:29:24.123 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 17:17:18.008 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 17:17:17.975 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 11:56:55.679 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 11:56:55.654 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 09:37:40.972 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-12-31 09:37:40.931 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Temp\Win8pese\Mount\Win8PESE\Source\InstallWimSrc\Windows\explorer.exe" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz Percentage of memory in use: 13% Total physical RAM: 16076.52 MB Available physical RAM: 13969.88 MB Total Virtual: 32151.22 MB Available Virtual: 29931.02 MB ==================== Drives ================================ Drive c: (SSD 840 Pro Volume 1) (Fixed) (Total:97.66 GB) (Free:14.19 GB) NTFS Drive d: (SSD 840 Pro Volume 2) (Fixed) (Total:140.62 GB) (Free:25.63 GB) NTFS Drive e: (SSD Samsung MMCRE28G) (Fixed) (Total:119.24 GB) (Free:20.02 GB) NTFS Drive f: (HD103UJ Backup) (Fixed) (Total:931.5 GB) (Free:115.94 GB) NTFS Drive g: (Acronis Media) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS Drive s: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive t: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive w: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive y: () (Network) (Total:3664.62 GB) (Free:987.9 GB) Drive z: () (Network) (Total:3664.62 GB) (Free:987.9 GB) ==================== MBR & Partition Table ================== ==================== End of log ============================ Geändert von danielpomp (06.07.2015 um 13:44 Uhr) |
Themen zu Win7: Verdacht auf Rootkit, kein Ergebnis über Virenscan |
adware, antivirus, bonjour, browser, converter, cpu, defender, desktop, einstellung, entfernen, fehler, free download, google, helper, install.exe, malware, registry, rootkit, rundll, scan, schannel.dll, security, software, system, udp, warnung, windows, winload.efi, wuauclt.exe |