| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beendenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.06.2016, 20:01
| #1 |
| |  Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden Liebes Team Mein Name ist Michael und vezweifel gerade am Rechner meines Sohnes (13) Durch unachtsame Downloads hat er sich ziemlich viel Malware, Viren und Trojaner eingefangen. Die im Betreff genanten Dateien lassen sich weder mit Killswitch (cce_2.5.242177.201_x64) noch aus der Registrierung löschen. (Zugriff verweigert) Booten im sicherem Modus ist nicht mehr möglich. Desweiteren hat der Rechner kein Internetzugriff mehr. Firewall und Windows Defender lassen sich nicht einschalten. Ich hoffe wir können gemeinsam das Problem lösen. Im folgendem meine Logdateien in der Reihenfolge meines Handelns: CCE-Hidden Code:
ATTFilter ====== System Information ======
Computer Name: FELIX
Log on User: felix153
Memory Size: 3.88 GB.
Windows Directory: C:\WINDOWS
Windows Version:
CCE Version: 2.5.242177.201
Virus database version: 25246
[09:14:39] Scan started.
====== Cleanup results ======
C:\Users\felix153\AppData\Roaming\UPUpdata\hp.exe Malware@#3cb9dh5c4b0i0 VIRUS Clean OK
C:\Users\felix153\AppData\Roaming\UPUpdata\AutoTime_51477.exe Malware@#3sip2wg790reo VIRUS Clean OK
C:\Users\felix153\AppData\Roaming\UPUpdata\service72564.exe ApplicUnwnt@#3q0a0fgwfs2t7 VIRUS Clean OK
C:\Users\felix153\AppData\Roaming\UPUpdata\msiql.exe ApplicUnwnt@#305xrbg1htv4 VIRUS Clean OK
C:\Users\felix153\Desktop\gaming\spiele&so\New World\rebirth-2.0.1-setup.exe Application.Win32.AdInstaller.IF@353749826 VIRUS Clean OK
C:\Users\felix153\Downloads\adblock-plus.exe Application.Win32.AdInstaller.IF@353749826 VIRUS Clean OK
Code:
ATTFilter ====== System Information ======
Computer Name: FELIX
Log on User: felix153
Memory Size: 3.88 GB.
Windows Directory: C:\WINDOWS
Windows Version:
CCE Version: 2.5.242177.201
Virus database version: 25255
[14:42:26] Scan started.
====== Cleanup results ======
C:\Program Files (x86)\mpck\uninstaller.exe TrojWare.MSIL.Injector.ORY@383032196 VIRUS Clean OK
Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2016
durchgeführt von felix153 (Administrator) auf FELIX (15-06-2016 15:19:19)
Gestartet von E:\
Geladene Profile: felix153 & UpdatusUser (Verfügbare Profile: felix153 & UpdatusUser)
Platform: Windows 8.1 (Update) (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] => "C:\ProgramData\cis6F0E.exe" --PostUninstall {15198508-521A-4D69-8E5B-B94A6CCFF805}
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-06-04] (Oracle Corporation)
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\MountPoints2: {1a2a4645-319e-11e6-bf08-7054d27a0bf5} - "E:\AutoRun.exe"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\MountPoints2: {1a2a4669-319e-11e6-bf08-7054d27a0bf5} - "E:\AutoRun.exe"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\MountPoints2: {1a2a46e6-319e-11e6-bf08-7054d27a0bf5} - "E:\AutoRun.exe"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\MountPoints2: {ba115a71-fb00-11e5-bedb-6036dd6bca41} - "E:\LaunchU3.exe" -a
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\MountPoints2: {db2dd47c-3168-11e6-beff-7054d27a0bf5} - "E:\AutoRun.exe"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\MountPoints2: {ef73d0c1-316c-11e6-bf00-7054d27a0bf5} - "E:\AutoRun.exe"
HKU\S-1-5-21-862687528-3461959950-1662931568-1004\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2014-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\felix153\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\felix153\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\felix153\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMGCShellExt64.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Winsock: -> Catalog5-x64 - Unterbrochene Internetverbindung aufgrund eines fehlenden Eintrages. <===== ACHTUNG
Hosts: 0x2320436F707972696768742028632920313939332D32303034204D6963726F736F667420436F72702E0D0A230D0A23204175746F47656E657261746564206279204D6963726F736F667420285229204D616C776172652050726F74656374696F6E20456E67696E652E0D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A3132372E302E302E31202020202020206C6F63616C686F73740D0A3A3A31202020202020202020202020206C6F63616C686F737400
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\Parameters: [NameServer] 82.163.143.173 82.163.142.175
Tcpip\..\Interfaces\{2BBCB26A-E011-4F6B-825C-09F8FD518D6C}: [DhcpNameServer] 82.163.143.173
Tcpip\..\Interfaces\{F6D9A138-C8F4-4CAB-A060-FD4E40C612ED}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{FE5BAEB7-5259-41D2-9222-627F47D1488F}: [DhcpNameServer] 82.163.143.173
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
HKU\S-1-5-21-862687528-3461959950-1662931568-1004\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEcEFop0Uhe9ll6PSu1YbDiD19AqjNhCNGqAZSdnTIFbcMDM4cW_TpKSd-KzKUobuX4iizlyL5jGx9G3IuTuH0plDFhMygGaPy3Pp3DZstEbnepOjEI9oFGtkr8PecotdL2UvaHEhjsKxHh6-LLW-TrR5y8PHxPYh9wIRYGzwM,&q={searchTerms}
HKU\S-1-5-21-862687528-3461959950-1662931568-1004\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEcEFop0Uhe9ll6PSu1YbDiD19AqjNhCNGqAZSdnTIFbcMDM4cW_TpKSd-KzKUobuX4iizlyL5jGx9G3IuTuH0plDFhMygGaPy3Pp3DZstEbnepOjEI9oFGtkr8PecotdL2UvaHEhjsKxHh6-LLW-TrR5y8PHxPYh9wIRYGzwM,&q={searchTerms}
HKU\S-1-5-21-862687528-3461959950-1662931568-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEcEFop0Uhe9ll6PSu1YbDiD19AqjNhCNGqAZSdnTIFbcMDM4cW_TpKSd-KzKUobuX4iizlyL5jGx9G0JeK0JONhXxLJQKtYveS-sBKKXwElVSeo1o0fRGJM6MzdOiuK9ymUDZFnLe3qS0EQfsVJQfiKYDTSQGekXadb30FL0I,
HKU\S-1-5-21-862687528-3461959950-1662931568-1004\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEcEFop0Uhe9ll6PSu1YbDiD19AqjNhCNGqAZSdnTIFbcMDM4cW_TpKSd-KzKUobuX4iizlyL5jGx9G3IuTuH0plDFhMygGaPy3Pp3DZstEbnepOjEI9oFGtkr8PecotdL2UvaHEhjsKxHh6-LLW-TrR5y8PHxPYh9wIRYGzwM,&q={searchTerms}
URLSearchHook: [S-1-5-21-862687528-3461959950-1662931568-1004] ACHTUNG => Standard URLSearchHook fehlt
SearchScopes: HKLM-x32 -> DefaultScope Wert fehlt
SearchScopes: HKU\S-1-5-21-862687528-3461959950-1662931568-1001 -> DefaultScope 0633EE93-D776-472f-A0FF-E1416B8B2E3A URL =
SearchScopes: HKU\S-1-5-21-862687528-3461959950-1662931568-1001 -> {E3F4801F-6F74-4A83-97F4-19F63738C1AA} URL = hxxps://de.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
SearchScopes: HKU\S-1-5-21-862687528-3461959950-1662931568-1004 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEcEFop0Uhe9ll6PSu1YbDiD19AqjNhCNGqAZSdnTIFbcMDM4cW_TpKSd-KzKUobuX4iizlyL5jGx9G3IuTuH0plDFhMygGaPy3Pp3DZstEbnepOjEI9oFGtkr8PecotdL2UvaHEhjsKxHh6-LLW-TrR5y8PHxPYh9wIRYGzwM,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-862687528-3461959950-1662931568-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRa4j3q-3hUPE4m9xhqQak5up5sscMEh1i2cWVH-fndUtf4cjKsb0l_7U4K-u-hl1Fx4qw1zJl8G4oGKJ0i0f_XUOnlKPGiTW-Pz8r7r9KH3F-VEQjBcjbXAAz_jYuSPzb4p0or5vx9IMeuPzulU,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-862687528-3461959950-1662931568-1004 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFnkdYvIvvwfEcEFop0Uhe9ll6PSu1YbDiD19AqjNhCNGqAZSdnTIFbcMDM4cW_TpKSd-KzKUobuX4iizlyL5jGx9G3IuTuH0plDFhMygGaPy3Pp3DZstEbnepOjEI9oFGtkr8PecotdL2UvaHEhjsKxHh6-LLW-TrR5y8PHxPYh9wIRYGzwM,&q={searchTerms}
BHO: 电脑管家网页防火墙 -> {7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B} -> C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TSWebMon64.dat => Keine Datei
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-04] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-04] (Oracle Corporation)
Handler: cardisabled - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-05-13] (Microsoft Corporation)
Handler-x32: cardisabled - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-05-13] (Microsoft Corporation)
Handler: cardisabled - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-05-13] (Microsoft Corporation)
Handler-x32: cardisabled - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-05-13] (Microsoft Corporation)
Handler: cardisabled - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll [2016-05-13] (Microsoft Corporation)
Handler-x32: cardisabled - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-05-13] (Microsoft Corporation)
Handler: cardisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: cardisabled - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default
FF NewTab: hxxp://d2ucfwpxlh3zh3.cloudfront.net/?ts=AHEqBHMqB3YqC0..&v=20160607&uid=BA8A7D00A14E614D330FEC9BED449E1F&ptid=clc&mode=loadm
FF Homepage: about:home
FF Keyword.URL: hxxp://d2ucfwpxlh3zh3.cloudfront.net/chrome.php?uid=BA8A7D00A14E614D330FEC9BED449E1F&ptid=clc&ts=AHEqBHMqB3YqC0..&v=20160607&mode=ffexttoolbar&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-04] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrl.dll [2011-03-09] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF SearchPlugin: C:\Users\felix153\AppData\Roaming\Mozilla\Firefox\Profiles\74bukjc8.default\searchplugins\yahoo-ysp.xml [2016-01-01]
FF SearchPlugin: C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default\searchplugins\8251hhnq.xml [2016-06-11]
FF SearchPlugin: C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default\searchplugins\yahoo-ysp.xml [2016-01-01]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\felix153\AppData\Roaming\Mozilla\Firefox\Profiles\74bukjc8.default\Extensions\sparpilot__campaign0@sparpilot.com [2015-10-20]
FF Extension: Skype Updater - C:\Users\felix153\AppData\Roaming\Mozilla\Firefox\Profiles\74bukjc8.default\Extensions\{476fb944-ae4f-480a-b745-bd4dd5d2ffa9}.xpi [2015-12-18] [ist nicht signiert]
FF Extension: Kein Name - C:\Users\felix153\AppData\Roaming\Mozilla\Firefox\Profiles\74bukjc8.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2016-06-15] [ist nicht signiert]
FF Extension: MPEG4 Player - C:\Users\felix153\AppData\Roaming\Mozilla\Firefox\Profiles\74bukjc8.default\Extensions\{db7d511f-e1c3-4ed8-bda0-df561c7819fa}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: GsearchFinder - C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default\Extensions\@A3592ADB-854A-443A-854E-EB92130D470D.xpi [2016-06-10]
FF Extension: SparPilot - Gutscheine & mehr... - C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default\Extensions\sparpilot__campaign0@sparpilot.com [2016-06-11]
FF Extension: Skype Updater - C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default\Extensions\{476fb944-ae4f-480a-b745-bd4dd5d2ffa9}.xpi [2015-12-18] [ist nicht signiert]
FF Extension: MPEG4 Player - C:\Users\felix153\AppData\Roaming\Profiles\5b3blk76.default\Extensions\{db7d511f-e1c3-4ed8-bda0-df561c7819fa}.xpi [2016-05-19] [ist nicht signiert]
FF Extension: New Tab by Yahoo - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\jid1-G80Ec8LLEbK5fQ@jetpack.xpi [2015-11-24] [ist nicht signiert]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1362464 2016-05-21] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-01] (Intel Corporation)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-11] (DotC United Inc)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-11] (Microsoft Corporation)
S2 QifiryplohelebuilderSrv; "C:\Program Files (x86)\Qifiryplohele\QifiryplohelebuilderSrv.html5" {79740E79-A383-47A7-B513-3DF6563D007F} {8C4CE252-7DB2-4F8E-8E76-BAD0E5826A83} [X]
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S0 hzgqpf; kein ImagePath
S0 jllwdb; kein ImagePath
S0 kovabf; kein ImagePath
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-11] (DotC United Inc)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [14368 1999-10-12] () [Datei ist nicht signiert]
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S0 vxoqkw; kein ImagePath
S0 wayuia; kein ImagePath
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-11] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-11] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 ewusbnet; \SystemRoot\system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; \SystemRoot\system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; \SystemRoot\System32\drivers\ew_jubusenum.sys [X]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-15 11:15 - 2016-06-15 14:42 - 00000000 ____D C:\AdwCleaner
2016-06-15 10:55 - 2016-06-15 15:19 - 00000000 ____D C:\FRST
2016-06-14 21:18 - 2016-06-14 21:18 - 00000000 ____D C:\CCE_Quarantine
2016-06-14 13:36 - 2016-06-14 13:37 - 00012330 _____ C:\Users\felix153\AppData\Local\WiDiSetupLog.20160614.133632.txt
2016-06-14 13:36 - 2016-06-14 13:36 - 00002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) WiDi.lnk
2016-06-14 13:36 - 2016-06-14 13:36 - 00002030 _____ C:\Users\Public\Desktop\Intel(R) WiDi.lnk
2016-06-14 13:36 - 2016-06-14 13:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation
2016-06-14 13:36 - 2016-06-14 13:36 - 00000000 ____D C:\Program Files\Intel Corporation
2016-06-14 13:35 - 2016-06-14 13:35 - 00009858 _____ C:\Users\felix153\AppData\Local\WiDiSetupLog.20160614.133536.txt
2016-06-14 01:39 - 2016-06-14 01:39 - 00002259 _____ C:\WINDOWS\epplauncher.mif
2016-06-14 01:23 - 2016-06-14 01:23 - 00000000 ____D C:\ProgramData\AVAST Software
2016-06-13 23:39 - 2016-06-13 23:39 - 00000000 _____ C:\ProgramData\cis313B.exe
2016-06-13 23:39 - 2016-06-13 23:39 - 00000000 _____ C:\ProgramData\cis20DF.exe
2016-06-13 22:36 - 2016-06-14 13:59 - 00000000 ____D C:\WINDOWS\LastGood
2016-06-13 22:18 - 2016-06-13 22:18 - 00000000 ____D C:\UserData
2016-06-13 22:13 - 2016-06-13 23:37 - 00000000 ____D C:\WINDOWS\SysWOW64\SupportAppCB
2016-06-13 16:31 - 2009-07-14 14:21 - 01721576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfCoInstaller01009.dll
2016-06-13 16:25 - 2016-06-13 23:37 - 00000000 ____D C:\ProgramData\DatacardService
2016-06-13 16:25 - 2016-06-13 23:37 - 00000000 ____D C:\Program Files (x86)\Mobile Partner
2016-06-13 15:35 - 2016-06-13 15:36 - 00000000 ____D C:\Users\felix153\Desktop\com
2016-06-13 13:46 - 2016-01-30 18:14 - 00001110 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ccebak
2016-06-13 12:12 - 2016-06-13 12:12 - 00001232 _____ C:\Users\felix153\Desktop\oneclickoptimizer - Verknüpfung.lnk
2016-06-13 12:09 - 2016-06-13 12:11 - 00000000 ____D C:\Users\felix153\Desktop\Glary Utilities
2016-06-12 17:22 - 2016-06-12 17:22 - 00000000 ____D C:\ProgramData\Intel
2016-06-12 17:16 - 2016-06-12 17:46 - 00011551 _____ C:\Users\felix153\AppData\Local\WiDiSetupLog.20160612.171641.txt
2016-06-12 17:11 - 2016-06-12 17:11 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-06-12 11:03 - 2016-06-12 11:03 - 00000272 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-06-11 22:13 - 2016-06-11 22:13 - 00000000 ____D C:\ProgramData\Shared Space
2016-06-11 22:09 - 2016-06-11 22:09 - 00000000 ____D C:\ProgramData\Comodo Downloader
2016-06-11 20:13 - 2016-06-14 13:49 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup-Disabled
2016-06-11 19:52 - 2016-06-11 19:52 - 00003114 _____ C:\WINDOWS\System32\Tasks\{01ECCCD2-7DAE-4CA7-B29E-F5274C8B4DF7}
2016-06-11 19:13 - 2016-06-11 19:53 - 00000000 ____D C:\ProgramData\kingsoft
2016-06-11 19:13 - 2016-05-04 10:44 - 04232400 _____ (Kingsoft Corp. Ltd.) C:\Users\felix153\AppData\Roaming\OfficeAssist.0172.80.1384.exe
2016-06-11 19:10 - 2016-06-14 21:18 - 00000000 ____D C:\Program Files (x86)\mpck
2016-06-11 19:09 - 2016-06-13 23:07 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-06-11 19:09 - 2016-06-11 19:55 - 00000000 ____D C:\Users\felix153\AppData\Local\Apps\2.0
2016-06-11 19:09 - 2016-06-11 19:16 - 00000000 ____D C:\Program Files (x86)\Puntehesy
2016-06-11 19:09 - 2016-06-11 19:09 - 00060136 ____N (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-06-11 19:09 - 2016-06-11 19:09 - 00000000 ____H C:\WINDOWS\system32\BITD724.tmp
2016-06-11 19:09 - 2016-06-11 19:09 - 00000000 ____D C:\Users\felix153\AppData\Roaming\Brotsoft
2016-06-11 19:09 - 2016-06-11 19:09 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-06-11 19:09 - 2016-04-22 09:45 - 51987648 _____ C:\Users\felix153\AppData\Roaming\qqpcmgr_v11.5.17490.219_90061_Silence.exe
2016-06-11 19:08 - 2016-06-11 19:08 - 00000000 ____D C:\Program Files (x86)\FastWeb
2016-06-11 18:39 - 2016-06-12 19:12 - 00000000 ____D C:\Users\felix153\AppData\Roaming\GlarySoft
2016-06-08 18:22 - 2016-06-08 18:22 - 00003734 _____ C:\WINDOWS\System32\Tasks\{429A7C86-4ED9-5ABC-5C8D-B7BB47C8AC7A}
2016-06-04 15:06 - 2016-06-04 15:06 - 00738368 _____ (Oracle Corporation) C:\Users\felix153\Downloads\jxpiinstall(5).exe
2016-05-28 11:25 - 2016-05-28 11:25 - 00000000 ____D C:\Users\felix153\AppData\Local\CrashReportClient
2016-05-24 18:02 - 2016-05-24 18:09 - 00000000 ____D C:\Users\felix153\AppData\Local\RIPAciD
2016-05-24 18:02 - 2016-05-24 18:02 - 00000000 ____D C:\Games
2016-05-24 17:53 - 2016-05-26 16:08 - 00000000 ____D C:\Users\felix153\Documents\MEGAsync Downloads
2016-05-24 17:48 - 2016-05-24 17:48 - 00000000 ____D C:\Users\felix153\AppData\Local\Mega Limited
2016-05-24 17:47 - 2016-06-11 19:15 - 00000000 ____D C:\Users\felix153\AppData\Local\MEGAsync
2016-05-24 17:46 - 2016-05-24 17:47 - 10644488 _____ (MEGA Limited) C:\Users\felix153\Downloads\MEGAsyncSetup.exe
2016-05-24 17:36 - 2016-05-24 17:36 - 00000000 ____D C:\Users\felix153\Documents\Universe Sandbox ²
2016-05-24 17:21 - 2016-05-24 17:21 - 00000000 ____D C:\Users\felix153\AppData\Roaming\SmartSteamEmu
2016-05-24 17:19 - 2016-05-24 17:19 - 00000000 ____D C:\Users\felix153\AppData\LocalLow\Giant Army
2016-05-22 14:27 - 2016-05-22 14:27 - 00000000 ____D C:\Users\felix153\AppData\Local\TJoC_R
2016-05-22 14:24 - 2016-05-28 11:25 - 00000000 ____D C:\Users\felix153\AppData\Local\UnrealEngine
2016-05-22 14:24 - 2016-05-22 14:24 - 00000000 ____D C:\Users\felix153\AppData\Local\TheNights
2016-05-21 17:04 - 2016-05-21 17:04 - 00000000 ____D C:\Users\felix153\AppData\LocalLow\Hot Cross Games _ Trapdoor Games
2016-05-21 16:52 - 2016-05-22 14:23 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-18 18:16 - 2016-05-18 18:16 - 00003574 _____ C:\WINDOWS\System32\Tasks\TechAgent Task
2016-05-17 17:24 - 2016-05-14 13:44 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-17 17:24 - 2016-05-14 13:44 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-06-15 15:12 - 2013-08-22 16:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-06-15 15:09 - 2015-02-26 19:58 - 00000000 ____D C:\ProgramData\NVIDIA
2016-06-15 12:05 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-06-15 11:33 - 2015-08-25 17:46 - 00001037 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-06-15 11:33 - 2015-08-25 17:46 - 00001025 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-06-15 11:33 - 2015-02-08 14:13 - 00001017 _____ C:\Users\felix153\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-06-15 11:05 - 2015-11-21 13:48 - 00000000 ____D C:\Users\felix153\AppData\LocalLow\Temp
2016-06-14 13:37 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\Inf
2016-06-14 01:21 - 2014-11-21 05:35 - 02119234 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-06-14 01:21 - 2014-11-21 04:45 - 01020334 _____ C:\WINDOWS\system32\perfh007.dat
2016-06-14 01:21 - 2014-11-21 04:45 - 00242830 _____ C:\WINDOWS\system32\perfc007.dat
2016-06-13 20:44 - 2015-11-21 14:55 - 00000000 ____D C:\Users\felix153\Desktop\andere sachen
2016-06-13 19:05 - 2015-08-23 19:12 - 00000416 _____ C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job
2016-06-13 17:55 - 2015-02-26 20:05 - 00002606 _____ C:\WINDOWS\diagwrn.xml
2016-06-13 17:55 - 2015-02-26 20:05 - 00001908 _____ C:\WINDOWS\diagerr.xml
2016-06-13 16:36 - 2015-03-01 18:18 - 00000226 _____ C:\WINDOWS\wininit.ini
2016-06-12 19:12 - 2015-08-25 09:55 - 00000000 ____D C:\ProgramData\GlarySoft
2016-06-12 10:35 - 2016-01-08 20:45 - 00000000 ____D C:\Users\felix153\AppData\Local\ElevatedDiagnostics
2016-06-11 22:13 - 2015-02-11 14:45 - 00000000 ____D C:\ProgramData\Comodo
2016-06-11 20:30 - 2015-02-08 14:19 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-862687528-3461959950-1662931568-1001
2016-06-11 20:20 - 2015-12-31 14:31 - 00000000 ____D C:\Users\felix153\Desktop\gaming
2016-06-11 20:12 - 2016-04-19 19:33 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-06-11 19:51 - 2015-02-14 17:09 - 00000000 ____D C:\Users\felix153\AppData\Roaming\Skype
2016-06-11 19:44 - 2015-02-26 20:04 - 00000000 ____D C:\Users\UpdatusUser
2016-06-11 19:41 - 2013-08-22 16:44 - 00346824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-06-11 19:13 - 2015-02-08 14:12 - 00000000 ____D C:\Users\felix153\AppData\Local\VirtualStore
2016-06-11 19:10 - 2016-02-04 17:34 - 00000000 ____D C:\Users\felix153\AppData\Roaming\gplyra
2016-06-11 18:58 - 2015-11-27 15:44 - 00000000 ____D C:\Users\felix153\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-06-11 18:32 - 2015-03-01 17:57 - 00000776 _____ C:\WINDOWS\SysWOW64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
2016-06-11 17:29 - 2015-11-26 10:19 - 00000000 ____D C:\Users\felix153\Desktop\hintergrund-bilder
2016-06-10 17:36 - 2013-08-22 15:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-06-09 17:12 - 2016-01-19 19:23 - 00008719 _____ C:\WINDOWS\system32\ScanResults.xml
2016-06-09 17:07 - 2016-01-19 19:16 - 00000464 _____ C:\WINDOWS\system32\ScannerSettings
2016-06-04 15:08 - 2016-02-21 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-06-04 15:08 - 2015-02-08 19:27 - 00000000 ____D C:\ProgramData\Oracle
2016-06-04 15:07 - 2016-02-21 15:43 - 00097344 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-06-04 15:07 - 2016-02-21 15:42 - 00000000 ____D C:\Program Files (x86)\Java
2016-06-04 15:07 - 2016-01-01 14:39 - 00000000 ____D C:\Users\felix153\.oracle_jre_usage
2016-06-02 17:22 - 2013-08-22 17:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-02 17:22 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-27 21:18 - 2015-02-14 17:09 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-05-27 17:49 - 2012-07-26 09:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-27 17:44 - 2015-04-05 18:29 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-05-27 17:44 - 2015-04-05 18:29 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-05-26 16:07 - 2015-12-30 13:36 - 00000000 ____D C:\Users\felix153\AppData\Local\GeometryDash
2016-05-24 17:48 - 2013-08-22 17:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-05-22 14:05 - 2015-02-26 20:32 - 00000000 __SHD C:\Users\felix153\AppData\Local\EmieUserList
2016-05-22 14:05 - 2015-02-26 20:32 - 00000000 __SHD C:\Users\felix153\AppData\Local\EmieSiteList
2016-05-22 14:05 - 2015-02-26 20:32 - 00000000 __SHD C:\Users\felix153\AppData\Local\EmieBrowserModeList
2016-05-18 18:48 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\rescache
2016-05-17 17:16 - 2015-02-14 16:14 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-17 17:16 - 2014-11-21 05:13 - 00000000 ____D C:\Program Files\Windows Journal
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2016-06-11 19:13 - 2016-05-04 10:44 - 4232400 _____ (Kingsoft Corp. Ltd.) C:\Users\felix153\AppData\Roaming\OfficeAssist.0172.80.1384.exe
2016-06-11 19:09 - 2016-04-22 09:45 - 51987648 _____ () C:\Users\felix153\AppData\Roaming\qqpcmgr_v11.5.17490.219_90061_Silence.exe
2016-06-12 17:16 - 2016-06-12 17:46 - 0011551 _____ () C:\Users\felix153\AppData\Local\WiDiSetupLog.20160612.171641.txt
2016-06-14 13:35 - 2016-06-14 13:35 - 0009858 _____ () C:\Users\felix153\AppData\Local\WiDiSetupLog.20160614.133536.txt
2016-06-14 13:36 - 2016-06-14 13:37 - 0012330 _____ () C:\Users\felix153\AppData\Local\WiDiSetupLog.20160614.133632.txt
2016-06-13 23:39 - 2016-06-13 23:39 - 0000000 _____ () C:\ProgramData\cis20DF.exe
2016-06-13 23:39 - 2016-06-13 23:39 - 0000000 _____ () C:\ProgramData\cis313B.exe
2015-08-25 09:34 - 2015-08-25 09:34 - 3429056 _____ (COMODO) C:\ProgramData\cis7933.exe
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\cis20DF.exe
C:\ProgramData\cis313B.exe
C:\ProgramData\cis7933.exe
Einige Dateien in TEMP:
====================
C:\Users\felix153\AppData\Local\Temp\libeay32.dll
C:\Users\felix153\AppData\Local\Temp\msvcr120.dll
C:\Users\felix153\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-06-11 20:10
==================== Ende von FRST.txt ============================
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von felix153 (2016-06-15 10:56:44)
Gestartet von E:\
Windows 8.1 (Update) (X64) (2015-02-26 18:24:00)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-862687528-3461959950-1662931568-500 - Administrator - Disabled)
felix153 (S-1-5-21-862687528-3461959950-1662931568-1001 - Administrator - Enabled) => C:\Users\felix153
Gast (S-1-5-21-862687528-3461959950-1662931568-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-862687528-3461959950-1662931568-1004 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
DNS Unlocker version 1.4 (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - www.dnsunlocker.com) <==== ACHTUNG
GUPlayer (remove only) (HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\GUPlayer) (Version: - ) <==== ACHTUNG
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3958 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.60310.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.2 (x86 de)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.2 - Mozilla)
NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
Pokémon Trading Card Game Online (HKLM-x32\...\{81095E5D-5CBD-45CD-84E1-35FC95C8493F}) (Version: 2.33.0 - The Pokémon Company International)
Search module (HKLM-x32\...\Search module) (Version: - Goobzo) <==== ACHTUNG
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
SpaceSoundPro (HKLM\...\SpaceSoundPro) (Version: 1.0 - ) <==== ACHTUNG
SpaceSoundPro Service (HKLM-x32\...\zz.12547.ssp) (Version: 1.0.0 - CSDI) <==== ACHTUNG
UE4 Prerequisites (x64) (Version: 1.0.11.0 - Epic Games, Inc.) Hidden
UE4 Prerequisites (x64) (x32 Version: 1.0.13.0 - Epic Games, Inc.) Hidden
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-862687528-3461959950-1662931568-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {006DCFEB-35FD-4EB6-8EBC-7B05637F513A} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {0365F565-A95B-4E68-B525-E442343441AB} - System32\Tasks\{7BB1F057-442D-41B5-A379-BFD04D774536} => pcalua.exe -a C:\ProgramData\FlashBeat\uninstall.exe
Task: {0CEA2B64-0AC2-45A9-BC26-462E5881BA0F} - System32\Tasks\{28FD77E6-02E2-47FA-BEE4-F3E299DDF1E5} => pcalua.exe -a "C:\Program Files\Reimage\Reimage Repair\uninst.exe"
Task: {221EA3A9-EDF1-4757-B5AC-C2779DC12F51} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {222ABBA9-7D39-4BBD-9871-B5A2127BCB32} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {22EAB9BE-F3E2-4EB0-858C-5418091D6D3C} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {26E92B3F-2CA1-44B0-9797-4B68F358ACA2} - System32\Tasks\rde3028 => C:\Program Files (x86)\QuickSearch\rde3028.exe [2016-05-16] () <==== ACHTUNG
Task: {4029FCF4-40FB-43C8-94AB-7F91C45F56E2} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {5157CA53-89FA-415C-B93B-FDCFAAB8A9E6} - System32\Tasks\Qifiryplohele Builder => C:\Program Files (x86)\Qifiryplohele\QifiryplohelebuilderTsk.exe [2016-06-10] () <==== ACHTUNG
Task: {5381A23E-58D1-4965-867F-2336FB2FE738} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
Task: {5782B6B6-46F1-4159-8BF4-DBD193F18F80} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {60E07A36-6B5F-466D-816B-EFD2D106DFFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation)
Task: {6176B901-A99A-4EAA-995C-1E00A519518D} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {73963B84-B40C-4B09-8646-A151FD836667} - System32\Tasks\{429A7C86-4ED9-5ABC-5C8D-B7BB47C8AC7A} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\8c3e1f58\84ded676.dll" <==== ACHTUNG
Task: {73ED401B-60A6-4335-935F-2D46F1D1D54B} - System32\Tasks\psv_Redtone => /c regedit.exe /s "C:\ProgramData\Greentanlex\Doming.reg" & del "C:\ProgramData\Greentanlex\Doming.reg" & SCHTASKS /Delete /TN "psv_Redtone" /F <==== ACHTUNG
Task: {8834DB9E-699C-4777-BCAE-4E00635062E1} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
Task: {934A9B28-04B4-4788-A382-1FB76602E837} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-12] (Adobe Systems Incorporated)
Task: {95E264EE-3D7B-43BA-9AE0-E8D9E6C942DB} - System32\Tasks\SMW_UpdateTask_Time_333636313739323936372d5737325a786c5a3237344541 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ACHTUNG
Task: {9AC76C77-B609-428C-9397-DEF83ED9282D} - System32\Tasks\{4EBC33C3-9BBB-492F-B2FB-1548657DCE6F} => pcalua.exe -a C:\Users\felix153\AppData\Roaming\omiga-plus\UninstallManager.exe -c -ptid=air <==== ACHTUNG
Task: {B6D5CAEF-487E-4826-8049-55FBE5F7B5BC} - System32\Tasks\DNSHANAPEPE => dnshanapepe.exe <==== ACHTUNG
Task: {B899B8EE-341C-4AFF-9082-53B036E804DF} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: {B9D61B0A-5B5B-442A-9884-0E22441F11DC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {C9CC2E81-B921-456F-BE66-140A0F306473} - System32\Tasks\tasklist => C:\Users\felix153\AppData\Roaming\UPUpdata\service72564.exe
Task: {DBA19B25-2C8C-4A5C-A251-4D5A77A1D67A} - System32\Tasks\zyh3018 => C:\Program Files (x86)\QuickSearch\zyh3018.exe [2016-06-11] () <==== ACHTUNG
Task: {F1535BD3-45B6-45DD-A843-B5568F7DA0BB} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - felix153) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {F924C736-22D3-4B88-8D19-DCAF3EB99BA7} - System32\Tasks\TechAgent Task => C:\PROGRA~2\TECHAG~1\TECHMO~1.EXE
Task: {FEB39160-E321-4333-87B0-C002464C80A7} - System32\Tasks\{01ECCCD2-7DAE-4CA7-B29E-F5274C8B4DF7} => pcalua.exe -a C:\Users\felix153\AppData\Local\PPTAssist\utility\uninst.exe
Task: {FF7751E9-FE58-444F-B3C3-07D0BB8F4A1E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-05-13] (Microsoft Corporation)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}.job => C:\ProgramData\cis6F0E.exe <==== ACHTUNG
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - felix153).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\SMW_UpdateTask_Time_333636313739323936372d5737325a786c5a3237344541.job => Wscript.exe Q/B C:\ProgramData\SearchModule\smhe.js smu.exe <==== ACHTUNG
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
WMI_ActiveScriptEventConsumer_ASEC: <===== ACHTUNG (yeabests)
ShortcutWithArgument: C:\Users\felix153\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\felix153\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\felix153\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://yeabests.cc
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-02-26 19:58 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-07-02 17:12 - 2015-07-02 17:12 - 01927680 _____ () C:\Program Files\SpaceSoundPro\SpaceSoundPro.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioEndpointBuilder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AuthHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\authz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\basesrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bdesvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BFE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\compstui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\diagtrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dpapisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fhcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GeofenceMonitorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IKEEXT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inseng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockScreenContentServer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mcupdate_GenuineIntel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msra.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NcdAutoSetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ncryptsslp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ole32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\profsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qdvd.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpcorets.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdpudd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcss.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storewuauth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysFxUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sysmain.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemEventsBrokerServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlows.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.appcore.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tzsync.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ubpm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\untfs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\UtcResources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\VSSVC.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wbengine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\werdiagcontroller.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiDisplay.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32spl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMALFXGFXDSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WorkfoldersControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\workfolderssvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wscsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WsmSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WSShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WUSettingsProvider.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\actxprxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AppxAllUserStore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\asycfilt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atlthunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\authz.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcryptprimitives.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\calc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\catsrvut.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\cfgbkend.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clfsw32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\COLORCNV.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comctl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\comsvcs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CPFilters.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d2d1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_47.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\devenum.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dhcpsapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dsparse.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtmsft.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxtrans.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapp3hst.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eappgnui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\eapphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\EncDec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ExplorerFrame.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FWPUCLNT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\glcndFilter.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GlobCollationHost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hgcpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hhctrl.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\hlink.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieapfltr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iepeers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcomm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IPHLPAPI.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZEL.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KBDAZST.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kbdgeoqw.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ksproxy.ax:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfc42u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfvdsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MFWMAAEC.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP3DMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP43DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MP4SDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MPG4DECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msftedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtmled.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msmpeg2adec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msorcl32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msrating.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssrch.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstscax.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mtxoci.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ncryptsslp.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netcfgx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netlogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\notepad.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\nshwfp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ole32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\olepro32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\photowiz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pku2u.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\PrintConfig.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\puiobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\qedit.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rastapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdpcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rdvidcrl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rgb9rast.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rsaenh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schtasks.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingMonitor.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SHCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\stobject.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StorageContextHandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\taskeng.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdc.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\themecpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\TsWpfWrp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.appcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\UIAutomationCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\untfs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\usercpl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\VIDRESZR.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webcheck.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WebClnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Globalization.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wininet.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winshfhc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinSync.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMADMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMASF.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMSPDMOE.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVDECOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVENCOD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSDECD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVSENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WMVXENCD.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wscapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmAuto.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WSShared.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuapp.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\afd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthpan.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\bthport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Classpnp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\disk.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidbth.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\http.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\i8042prt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\IPMIDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\kbdhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mouhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mountmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb10.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ndis.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rasl2tp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rfcomm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rmcast.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rndismpx.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\sermouse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\spaceport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tdx.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tpm.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tunnel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\udfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usb8023x.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbehci.sys:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBHUB3.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\USBXHCI.SYS:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vhdmp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\volsnap.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vpci.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwififlt.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\vwifimp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdBoot.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdFilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\WdNisDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wfplwfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\winusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xusb22.sys:$CmdTcID [64]
AlternateDataStreams: C:\ProgramData\cis7933.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\362.00-notebook-win8-win7-64bit-international-whql.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\362.00-notebook-win8-win7-64bit-international-whql.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\7_Zip_(64bit)_v15.05_Beta.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium81_installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium81_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium_installer(1).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium_installer(1).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium_installer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium_installer.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium_installer_8.2.0.4674.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\cispremium_installer_8.2.0.4674.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\DriverUpdate-setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\DriverUpdate-setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\Firefox Setup Stub 40.0.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\Firefox Setup Stub 40.0.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\FTB_Launcher(1).jar:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\Java_Runtime_Environment_(64bit)_v8_Update_51.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\Java_Runtime_Environment_(64bit)_v8_Update_51.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\jre-7u75-windows-i586.tar.gz:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\jre-7u75-windows-i586.tar.gz:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\jre-7u75-windows-x64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\jre-7u75-windows-x64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\jxpiinstall(2).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\jxpiinstall(2).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\jxpiinstall(3).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\jxpiinstall(4).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\jxpiinstall(5).exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\jxpiinstall(5).exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\LeagueofLegends_EUW_Installer_9_15_2014.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\MEGAsyncSetup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\Mozilla_Firefox_v40.0.2.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\Mozilla_Firefox_v40.0.2.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\ReimageRepair.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\ReimageRepair.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\felix153\Downloads\SteamSetup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\felix153\Downloads\SteamSetup.exe:$CmdZnID [26]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zcwfp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\zdwfp => ""="Driver"
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
|
|
17.06.2016, 20:05
| #2 |
| | Fortsetzung Fortsetzung
__________________Code:
ATTFilter
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE trusted site: HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\amazon.de -> hxxps://amazon.de
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2013-08-22 15:25 - 2016-06-13 13:46 - 00000821 ____A C:\WINDOWS\system32\Drivers\etc\hosts
0x2320436F707972696768742028632920313939332D32303034204D6963726F736F667420436F72702E0D0A230D0A23204175746F47656E657261746564206279204D6963726F736F667420285229204D616C776172652050726F74656374696F6E20456E67696E652E0D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A3132372E302E302E31202020202020206C6F63616C686F73740D0A3A3A31202020202020202020202020206C6F63616C686F737400
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Datenträger ist nicht mit dem Internet verbunden.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Dienst läuft nicht.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKLM\...\StartupApproved\StartupFolder: => "Start GeekBuddy.lnk"
HKLM\...\StartupApproved\StartupFolder: => "NarutoOnline.lnk"
HKLM\...\StartupApproved\Run: => "3D BubbleSound"
HKLM\...\StartupApproved\Run: => "COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}"
HKLM\...\StartupApproved\Run: => "cpuminer"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "DnsBlock"
HKLM\...\StartupApproved\Run32: => "tvncontrol"
HKLM\...\StartupApproved\Run32: => "rec_en_77"
HKLM\...\StartupApproved\Run32: => " QQPCTray"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\StartupApproved\StartupFolder: => "MEGAsync.lnk"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\StartupApproved\Run: => "SlimCleaner Plus"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\StartupApproved\Run: => "Caster"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\StartupApproved\Run: => "safe_urls4400"
HKU\S-1-5-21-862687528-3461959950-1662931568-1001\...\StartupApproved\Run: => "QGuan10in1"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{114CE1B6-037B-40D2-BD8D-1C200C6E6A4F}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{032D22CD-5075-48BB-A5DE-2F4FF54C1E5E}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{5EB53BF8-5963-4EFD-9A0F-AACAC2E0F43F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [UDP Query User{D77ECE5C-B9F5-480F-B3B1-8AB2C02236A4}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [TCP Query User{4B2D6774-37DA-4EF8-9FB0-E4EE14F4ED36}C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_31\bin\javaw.exe
FirewallRules: [UDP Query User{A95B8A6A-4781-47D7-86D9-F0DFB0ACAE99}C:\users\felix153\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\felix153\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{9489F50F-B8E7-4E27-A28F-ADAAFDEBDF99}C:\users\felix153\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\felix153\desktop\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{F56EB0D2-6330-4DA0-9B8D-48B2ACEFD75A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{6FBFBC43-E9D3-4608-A210-FF203B330985}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [TCP Query User{1A2229A9-379F-4B29-8104-9EF77771854F}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{421ECE36-AFBC-40AD-8A58-329C97541FDF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{0BA5891B-943A-44F9-BD4B-D881CB71F58B}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{59A998A7-D56D-4C46-80FD-B51A0435948B}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{F54B2817-803C-4B12-A5C4-E839BE5F0EE3}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files (x86)\microsoft games\age of empires ii\empires2.icd
FirewallRules: [UDP Query User{C44E0113-7E2F-433A-8D60-73965A177A2B}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd] => (Block) C:\program files (x86)\microsoft games\age of empires ii\empires2.icd
FirewallRules: [TCP Query User{34318695-45CA-4CDB-A881-EA5B3B3D62EB}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{889E1BA2-3F63-42E7-AB44-FB3C6FDEEDD3}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{B29DFD40-57C8-4760-908E-DE9C6944099E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{17061BBC-2EE7-49AA-8AFE-338452557F14}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10845EBD-FCAA-4D6C-A53E-85A08FF68E7D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BECE7731-29EE-46B9-8DED-FF8EE79AF0A9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4AA44F10-6A2C-4C9B-97D6-90AD8676AE60}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1ABCD1B3-417C-47C3-881F-9391CC41A16F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4AA094D2-5021-44A9-B867-EB2804AA6FF0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{C5ECBC50-1707-468E-9FD1-799C2A70E24F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{90D9614D-2BE3-43A9-BA5B-EDD386F2A296}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{8C54E9A2-A669-4200-A305-7A10E8C64886}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{D6560D0C-50C5-47FB-8FCC-A4D074C61287}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{20D0D471-67B5-485B-AFA9-E833983A6F4B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [TCP Query User{94606824-24A4-4642-B8ED-CF36B54AB868}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{7C4F3A18-72C4-439F-B0CB-42661F19C537}C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) C:\program files (x86)\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{241FF8E2-4D68-495F-9B9C-A49406AE4F80}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{36DB6F18-6732-4C59-B7F5-457C3DE5855B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{3CD5042A-EBDD-4C2D-B0E3-F96CF06AA11D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{E96337A7-94E8-4130-9F73-662217DF2EEE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Subnautica\Subnautica.exe
FirewallRules: [{58506A43-09E0-458E-BE22-F919AB176E3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{67E9E68F-310E-43B5-A68E-70F28B91786A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{30FF821D-E4A7-47AF-8C34-CAA033227C19}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{8E0ED3A1-20FF-47DD-A9A1-0C9B2B90841E}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{90E093A6-7738-4AFC-907A-B4CE225DF5BD}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{13E6DA48-0D4A-4C8C-9BEA-5759107275F4}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [TCP Query User{C8875603-9ADE-4476-B102-0A9B67533443}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [UDP Query User{2D60A748-A8B7-4A56-8CEC-51D6B1951F94}C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_73\bin\javaw.exe
FirewallRules: [{85106CE4-AD7B-42E7-A400-CAE780523954}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{F68A5967-04C0-4227-8CB4-33876E172C34}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's\FiveNightsatFreddys.exe
FirewallRules: [{F1F2E171-1748-4F04-B227-220B4F66200F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{BD416D8A-088D-4126-9440-33BAAC8EC064}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 2\FiveNightsatFreddys2.exe
FirewallRules: [{B278563B-2E01-460A-A758-2B371AD92B35}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{0FE27C7C-71AA-4A20-AB30-B453C5810669}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Five Nights at Freddy's 3\FiveNightsatFreddys3.exe
FirewallRules: [{9133E9DB-69EE-4F2E-A418-EC99F8BBFE8D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{64FA209E-4665-4FD3-8DE1-1B55F847E2DC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{BE335B08-536A-4864-9134-48994B322DDC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{2551137D-41CA-49F4-9842-7636A607B4CB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Geometry Dash\GeometryDash.exe
FirewallRules: [{060EED1C-420D-4658-BD94-418CE597D899}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Night Blights\NightBlights.exe
FirewallRules: [{764BC81F-E886-4541-A67C-3CCA1366B01B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Night Blights\NightBlights.exe
FirewallRules: [{C28C5756-51ED-4EDD-A334-212678C0A3B0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK SOTF\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [{4518131B-41CC-4E4F-A2B5-82D3558BB1E7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ARK SOTF\ShooterGame\Binaries\Win64\ShooterGame_BE.exe
FirewallRules: [TCP Query User{8870A1F7-CA4E-4FB6-AC4F-815FA097B12A}C:\users\felix153\desktop\those-nights-at-rachel's-hard-edition\those nights at rachel's hard edition\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\felix153\desktop\those-nights-at-rachel's-hard-edition\those nights at rachel's hard edition\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{0B2B5B40-56C1-460D-89F4-DD5E58D72A9C}C:\users\felix153\desktop\those-nights-at-rachel's-hard-edition\those nights at rachel's hard edition\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\felix153\desktop\those-nights-at-rachel's-hard-edition\those nights at rachel's hard edition\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{B965B934-F45E-4E32-B512-7DDB1500EA22}C:\users\felix153\desktop\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\felix153\desktop\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{C3ABD8D3-1193-45CE-935E-7CEA39859BF1}C:\users\felix153\desktop\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\felix153\desktop\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{D40B7E6B-21AE-4A9F-9581-5EBE09F50458}C:\users\felix153\desktop\gaming\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\felix153\desktop\gaming\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [UDP Query User{5FAAFE60-D1CA-4B12-9C8A-961AC538C61E}C:\users\felix153\desktop\gaming\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe] => (Allow) C:\users\felix153\desktop\gaming\tjoc-r-alpha-0.0.7\tjoc\windowsnoeditor\engine\binaries\win64\ue4game-win64-shipping.exe
FirewallRules: [TCP Query User{6203A173-5836-49E3-AF5B-78B910D943A1}C:\users\felix153\desktop\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe] => (Allow) C:\users\felix153\desktop\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe
FirewallRules: [UDP Query User{44F66584-9990-4A27-A920-AC596B61F302}C:\users\felix153\desktop\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe] => (Allow) C:\users\felix153\desktop\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe
FirewallRules: [TCP Query User{43CEF9DF-B643-41DC-A1BC-0564C8C40773}C:\users\felix153\desktop\universe.sandbox\universe.sandbox\universe sandbox.exe] => (Allow) C:\users\felix153\desktop\universe.sandbox\universe.sandbox\universe sandbox.exe
FirewallRules: [UDP Query User{A8BBA49E-FB33-421E-BCBE-4DB524B3923F}C:\users\felix153\desktop\universe.sandbox\universe.sandbox\universe sandbox.exe] => (Allow) C:\users\felix153\desktop\universe.sandbox\universe.sandbox\universe sandbox.exe
FirewallRules: [TCP Query User{9B8C139C-2DA8-434E-A144-DB0B771B512A}C:\users\felix153\desktop\gaming\universe.sandbox\universe.sandbox\universe sandbox.exe] => (Allow) C:\users\felix153\desktop\gaming\universe.sandbox\universe.sandbox\universe sandbox.exe
FirewallRules: [UDP Query User{CCBE4149-98BC-43B6-ACE2-A4B45067AAB9}C:\users\felix153\desktop\gaming\universe.sandbox\universe.sandbox\universe sandbox.exe] => (Allow) C:\users\felix153\desktop\gaming\universe.sandbox\universe.sandbox\universe sandbox.exe
FirewallRules: [{1A79A712-A65F-4C1C-9D02-5CFBBC5006B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{AD741105-0880-485E-8839-DFF13777FB82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [TCP Query User{3876BF54-E229-4AB1-B8BA-B6685283B704}C:\users\felix153\desktop\gaming\horror\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe] => (Allow) C:\users\felix153\desktop\gaming\horror\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe
FirewallRules: [UDP Query User{BC5468B5-08B6-4B34-B2A8-695FB8A2964B}C:\users\felix153\desktop\gaming\horror\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe] => (Allow) C:\users\felix153\desktop\gaming\horror\final-nights-1,2,0\windowsnoeditor\theoldlocation\binaries\win64\theoldlocation.exe
FirewallRules: [TCP Query User{85E2D3C3-4593-4860-89CB-70B2419296A6}C:\users\felix153\desktop\windowsnoeditor\finalnights2\binaries\win64\finalnights2.exe] => (Allow) C:\users\felix153\desktop\windowsnoeditor\finalnights2\binaries\win64\finalnights2.exe
FirewallRules: [UDP Query User{30BA1825-E39B-41E7-B670-B2E64F73C3C9}C:\users\felix153\desktop\windowsnoeditor\finalnights2\binaries\win64\finalnights2.exe] => (Allow) C:\users\felix153\desktop\windowsnoeditor\finalnights2\binaries\win64\finalnights2.exe
FirewallRules: [TCP Query User{4E5BF964-D9F5-4D81-9D92-F0571EC038F6}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{290D03B9-8182-4704-83A5-A818DAEC19AB}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [TCP Query User{FB526A53-0747-49A9-BA66-B9626B6BCD76}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [UDP Query User{7914E771-CB95-4195-963D-D106CB13B320}C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_91\bin\javaw.exe
FirewallRules: [{26CE46BE-0F28-4442-83AE-4BBF93213FE2}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\bugreport_xf.exe
FirewallRules: [{CB7E8601-42E9-4589-A872-59A4A0DBA753}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCmgrInstallGuide.exe
FirewallRules: [{130DFEE0-C888-4F63-9551-71779D8E7007}] => (Allow) C:\program files (x86)\common files\tencent\qqdownload\130\tencentdl.exe
FirewallRules: [{5177B144-35B2-40DF-99E5-E1F6DFE5DE17}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCTray.exe
FirewallRules: [{48F2CC99-0C82-4571-9584-5E40739897FA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCMgr.exe
FirewallRules: [{4415F8F5-80F1-4663-AE90-265002409BDC}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCRTP.exe
FirewallRules: [{819C5699-B559-4AD7-BB39-29CCC5BD7566}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMDL.exe
FirewallRules: [{5B596C6A-C362-48EE-984E-91DAFFE6C93F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\bugreport.exe
FirewallRules: [{74F202EB-351A-4C7F-8AD0-9CCBD51D6B0D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCFileOpen.exe
FirewallRules: [{536CEE14-9A4A-4A42-B447-3A65F6325E36}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLeakScan.exe
FirewallRules: [{3759BDC5-CEC8-463A-809D-77E97592EE22}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPConfig.exe
FirewallRules: [{8E546B43-4A46-4533-8010-B33886E54EE7}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftMgr.exe
FirewallRules: [{34369A2F-5C28-476C-928C-5F5C9A546BB7}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\plugins\QMNetMon\QQPCNetFlow.exe
FirewallRules: [{EE3DA7A2-C1F3-4EFD-B31B-82A532B58984}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCBTU.exe
FirewallRules: [{93FD707E-9F99-40FA-8CCD-B7D992E22809}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCClinic.exe
FirewallRules: [{3F8DB9B3-CF05-4C9F-BFC7-2DDA9ACAD457}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCLaunch.exe
FirewallRules: [{44D8A7E2-6DE0-43CB-8E6B-4F9F791270E7}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMUpdate\QQPCMgrUpdate.exe
FirewallRules: [{5B740BC1-1D05-4385-990C-E8F38B8BB6D8}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSoftGame.exe
FirewallRules: [{8BDB6397-8327-4198-8582-B3E2C58D5B0F}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCSysOptimize.exe
FirewallRules: [{BF965921-8173-4F78-A63A-DD80AC63A504}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCUpdateAVLib.exe
FirewallRules: [{BCC72310-682C-4F28-B652-8E0AA1882E14}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQRepair.exe
FirewallRules: [{3FFDC4F1-DC16-4122-AD73-7900437FFE3E}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\Uninst.exe
FirewallRules: [{31CB4A04-D2C1-4EEF-8D7C-87C52D076F3A}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QQPCPatch.exe
FirewallRules: [{FA07EEEA-29B7-44B4-B3D2-C398887115CA}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\TpkUpdate.exe
FirewallRules: [{6974C8F5-2DED-4F9D-B901-D8A118B64946}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMRouterMgr.exe
FirewallRules: [{6796462C-3CAA-4F48-9B11-FB58CBDB014D}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAccountProtection.exe
FirewallRules: [{43D1A9E8-BF98-4EA8-BC41-D4BA1E6C80E1}] => (Allow) C:\Program Files (x86)\Tencent\QQPCMgr\11.5.17490.219\QMAdBlock.exe
==================== Wiederherstellungspunkte =========================
11-06-2016 18:17:49 Removed SlimCleaner Plus
13-06-2016 16:45:10 Removed Intel(R) WiDi.
Überprüfen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Intel(R) HD Graphics 4000
Description: Intel(R) HD Graphics 4000
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel Corporation
Service: igfx
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Der Dienst der Ereignisanzeige konnte nicht gestartet werden, Einträge konnten nicht gelesen werden.
Windows-Ereignisprotokoll wird gestartet.
Windows-Ereignisprotokoll konnte nicht gestartet werden.
Ein Systemfehler ist aufgetreten.
Systemfehler 1747 aufgetreten.
Der Authentifizierungsdienst ist unbekannt.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Prozentuale Nutzung des RAM: 26%
Installierter physikalischer RAM: 3977.02 MB
Verfügbarer physikalischer RAM: 2938.6 MB
Summe virtueller Speicher: 6537.02 MB
Verfügbarer virtueller Speicher: 5578.65 MB
==================== Laufwerke ================================
Drive c: (Boot) (Fixed) (Total:869.36 GB) (Free:799.86 GB) NTFS
Drive d: (Recover) (Fixed) (Total:60 GB) (Free:41.45 GB) NTFS
Drive e: () (Removable) (Total:1.87 GB) (Free:1.54 GB) FAT32
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 3E99AF5C)
Partition: GPT.
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 6F39A40F)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)
==================== Ende von Addition.txt ============================
Code:
ATTFilter Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:13-06-2016
durchgeführt von felix153 (2016-06-15 11:05:31) Run:1
Gestartet von E:\
Geladene Profile: felix153 (Verfügbare Profile: felix153 & UpdatusUser)
Start-Modus: Normal
==============================================
fixlist Inhalt:
*****************
CloseProcesses:
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [349152 2015-12-20]
C:\Program Files (x86)\MPC Cleaner
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [55016 2015-12-20] (DotCash)
C:\Windows\System32\DRIVERS\MPCKpt.sys
C:\Users\Public\Desktop\MPC Cleaner.lnk
EmptyTemp:
*****************
Prozess erfolgreich geschlossen.
MPCProtectService => Dienst konnte nicht gestoppt werden.
MPCProtectService => Dienst konnte nicht entfernt werden
"C:\Program Files (x86)\MPC Cleaner" Ordner verschieben:
Konnte nicht verschoben werden "C:\Program Files (x86)\MPC Cleaner" => ist geplant bei Neustart verschoben zu werden.
MPCKpt => Dienst konnte nicht gestoppt werden.
MPCKpt => Dienst konnte nicht entfernt werden
Konnte nicht verschoben werden "C:\Windows\System32\DRIVERS\MPCKpt.sys" => ist geplant bei Neustart verschoben zu werden.
C:\Users\Public\Desktop\MPC Cleaner.lnk => erfolgreich verschoben
EmptyTemp: => 336.3 MB temporäre Dateien entfernt.
Ergebnis der geplanten Datei-Verschiebungen (Start-Modus: Normal) (Datum&Uhrzeit: 2016-06-15 13:08:57)
"C:\Program Files (x86)\MPC Cleaner" => Konnte nicht verschoben werden
"C:\Windows\System32\DRIVERS\MPCKpt.sys" => Konnte nicht verschoben werden
==== Ende von Fixlog 13:08:59 ====
Michael |
|
19.06.2016, 13:46
| #3 |
| | Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden Nachricht an Admin:
__________________Problem hat sich erledigt. Habe mit Eingabeaufforderung (ADMIN) die Attribute mit -H/-R/ bearbeiten können. Danach konnte ich löschen. Sorry für die selbstgegebenen Antworten. Gruß Michael |
|
21.06.2016, 10:09
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beendenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.06.2016, 10:36
| #5 |
| | Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden Vielen Dank für den Hinweis. Ist Malware auch noch vorhanden nachdem ich das System mit der Recovery-CD wieder hergestellt habe? Nachdem ich als erstes wieder Comodo installiert hatte, im Anschluss eine Mod für "Minecraft" heruntergeladen habe, wurde Malware erkannt und sofort gesäubert. Eine Virenprüfung hat keine Schädlinge gefunden. Herzlichen Gruß Michael P.S. Um hier nicht zu diskutieren kann ich dir gerne eine Tel-Nr. per PM schicken |
|
21.06.2016, 10:39
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden Dann zeig mal frische FRST Logs. Haken setzen bei addition.txt dann auf Untersuchen klicken
__________________ --> Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden |
|
21.06.2016, 10:45
| #7 |
| | Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden Wird leider erst heute am frühen Abend. Bin im Office. |
|
| Themen zu Win 8.1: MPC Protect Service (32 Bit) und MPC Tray (32 Bit) lässt sich nicht beenden |
| askbar, booten, defender, desktop, dnsapi.dll, error, flash player, helper, homepage, iexplore.exe, malware, mozilla, problem, prozesse, registry, scan, schannel.dll, security, services.exe, slimcleaner plus, software, svchost.exe, system, trojaner, usb, viren, visual c++ 2015, windows, wuauclt.exe, zugriff verweigert |
Linear-Darstellung
