| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unregelmäßige Abstürze auf dem Laptop (Windows 10)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.09.2016, 22:40
| #1 |
| |  Unregelmäßige Abstürze auf dem Laptop (Windows 10) Guten Abend TB-Team, erstmal danke an Denjenigen der versuchen wird mir zu helfen. Seit mehreren Wochen friert mein Laptop scheinbar grundlos ein, soweit ich das beurteilen kann ist es egal was ich mache, es funktioniert gar nichts mehr und das Gerät lässt sich ausschließlich(!), durch langes Gedrückt halten des Power-Buttons runter fahren. Der Laptop ist nicht mehr der Jüngste, aber andere Ereignisse wie, plötzliche extreme Auslastung von Datenträger, Arbeitsspeicher etc. oder lange Wartezeiten in der Anwendung an sich könnte man auch Malware zurückführen. Klingt kommisch aber ich hoffe fast auf Malware, das heisst dann der Laptop hat noch paar Jahre vor sich.  Habe leider nur die Logs von Farbar Recovery Scan Tool. FRST.TXT Code:
ATTFilter Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von ****** (Administrator) auf LAP-OLI-PB (11-09-2016 23:28:01)
Gestartet von C:\Users\******\Desktop
Geladene Profile: ****** (Verfügbare Profile: ******)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Paramount Software UK Ltd) C:\Program Files\Recovery\Macrium\ReflectService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Nicht auf der Ausnahmeliste) ===========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2016-01-12] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-08-10] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2015-08-17] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-09] (Spotify Ltd)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Spotify] => C:\Users\******\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-09] (Spotify Ltd)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-13] (Piriform Ltd)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-05-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\RunOnce: [Uninstall C:\Users\******\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\******\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{0f498ac4-a476-4e33-a194-99de110adfbf}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{77191118-40d6-490a-9730-6d19131c5d3d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e2180892-4d8c-462e-a018-ba019af41351}: [DhcpNameServer] 80.69.96.12 81.210.129.4
Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)
FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1569932172-3107048923-2697670340-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF Extension: (Fast Dial) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\extensions\fastdial@telega.phpnet.us [2016-05-29]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\elemhidehelper@adblockplus.org.xpi [2016-08-04]
FF Extension: (Firefox Hotfix) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
FF Extension: (MEGA) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\firefox@mega.co.nz.xpi [2016-09-09]
FF Extension: (ProxTube) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\ich@maltegoetz.de.xpi [2016-08-24]
FF Extension: (Video Blocker) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\jid1-3OQ5HY7YsLBV7Q@jetpack.xpi [2016-08-27]
FF Extension: (Youtube Unblock VPN) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\vpn@youtube-unblock.org.xpi [2016-08-15]
FF Extension: (Adblock Plus) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
==================== Dienste (Nicht auf der Ausnahmeliste) ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-08-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-08-10] (COMODO)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21744 2015-08-30] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Recovery\Macrium\ReflectService.exe [3446224 2015-08-17] (Paramount Software UK Ltd)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-05-16] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [134656 2015-08-30] (Microsoft Corporation) [Datei ist nicht signiert]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-07-02] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Treiber (Nicht auf der Ausnahmeliste) ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
S3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2016-07-02] (LogMeIn Inc.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-03-14] (Realsil Semiconductor Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-11-20] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-03-14] (Synaptics Incorporated)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [48824 2016-07-02] (Tunngle.net GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [35880 2015-09-27] (Wellbia.com Co., Ltd.)
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-11 23:28 - 2016-09-11 23:28 - 00013969 _____ C:\Users\******\Desktop\FRST.txt
2016-09-11 23:27 - 2016-09-11 23:28 - 00000000 ____D C:\FRST
2016-09-11 23:15 - 2016-09-11 23:27 - 02397696 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2016-09-11 22:38 - 2016-09-11 22:38 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-11 22:31 - 2016-09-11 22:31 - 00000000 ____D C:\Users\******\Documents\Nexus Mod Manager
2016-09-11 22:01 - 2016-09-11 22:01 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-09-11 22:01 - 2016-09-11 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-11 21:47 - 2016-09-11 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-07 20:23 - 2016-09-07 20:23 - 00001255 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings.lnk
2016-09-07 20:22 - 2016-09-07 20:22 - 00000000 ____D C:\ProgramData\ATI
2016-09-07 20:15 - 2016-09-07 20:15 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-09-07 20:14 - 2016-09-07 20:14 - 00000000 ____D C:\Users\******\AppData\Roaming\library_dir
2016-09-07 20:14 - 2016-09-07 20:14 - 00000000 ____D C:\Users\******\AppData\Local\AMD
2016-09-07 20:14 - 2016-09-07 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-09-07 20:13 - 2016-09-07 20:13 - 00000000 ____D C:\Program Files (x86)\AMD
2016-09-07 20:10 - 2016-09-07 20:11 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-09-07 20:08 - 2016-09-07 20:08 - 00000000 ____D C:\Program Files (x86)\Crimson Radeon AMD DRIVER
2016-09-06 22:32 - 2016-09-06 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-09-05 20:01 - 2016-09-05 20:01 - 00000000 ____D C:\Users\******\Documents\Diablo III
2016-09-05 13:04 - 2016-09-07 20:54 - 00000000 ____D C:\Users\******\AppData\Local\Battle.net
2016-09-05 13:04 - 2016-09-05 13:04 - 00000000 ____D C:\Users\******\AppData\Local\Blizzard Entertainment
2016-09-05 13:04 - 2016-09-05 13:04 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-09-05 13:03 - 2016-09-05 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-09-05 13:02 - 2016-09-05 13:05 - 00000000 ____D C:\Users\******\AppData\Roaming\Battle.net
2016-09-05 13:02 - 2016-09-05 13:02 - 00000000 ____D C:\ProgramData\Battle.net
2016-08-31 22:26 - 2016-08-31 22:26 - 00000719 _____ C:\Users\******\AppData\Local\recently-used.xbel
2016-08-31 21:58 - 2016-08-31 21:58 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-08-31 21:58 - 2016-08-31 21:58 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-08-31 21:58 - 2016-08-31 21:58 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-08-31 21:58 - 2016-08-31 21:58 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-08-31 21:58 - 2016-08-20 07:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-31 21:58 - 2016-08-20 07:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-31 21:58 - 2016-08-19 03:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-08-24 11:07 - 2016-08-24 11:07 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-24 11:07 - 2016-08-24 11:07 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-08-24 11:07 - 2016-08-24 11:07 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-08-24 11:07 - 2016-08-24 11:07 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-24 11:06 - 2016-08-24 11:06 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-24 11:06 - 2016-08-24 11:06 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-08-24 11:05 - 2016-08-24 11:05 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-08-24 11:05 - 2016-08-24 11:05 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-08-24 11:05 - 2016-08-24 11:05 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-24 11:05 - 2016-08-24 11:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-24 11:05 - 2016-08-24 11:05 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-08-24 11:05 - 2016-08-24 11:05 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-08-24 11:05 - 2016-08-24 11:05 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-08-14 17:35 - 2016-08-22 21:17 - 00000000 ____D C:\Users\******\AppData\Roaming\Dwarfs
2016-08-14 14:05 - 2016-08-14 14:05 - 00000718 _____ C:\Users\******\Desktop\YGOPro DevPro Launcher.lnk
2016-08-14 14:02 - 2016-08-14 14:05 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YGOPro DevPro Launcher
2016-08-14 13:57 - 2016-08-14 13:57 - 00000000 ____D C:\Users\******\AppData\Roaming\DevPro, LLC
2016-08-14 13:48 - 2016-08-14 13:48 - 00000000 ____D C:\Users\******\AppData\Local\ElevatedDiagnostics
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2016-09-11 23:26 - 2015-08-16 22:12 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-09-11 23:08 - 2016-08-07 18:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 23:06 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-09-11 23:06 - 2016-01-28 12:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-11 23:05 - 2016-08-07 17:37 - 00000000 ____D C:\Users\******
2016-09-11 22:43 - 2015-08-29 23:33 - 00000000 ____D C:\Users\******\AppData\Roaming\Notepad++
2016-09-11 22:39 - 2016-01-11 22:27 - 00000000 ____D C:\Users\******\Desktop\Papiere
2016-09-11 22:37 - 2015-12-25 21:43 - 00000000 ____D C:\Users\******\AppData\Local\Black_Tree_Gaming
2016-09-11 22:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-11 22:13 - 2016-05-23 22:16 - 00000000 ____D C:\Users\******\Documents\BioWare
2016-09-11 22:01 - 2016-01-28 12:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-11 21:56 - 2016-03-25 01:13 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware
2016-09-11 21:55 - 2016-03-24 19:07 - 00000000 ____D C:\Users\******\Documents\PCSX2
2016-09-11 21:55 - 2016-03-24 18:55 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-09-11 21:48 - 2016-01-12 16:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-11 21:47 - 2016-08-04 19:44 - 00000000 ____D C:\ProgramData\Ubisoft
2016-09-11 14:05 - 2016-08-07 17:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-10 21:09 - 2015-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-10 20:46 - 2015-08-16 22:45 - 00000000 ____D C:\Users\******\AppData\Local\Spotify
2016-09-10 19:17 - 2015-08-16 22:41 - 00000000 ____D C:\Users\******\AppData\Roaming\Spotify
2016-09-10 18:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-09 16:52 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 22:20 - 2015-08-16 21:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-07 20:34 - 2015-08-16 17:58 - 00000000 ____D C:\AMD
2016-09-07 20:13 - 2016-08-07 17:32 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-09-07 20:13 - 2016-08-07 17:31 - 00000000 ____D C:\Program Files\AMD
2016-09-07 20:10 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-06 22:09 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-04 18:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-03 21:45 - 2016-08-07 17:36 - 02372738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-03 21:45 - 2016-07-17 00:51 - 01369346 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-03 21:45 - 2016-07-17 00:51 - 00380096 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-03 20:12 - 2016-02-10 18:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-03 20:07 - 2016-08-07 17:27 - 00425800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-02 14:35 - 2016-07-16 13:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-02 14:35 - 2016-07-16 13:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-02 14:35 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-31 21:48 - 2016-07-16 13:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-31 21:48 - 2016-07-16 13:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-31 21:48 - 2016-07-16 13:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-31 21:48 - 2016-07-16 13:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-31 21:48 - 2016-07-16 13:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-31 21:48 - 2016-07-16 13:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-31 21:48 - 2016-07-16 13:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-31 21:48 - 2016-07-16 13:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-26 17:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-24 11:00 - 2016-07-16 13:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-23 23:30 - 2016-08-07 12:11 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-08-23 15:33 - 2016-03-06 19:00 - 00000000 ____D C:\Users\******\AppData\Roaming\Tunngle
2016-08-23 15:26 - 2016-07-02 22:22 - 00000000 ____D C:\ProgramData\Tunngle
2016-08-20 12:17 - 2014-12-14 11:15 - 00387066 __RSH C:\bootmgr
2016-08-19 14:16 - 2016-08-07 18:22 - 00000000 ____D C:\Windows.old
2016-08-17 13:06 - 2015-09-25 13:14 - 00000000 ____D C:\Program Files\JDownloader
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2015-12-03 23:34 - 2015-12-05 11:11 - 0000009 _____ () C:\Users\******\AppData\Roaming\.sunvox_pateditor
2015-12-03 23:34 - 2015-12-05 11:11 - 0000002 _____ () C:\Users\******\AppData\Roaming\.sunvox_soundnet
2015-12-03 23:34 - 2015-12-05 11:11 - 0000001 _____ () C:\Users\******\AppData\Roaming\.sunvox_timeline
2015-12-03 23:34 - 2015-12-03 23:34 - 0000016 _____ () C:\Users\******\AppData\Roaming\sunvox_config.ini
2016-08-31 22:26 - 2016-08-31 22:26 - 0000719 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2015-09-19 18:50 - 2015-09-19 18:50 - 0000017 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2016-08-07 17:30 - 2016-08-07 17:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
==================== Bamital & volsnap =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2016-09-03 18:02
==================== Ende von FRST.txt ============================
|
|
11.09.2016, 22:41
| #2 |
| | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Hier noch die zweite Datei.
__________________ADDITION.TXT Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von **** (11-09-2016 23:29:24)
Gestartet von C:\Users\****\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-07 16:08:19)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1569932172-3107048923-2697670340-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1569932172-3107048923-2697670340-503 - Limited - Disabled)
Gast (S-1-5-21-1569932172-3107048923-2697670340-501 - Limited - Disabled)
**** (S-1-5-21-1569932172-3107048923-2697670340-1002 - Administrator - Enabled) => C:\Users\****
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Any Audio Converter 5.8.8 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3.1 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.4-308 - House of Life)
Bloons TD5 (HKLM\...\Steam App 306020) (Version: - Ninja Kiwi)
Build Tools for Windows 10 (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Buildtools für Windows 10 - DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CodedUITestUAP (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
COMODO Internet Security Premium (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version: - Valve)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dungeon Hearts (HKLM\...\Steam App 229520) (Version: - Cube Roots)
Dwarfs F2P (HKLM\...\Steam App 213650) (Version: - Power of 2)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version: - Streum On Studio)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Erforderliche Komponenten für SSDT (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version: - SQUARE ENIX)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Hearts of Iron III (HKLM\...\Steam App 25890) (Version: - Paradox Development Studio)
IDE Tools for Windows 10 (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
IDE-Tools für Windows 10 - DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version: - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version: - )
Intellisense Lang Pack Mobile Extension SDK 10.0.10240.0 (x32 Version: 10.0.10240.0 - Microsoft Corporation) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (x32 Version: 10.0.26624 - Microsoft) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.753 - Paramount Software (UK) Ltd.) Hidden
Mass Effect 2 (HKLM\...\Steam App 24980) (Version: - BioWare)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.2 Sprachpaket - DEU) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version: - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version: - Blackhole)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
osu! (HKLM-x32\...\{9eadd332-79cc-42e6-9efe-cc44fe3d55ec}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
Projekt- und Elementvorlagen für Visual Studio Express 2015 für Windows 10 – DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Projekt- und Elementvorlagen für Visual Studio Professional 2015 – DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version: - 2K Games, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
SpellForce: Platinum Edition (HKLM-x32\...\Steam App 39540) (Version: - Phenomic)
Spelunky (HKLM-x32\...\Steam App 239350) (Version: - )
Spotify (HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version: - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version: - Telltale Games)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
TWIN PS TO PC CONVERTER (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Unity (HKLM-x32\...\Unity) (Version: 5.2.3f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\UnityWebPlayer) (Version: 5.2.3f1 - Unity Technologies ApS)
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
USB Dual Vibration Joystick - Twin (HKLM-x32\...\{21A6E85C-0310-4623-BE61-35DFE2F9AA88}) (Version: 2005.10.24 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinAppDeploy (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version: - Team17 Digital Ltd)
YGOPro DevPro Launcher (HKLM-x32\...\{1692A049-9333-4C7B-A5A8-EC8E1864BA53}) (Version: 4.0.0 - DevPro, LLC)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\****\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {015D6CB4-9F78-4E05-9B61-EB0A08B021CE} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-08-10] (COMODO)
Task: {03674BD4-A4A5-4433-BB4B-2EE6EA1693F7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {1239A6C3-B0CE-4D98-9DC3-F7561D2AB360} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {1BAB93E9-EB45-4470-98CC-D04D00BA2BA4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {3E8836AF-D299-4443-9A10-4B71F9B58E9C} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-08-10] (COMODO)
Task: {5F2BA883-3584-4012-B8DA-972D77B34815} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {64629857-7990-4B1F-BDDD-D816B855F2E3} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {75BEE7BA-9E52-4312-B0A3-EBD5A369E569} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {794C9EB2-6ACB-4AE4-9F4F-457C64E90E3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {D2BB3FD3-ECBA-4D78-8B03-7B3F8E2C4203} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {DAAF1676-FA98-46E1-998F-191DCFC59DF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-13] (Piriform Ltd)
Task: {DF3290C5-35C7-42C3-8F16-CDB7194589DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DTRXY.job => C:\Users\Oli\AppData\Roaming\DTRXY.exe <==== ACHTUNG
==================== Verknüpfungen =============================
(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-01-08 23:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-07 18:29 - 2016-08-07 18:29 - 00959168 _____ () C:\Users\****\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 13:43 - 2016-08-24 11:00 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 13:43 - 2016-08-31 21:48 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 13:43 - 2016-08-31 21:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-08-30 15:30 - 2016-08-30 15:30 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-30 15:30 - 2016-08-30 15:30 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-30 15:30 - 2016-08-30 15:30 - 35288064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkyWrap.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
AlternateDataStreams: C:\WINDOWS\RtlExUpd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_as64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_ld64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\coinst_15.20.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d12SDKLayers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64F3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ETDCoInstaller01000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpbcoinsx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSSTAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\IntelSstCApoPropPage.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO7064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft.windows.softwarelogo.showdesktop.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenAL32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCRX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SECOMN64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDRA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wrap_oal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_as32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_ld32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dancemat.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenAL32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RsCRIcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SECOMN32.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsjitdebugger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wrap_oal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xliveinstallhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ETD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Hamdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RtsUer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ScpVBus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901t.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\hid8101.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\****\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\****\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\****\Desktop\SpeedAutoClicker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\****\Desktop\SpeedAutoClicker.exe:$CmdZnID [26]
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123simsen.com -> www.123simsen.com
Da befinden sich 7902 mehr Seiten.
==================== Hosts Inhalt: ==========================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2015-07-10 13:04 - 2016-06-13 18:54 - 00452618 ___RA C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
Da befinden sich 15529 zusätzliche Einträge.
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "SandboxieControl"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{48995F9D-ED02-4663-9144-93AC15A74D3F}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [TCP Query User{70BE5F83-B4E6-4D46-9030-335AC964A5D6}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{41135D4E-812D-4281-855C-813533A53186}D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{DB354F64-92D2-4671-9FBD-194EE60CB987}D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{C3450841-E759-4A0C-85A8-43E71C6AEC5A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{5869E20D-C1D7-447F-9CBD-F6F100EE0897}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{2A467F24-B89D-44A0-BC0F-AF3CC0C882F9}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{284ACB0A-4808-40B4-935A-4872E102F339}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [UDP Query User{61F6F739-2980-48CF-A6AB-B0C035F650C9}D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe
FirewallRules: [TCP Query User{FCF15AD6-38DB-400C-8F57-049EE393E688}D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe
FirewallRules: [{2D70869F-08C6-4696-AE16-EA94180DB16A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{B4F88666-A525-4109-844F-7D01A424A711}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{63BBA00A-4EC6-437C-B2F1-FC8F78943EF8}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{BB5D8612-A4AA-4684-ABF6-FA3801331B75}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{D655D067-4905-49DB-A9CB-96367C4DE603}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ABCEB4F8-CE7D-4C02-B1BA-BF16D406D979}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{46D6953E-D0FB-4001-BD28-86C640EE6E59}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dungeon Hearts\DungeonHearts.exe
FirewallRules: [{66CF4572-C844-4456-94F1-B78B5270AE11}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dungeon Hearts\DungeonHearts.exe
FirewallRules: [{66AED8F3-8150-4951-88BD-72EA8C52EB8D}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{50D80CBE-E2D8-468C-8784-C10B4110BC9E}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CEC70388-DAD2-4246-B185-0B1C798E9DC6}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{602A4A9A-24E3-4BA5-B094-77027B4B4C67}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{799D7E3B-2999-4639-B58C-B686322F4E9A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{34D5F8F4-5F3A-4A42-9947-269753BA1385}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{C77632A9-7018-425B-A512-71E151BD0A9E}] => (Block) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{0BF3C07F-5197-4A67-941A-082077AC523F}] => (Block) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{4A51D5B8-5158-42BC-B638-F3B1F43F0F66}D:\spiele\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [TCP Query User{508725AC-C404-43AB-833B-D23B09668902}D:\spiele\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{BB8AFD41-D797-4234-8911-C23F86A1777A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CA778D11-0055-45E3-B070-42E6EB6FC38F}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{783B3295-A1D8-47F3-98E3-BC86204D11CA}] => (Block) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [{76A93D52-6512-4003-8DB6-8203529BD357}] => (Block) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [{DE221435-667B-420E-90F2-4A401333A269}] => (Block) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [{A0712465-EEF5-40FF-AF1E-46F2E80141B1}] => (Block) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{0B5A9FD5-EC7E-4BA3-833A-6931BE7236D9}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{424E45D1-CBA0-4892-9ABA-E4E4905B389D}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{456F7E64-36B6-4B44-8664-A47294F54996}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [TCP Query User{BA6DD9B3-82A7-4CE1-AE47-5F2234806C24}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [{A8E2C4A2-E8B9-42DB-9DA0-EA7F100C14D2}] => (Block) C:\program files (x86)\emule\emule.exe
FirewallRules: [{A730966F-5AC0-440E-9A4C-C59C6B7E6C44}] => (Block) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{96D4C42F-AE72-460E-BF2C-5C460B70D3B0}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{1BA9E8F0-CF05-46D8-B91A-D7EDE8B5739F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{B33796D1-9091-4E6C-B61C-1ECCF2A310A3}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{65E99DA2-B57C-4010-9FC2-DDFD8E07C19D}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{21444110-8D33-433B-AC36-727828F5A0AA}] => (Allow) D:\Spiele\Der Herr der Ringe\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{4FDA16CE-2505-40ED-9678-33E6A722D34D}] => (Allow) D:\Spiele\Der Herr der Ringe\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{01228E9C-AD6D-4A5F-B83E-10BCAB13E7C8}] => (Block) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [{ABCA3E1C-7128-448A-8626-0952634E8703}] => (Block) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [UDP Query User{AF98012A-B07D-490B-8418-8E48722380E4}D:\spiele\die siedler\bin\settlershok.exe] => (Allow) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [TCP Query User{963F9CEA-BDEB-4FC1-B921-3AC5C18B6734}D:\spiele\die siedler\bin\settlershok.exe] => (Allow) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [{252C92BE-013D-43D0-83C4-C1C0BFB91CAA}] => (Allow) D:\Spiele\Der Herr der Ringe\Die Schlacht um Mittelerde 2\game.dat
FirewallRules: [{EE02361A-F2E5-4A09-A98C-385A5BB41B95}] => (Allow) D:\Spiele\Der Herr der Ringe\Die Schlacht um Mittelerde 2\game.dat
FirewallRules: [{43B55578-6BDB-4F06-A87C-8780C9FFD5F6}] => (Block) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2B6F886F-5009-4DC1-A346-C6F92954183E}] => (Block) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6AFDD3F3-890F-4FAE-9103-DC6DE309039D}D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{54E08482-FF3C-4D2F-BB7B-F68C722DF177}D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DD8B88E5-9198-4007-A4D1-D1DF558874F4}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5DFC4B84-2BF5-43C1-90AF-3A84AB503ECF}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F967A77B-483F-41CD-9892-6E8FB9BA4B94}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{224A6B75-0FBB-44D9-9172-21F0887D1542}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [UDP Query User{2BD6D70F-C0A7-4A6F-BB7F-F80C5307EDAB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{D2D08C83-EF86-4F08-A06F-D5D86AADE1DE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F8FC1E9F-7242-4568-A9E9-9EAA5AAF09B3}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F97EC449-EEE0-4B82-A543-2BF510B49E37}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{35C342DF-F5C2-4B91-A191-0D68CB449B04}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{16DC3BE2-51AE-41A2-8C89-81859905B40D}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [UDP Query User{7B86B5C1-7AA8-48AE-8856-24FD45C35118}C:\users\****\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\****\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{ED10F665-2C18-4831-A863-7390E08F4803}C:\users\****\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\****\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{0416C2AD-DC2E-471B-A83B-B9E3389A76D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99299E44-FA11-4165-9B25-5CA60293CBF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{886489E4-6B8A-4055-80CE-1BA50EF589EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5C9A031-30C2-4CBC-9AF3-87AB0E0DD365}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{37FC875E-8630-45EE-97A7-9571E2D1BF65}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{54F3CA4F-D8B6-41D7-BAFA-317C3D3E1342}C:\users\****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\****\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7AD99014-5865-47CC-BE43-DF79F08FDE2A}C:\users\****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\****\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4221A666-03F5-4427-98B6-8C38FEEA49BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA870BA2-9EBC-4764-B3ED-A090F5C00ADB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F9FE07D3-C77D-4787-A01B-E0C244474662}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{B85B0AF5-DB82-4EFA-8DD6-62901CF6AACE}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F49D0D8B-831E-457B-8DA2-ABA74C736ECF}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BAE2B0C4-62B4-43E1-9C95-DB6F35CF8403}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1F27AC58-C2DA-46AA-B3A3-AB8D702531F0}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{B86B6AF0-D163-40DD-9FC9-AE85BBD81838}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{C811A82F-ADAE-434C-A95E-F61875CC94D4}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{FB42C8D9-E183-4FA5-8E0C-7E45B0540D32}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4F62A6B7-C7B3-42D0-B8E9-7010AB7D9A63}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{743F628B-F4E7-4BD3-9962-50FD0FB561CE}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{68B273B1-0B0A-4639-A2B7-F1838F7B117B}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spellforce Platinum Edition\SpellForce.exe
FirewallRules: [{8DDE4948-891D-408A-9FC4-12E38CF380A6}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spellforce Platinum Edition\SpellForce.exe
FirewallRules: [{60BA14F7-246F-4B31-8FC8-F29B030B44BD}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{098AE387-B780-4FFC-BFF6-45924FE2470A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{2009438C-9D04-4A02-B92A-67A827DAEF0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B66C41F-51BD-4C82-8558-DBD8C7D0771F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1BFDC89-2E93-427B-8807-57E603AECAEB}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{467DDB3C-4DC4-4332-9577-3B3F7DFBEB23}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{04534171-8901-40D0-AF0C-AF7C46DC63D9}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{A281FCF4-0B34-4D92-AE72-0525A88867A5}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{825CCF75-A32A-4CB8-9BDB-944C009FFEBD}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D2004C31-161B-4802-AA8F-C44A7E805CBA}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BCBC91F1-2D2F-44B9-B4E9-2A8D91179BE0}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\EYE\EYE.exe
FirewallRules: [{F7AE4D4F-3776-430C-86CD-200EB5315C47}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\EYE\EYE.exe
FirewallRules: [TCP Query User{4B05177D-C763-47F3-A640-0A4731AC790A}C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe] => (Allow) C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe
FirewallRules: [UDP Query User{20FF2E8E-2C80-4E1B-BF05-945651BFAFFF}C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe] => (Allow) C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe
FirewallRules: [TCP Query User{05CB7A23-3EAB-41EB-9DC9-0BE7B5D51204}D:\spiele\devpro\ygopro_devpro.exe] => (Allow) D:\spiele\devpro\ygopro_devpro.exe
FirewallRules: [UDP Query User{FC1B05F6-B299-4B9A-8577-FB3999779C18}D:\spiele\devpro\ygopro_devpro.exe] => (Allow) D:\spiele\devpro\ygopro_devpro.exe
FirewallRules: [{D7800AEB-FC0D-4A56-B2DF-7225BDAAF224}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dwarfs - F2P\Dwarfs.exe
FirewallRules: [{0E99DC6D-A784-4DFB-A41B-B4CE89D882ED}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dwarfs - F2P\Dwarfs.exe
FirewallRules: [TCP Query User{0380B152-32D4-4330-9C35-2588AA7817E2}D:\spiele\battle.net\diablo iii\diablo iii.exe] => (Allow) D:\spiele\battle.net\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5DDA787F-E14C-494E-B4E7-4CB2459FC9CD}D:\spiele\battle.net\diablo iii\diablo iii.exe] => (Allow) D:\spiele\battle.net\diablo iii\diablo iii.exe
FirewallRules: [{599A5A10-3CD5-4EB0-A3D3-232B3B866F1E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{34ADEA33-DAC8-402F-B745-115B6C8158CE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{764115B7-B498-4BA9-BE6A-A35512965A57}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0D06C7CD-3E6F-4C5C-9017-7CD9C5C17A38}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7A06E664-7164-4ECC-8D3D-185FCE63C598}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{7E4D8387-C64A-4FB9-AD10-1C74A1826E2F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
==================== Wiederherstellungspunkte =========================
01-09-2016 16:50:15 Windows Update
09-09-2016 19:41:11 Geplanter Prüfpunkt
11-09-2016 22:31:17 Removed Greenfoot
==================== Fehlerhafte Geräte im Gerätemanager =============
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/11/2016 10:37:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NexusClient.exe, Version 0.61.23.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1acc
Startzeit: 01d20c6b6a948a1e
Beendigungszeit: 4294967295
Anwendungspfad: C:\Program Files\Nexus Mod Manager\NexusClient.exe
Berichts-ID: 805e3114-785f-11e6-9c6a-3859f96b9301
Vollständiger Name des fehlerhaften Pakets:
Auf das fehlerhafte Paket bezogene Anwendungs-ID:
Error: (09/11/2016 10:31:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (09/11/2016 10:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NexusClient.exe, Version: 0.61.23.0, Zeitstempel: 0x57335ff7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.0, Zeitstempel: 0x57899809
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0x01d20c65afa964f5
Pfad der fehlerhaften Anwendung: C:\Program Files\Nexus Mod Manager\NexusClient.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 556be27b-36db-412a-9a4f-cce32406916a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/11/2016 10:26:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: NexusClient.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Nexus.Transactions.RollbackException
bei Nexus.Transactions.Transaction.Rollback()
bei Nexus.Transactions.TransactionScope.Dispose()
bei Nexus.Client.ModManagement.ModUninstaller.RunTasks()
bei Nexus.Client.Util.Threading.TrackedThread.RunThread()
bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
bei System.Threading.ThreadHelper.ThreadStart()
Error: (09/11/2016 09:48:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig.
.
Vorgang:
Asynchroner Vorgang wird ausgeführt
Kontext:
Aktueller Status: DoSnapshotSet
Error: (09/11/2016 09:48:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (09/10/2016 04:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.
Error: (09/09/2016 07:41:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.
System Error:
Zugriff verweigert
.
Error: (09/07/2016 10:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Diablo III.exe, Version: 2.4.2.39192, Zeitstempel: 0x57b4ed81
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.103, Zeitstempel: 0x57b7e09e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003f793
ID des fehlerhaften Prozesses: 0x1818
Startzeit der fehlerhaften Anwendung: 0x01d2093689f45a02
Pfad der fehlerhaften Anwendung: D:\Spiele\Battle.net\Diablo III\Diablo III.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: de3c3f45-286d-4d07-ac5a-28676377d457
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Error: (09/07/2016 08:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cnext.exe, Version: 10.1.1.1522, Zeitstempel: 0x56d0b595
Name des fehlerhaften Moduls: Qt5Core.dll, Version: 5.5.0.0, Zeitstempel: 0x558c6b3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000083250
ID des fehlerhaften Prozesses: 0x7cc
Startzeit der fehlerhaften Anwendung: 0x01d2093471848c32
Pfad der fehlerhaften Anwendung: C:\Program Files\AMD\CNext\CNext\cnext.exe
Pfad des fehlerhaften Moduls: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
Berichtskennung: e5220d43-0f92-4323-8a08-8d4f6a10a61c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:
Systemfehler:
=============
Error: (09/11/2016 11:10:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
Error: (09/11/2016 11:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (09/11/2016 11:08:16 PM) (Source: SbieSvc) (EventID: 9234) (User: )
Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823
Error: (09/11/2016 11:08:11 PM) (Source: SbieDrv) (EventID: 1103) (User: )
Description: SBIE1103 Sandboxie-Treiber (SbieDrv) version 5.10 konnte nicht gestartet werden
Error: (09/11/2016 11:08:11 PM) (Source: SbieDrv) (EventID: 1113) (User: )
Description: SBIE1113 Kann Nt System Service nicht finden, Grund AcceptConnectPort
Error: (09/11/2016 11:08:11 PM) (Source: SbieDrv) (EventID: 1113) (User: )
Description: SBIE1113 Kann Nt System Service nicht finden, Grund MASTER TABLE
Error: (09/11/2016 02:09:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler
Error: (09/11/2016 02:07:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.
Error: (09/11/2016 02:07:03 PM) (Source: SbieSvc) (EventID: 9234) (User: )
Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823
Error: (09/11/2016 02:06:58 PM) (Source: SbieDrv) (EventID: 1103) (User: )
Description: SBIE1103 Sandboxie-Treiber (SbieDrv) version 5.10 konnte nicht gestartet werden
CodeIntegrity:
===================================
Date: 2016-09-11 23:07:10.358
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-11 14:05:56.924
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-10 18:26:26.545
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-07 20:17:35.951
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-06 22:10:26.133
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-06 22:10:02.348
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-06 22:09:40.208
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-06 22:09:39.419
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-06 21:54:39.547
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2016-09-03 21:38:50.390
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 5995.86 MB
Verfügbarer physikalischer RAM: 3812.86 MB
Summe virtueller Speicher: 12139.86 MB
Verfügbarer virtueller Speicher: 9851.99 MB
==================== Laufwerke ================================
Drive c: (Win7Home) (Fixed) (Total:194.55 GB) (Free:117.47 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Data) (Fixed) (Total:405.56 GB) (Free:65.01 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 09B2C708)
Partition 1: (Not Active) - (Size=100 MB) - (Type=17)
Partition 2: (Active) - (Size=194.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=783 MB) - (Type=27)
Partition 4: (Not Active) - (Size=503.2 GB) - (Type=OF Extended)
==================== Ende von Addition.txt ============================
Ich hoffe ist alles richtig so und wünsche noch nen angenehmen Start in die Woche! |
|
25.09.2016, 15:32
| #3 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1 Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
26.09.2016, 08:59
| #4 |
| | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Hallo, hier der Report: Code:
ATTFilter 09:46:33.0328 0x05c8 TDSS rootkit removing tool 3.1.0.11 Aug 5 2016 12:13:31
09:47:00.0339 0x05c8 ============================================================
09:47:00.0340 0x05c8 Current date / time: 2016/09/26 09:47:00.0339
09:47:00.0340 0x05c8 SystemInfo:
09:47:00.0363 0x05c8
09:47:00.0363 0x05c8 OS Version: 10.0.14393 ServicePack: 0.0
09:47:00.0363 0x05c8 Product type: Workstation
09:47:00.0363 0x05c8 ComputerName: LAP-OLI-PB
09:47:00.0363 0x05c8 UserName: Oliver
09:47:00.0363 0x05c8 Windows directory: C:\WINDOWS
09:47:00.0363 0x05c8 System windows directory: C:\WINDOWS
09:47:00.0363 0x05c8 Running under WOW64
09:47:00.0363 0x05c8 Processor architecture: Intel x64
09:47:00.0363 0x05c8 Number of processors: 4
09:47:00.0364 0x05c8 Page size: 0x1000
09:47:00.0364 0x05c8 Boot type: Normal boot
09:47:00.0364 0x05c8 CodeIntegrityOptions = 0x00000001
09:47:00.0364 0x05c8 ============================================================
09:47:00.0903 0x05c8 KLMD registered as C:\WINDOWS\system32\drivers\76015526.sys
09:47:00.0903 0x05c8 KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.187, osProperties = 0x19
09:47:01.0351 0x05c8 System UUID: {35BCC849-4E9C-4941-C05A-CF36D75B4AE6}
09:47:02.0395 0x05c8 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:47:02.0400 0x05c8 ============================================================
09:47:02.0400 0x05c8 \Device\Harddisk0\DR0:
09:47:02.0404 0x05c8 MBR partitions:
09:47:02.0404 0x05c8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1851BC77
09:47:02.0426 0x05c8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186D932C, BlocksNum 0x32B1CD09
09:47:02.0459 0x05c8 ============================================================
09:47:03.0467 0x05c8 C: <-> \Device\Harddisk0\DR0\Partition1
09:47:03.0584 0x05c8 D: <-> \Device\Harddisk0\DR0\Partition2
09:47:03.0584 0x05c8 ============================================================
09:47:03.0584 0x05c8 Initialize success
09:47:03.0584 0x05c8 ============================================================
09:47:32.0968 0x1dfc ============================================================
09:47:32.0968 0x1dfc Scan started
09:47:32.0968 0x1dfc Mode: Manual; SigCheck; TDLFS;
09:47:32.0968 0x1dfc ============================================================
09:47:32.0968 0x1dfc KSN ping started
09:47:33.0113 0x1dfc KSN ping finished: true
09:47:36.0701 0x1dfc ================ Scan system memory ========================
09:47:36.0701 0x1dfc System memory - ok
09:47:36.0703 0x1dfc ================ Scan services =============================
09:47:39.0053 0x1dfc 1394ohci - ok
09:47:39.0057 0x1dfc 3ware - ok
09:47:39.0078 0x1dfc ACPI - ok
09:47:39.0082 0x1dfc AcpiDev - ok
09:47:39.0087 0x1dfc acpiex - ok
09:47:39.0111 0x1dfc acpipagr - ok
09:47:39.0178 0x1dfc AcpiPmi - ok
09:47:39.0194 0x1dfc acpitime - ok
09:47:39.0399 0x1dfc [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:47:39.0458 0x1dfc AdobeARMservice - ok
09:47:40.0447 0x1dfc [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:47:40.0479 0x1dfc AdobeFlashPlayerUpdateSvc - ok
09:47:40.0553 0x1dfc ADP80XX - ok
09:47:40.0559 0x1dfc AFD - ok
09:47:40.0991 0x1dfc [ E20C1118524DF19945BCD83A3843E8CF, 90C87096E9E2595DAA503CFD9C24D7D8F9CB2D567ACAB06FBF5527C8A6059409 ] AGSService C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
09:47:41.0139 0x1dfc AGSService - ok
09:47:41.0168 0x1dfc ahcache - ok
09:47:41.0191 0x1dfc AJRouter - ok
09:47:41.0222 0x1dfc ALG - ok
09:47:41.0288 0x1dfc [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
09:47:41.0652 0x1dfc AMD External Events Utility - ok
09:47:41.0665 0x1dfc AmdK8 - ok
09:47:41.0684 0x1dfc amdkmdag - ok
09:47:41.0812 0x1dfc [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
09:47:41.0916 0x1dfc amdkmdap - ok
09:47:41.0965 0x1dfc AmdPPM - ok
09:47:41.0973 0x1dfc amdsata - ok
09:47:41.0989 0x1dfc amdsbs - ok
09:47:41.0993 0x1dfc amdxata - ok
09:47:41.0998 0x1dfc AppID - ok
09:47:42.0013 0x1dfc AppIDSvc - ok
09:47:42.0022 0x1dfc Appinfo - ok
09:47:42.0048 0x1dfc applockerfltr - ok
09:47:42.0072 0x1dfc AppReadiness - ok
09:47:42.0119 0x1dfc AppXSvc - ok
09:47:42.0142 0x1dfc arcsas - ok
09:47:42.0458 0x1dfc aspnet_state - ok
09:47:42.0463 0x1dfc AsyncMac - ok
09:47:42.0487 0x1dfc atapi - ok
09:47:42.0566 0x1dfc athr - ok
09:47:42.0629 0x1dfc AudioEndpointBuilder - ok
09:47:42.0662 0x1dfc Audiosrv - ok
09:47:42.0678 0x1dfc AxInstSV - ok
09:47:42.0697 0x1dfc b06bdrv - ok
09:47:42.0720 0x1dfc BasicDisplay - ok
09:47:42.0743 0x1dfc BasicRender - ok
09:47:42.0758 0x1dfc bcmfn - ok
09:47:42.0772 0x1dfc bcmfn2 - ok
09:47:42.0787 0x1dfc BDESVC - ok
09:47:42.0809 0x1dfc Beep - ok
09:47:42.0832 0x1dfc BFE - ok
09:47:42.0884 0x1dfc BITS - ok
09:47:42.0891 0x1dfc bowser - ok
09:47:42.0926 0x1dfc BrokerInfrastructure - ok
09:47:42.0930 0x1dfc Browser - ok
09:47:42.0960 0x1dfc BthAvrcpTg - ok
09:47:42.0974 0x1dfc BthHFEnum - ok
09:47:42.0986 0x1dfc bthhfhid - ok
09:47:43.0020 0x1dfc BthHFSrv - ok
09:47:43.0030 0x1dfc BTHMODEM - ok
09:47:43.0044 0x1dfc bthserv - ok
09:47:43.0087 0x1dfc buttonconverter - ok
09:47:43.0096 0x1dfc CapImg - ok
09:47:43.0100 0x1dfc cdfs - ok
09:47:43.0115 0x1dfc CDPSvc - ok
09:47:43.0141 0x1dfc CDPUserSvc - ok
09:47:43.0185 0x1dfc cdrom - ok
09:47:43.0193 0x1dfc CertPropSvc - ok
09:47:43.0208 0x1dfc cht4iscsi - ok
09:47:43.0212 0x1dfc cht4vbd - ok
09:47:43.0249 0x1dfc circlass - ok
09:47:43.0253 0x1dfc CLFS - ok
09:47:43.0262 0x1dfc ClipSVC - ok
09:47:43.0270 0x1dfc clreg - ok
09:47:43.0289 0x1dfc CmBatt - ok
09:47:43.0904 0x1dfc [ 7DFC16B25788C97F3E9C42B1FCAC0A67, D729D138CAAE8295B750A48F8A9806F4C54224BEF4A5260EDDB5B1D959FC9CFF ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:47:44.0156 0x1dfc CmdAgent - ok
09:47:44.0215 0x1dfc [ EAE2829CFBE8A84E3CC2A1451966E74F, 621AEA870D79A99FBA1339AA8C105A65ED3194E082DFFC33EA7513C0E5C453B5 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
09:47:44.0226 0x1dfc cmderd - ok
09:47:44.0317 0x1dfc [ 08400F4E1D6F586EE7C4136C4CB4B1D8, 629FED82F975BC18FCAA9E6B19C5A3CA42DAF2C2F9B383590987A62747707D74 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:47:44.0374 0x1dfc cmdGuard - ok
09:47:44.0394 0x1dfc [ 752041CFBE3C0EEA5BC4E9F0E98F7929, A88C70610E242B0F3E459A0926A44D6F2CB179C741313D9B4602A48559E313ED ] cmdhlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:47:44.0405 0x1dfc cmdhlp - ok
09:47:44.0799 0x1dfc [ 084A29576C98C45E836CC977C1D311FD, BE01F6A181AB43590C15271E09BEC9B2CF14A011E7A8EE226CA1A2E6C874B39B ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
09:47:44.0879 0x1dfc cmdvirth - ok
09:47:44.0931 0x1dfc CNG - ok
09:47:44.0935 0x1dfc cnghwassist - ok
09:47:45.0149 0x1dfc CompositeBus - ok
09:47:45.0153 0x1dfc COMSysApp - ok
09:47:45.0175 0x1dfc condrv - ok
09:47:45.0226 0x1dfc CoreMessagingRegistrar - ok
09:47:45.0715 0x1dfc [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
09:47:46.0947 0x1dfc cphs - ok
09:47:46.0967 0x1dfc CryptSvc - ok
09:47:46.0996 0x1dfc dam - ok
09:47:47.0019 0x1dfc DcomLaunch - ok
09:47:47.0044 0x1dfc DcpSvc - ok
09:47:47.0063 0x1dfc defragsvc - ok
09:47:47.0097 0x1dfc DeviceAssociationService - ok
09:47:47.0110 0x1dfc DeviceInstall - ok
09:47:47.0140 0x1dfc DevQueryBroker - ok
09:47:47.0165 0x1dfc Dfsc - ok
09:47:47.0179 0x1dfc Dhcp - ok
09:47:47.0258 0x1dfc diagnosticshub.standardcollector.service - ok
09:47:47.0274 0x1dfc DiagTrack - ok
09:47:47.0298 0x1dfc disk - ok
09:47:47.0333 0x1dfc DmEnrollmentSvc - ok
09:47:47.0341 0x1dfc dmvsc - ok
09:47:47.0398 0x1dfc dmwappushservice - ok
09:47:47.0410 0x1dfc Dnscache - ok
09:47:47.0422 0x1dfc dot3svc - ok
09:47:47.0436 0x1dfc DPS - ok
09:47:47.0459 0x1dfc drmkaud - ok
09:47:47.0495 0x1dfc DsmSvc - ok
09:47:47.0503 0x1dfc DsSvc - ok
09:47:47.0530 0x1dfc DXGKrnl - ok
09:47:47.0558 0x1dfc EapHost - ok
09:47:47.0575 0x1dfc ebdrv - ok
09:47:47.0607 0x1dfc EFS - ok
09:47:47.0632 0x1dfc EhStorClass - ok
09:47:47.0680 0x1dfc EhStorTcgDrv - ok
09:47:47.0714 0x1dfc embeddedmode - ok
09:47:47.0722 0x1dfc EntAppSvc - ok
09:47:47.0730 0x1dfc ErrDev - ok
09:47:47.0823 0x1dfc [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
09:47:47.0846 0x1dfc ETD - ok
09:47:47.0944 0x1dfc [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService C:\Program Files\Elantech\ETDService.exe
09:47:47.0958 0x1dfc ETDService - ok
09:47:47.0985 0x1dfc EventSystem - ok
09:47:47.0989 0x1dfc exfat - ok
09:47:48.0008 0x1dfc fastfat - ok
09:47:48.0019 0x1dfc Fax - ok
09:47:48.0043 0x1dfc fdc - ok
09:47:48.0052 0x1dfc fdPHost - ok
09:47:48.0061 0x1dfc FDResPub - ok
09:47:48.0079 0x1dfc fhsvc - ok
09:47:48.0138 0x1dfc FileCrypt - ok
09:47:48.0142 0x1dfc FileInfo - ok
09:47:48.0156 0x1dfc Filetrace - ok
09:47:48.0160 0x1dfc flpydisk - ok
09:47:48.0171 0x1dfc FltMgr - ok
09:47:48.0185 0x1dfc FontCache - ok
09:47:48.0330 0x1dfc FontCache3.0.0.0 - ok
09:47:48.0367 0x1dfc FrameServer - ok
09:47:48.0383 0x1dfc FsDepends - ok
09:47:48.0389 0x1dfc Fs_Rec - ok
09:47:48.0394 0x1dfc fvevol - ok
09:47:48.0435 0x1dfc gencounter - ok
09:47:48.0465 0x1dfc genericusbfn - ok
09:47:48.0474 0x1dfc GPIOClx0101 - ok
09:47:48.0494 0x1dfc gpsvc - ok
09:47:48.0527 0x1dfc GpuEnergyDrv - ok
09:47:48.0558 0x1dfc [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi C:\WINDOWS\System32\drivers\Hamdrv.sys
09:47:48.0582 0x1dfc Hamachi - ok
09:47:48.0600 0x1dfc HdAudAddService - ok
09:47:48.0610 0x1dfc HDAudBus - ok
09:47:48.0615 0x1dfc HidBatt - ok
09:47:48.0622 0x1dfc HidBth - ok
09:47:48.0641 0x1dfc hidi2c - ok
09:47:48.0661 0x1dfc hidinterrupt - ok
09:47:48.0696 0x1dfc HidIr - ok
09:47:48.0728 0x1dfc hidserv - ok
09:47:48.0767 0x1dfc HidUsb - ok
09:47:48.0789 0x1dfc HomeGroupListener - ok
09:47:48.0817 0x1dfc HomeGroupProvider - ok
09:47:48.0829 0x1dfc HpSAMD - ok
09:47:48.0834 0x1dfc HTTP - ok
09:47:48.0867 0x1dfc HvHost - ok
09:47:48.0910 0x1dfc hvservice - ok
09:47:48.0914 0x1dfc hwpolicy - ok
09:47:48.0920 0x1dfc hyperkbd - ok
09:47:48.0926 0x1dfc i8042prt - ok
09:47:48.0932 0x1dfc iagpio - ok
09:47:48.0942 0x1dfc iai2c - ok
09:47:48.0947 0x1dfc iaLPSS2i_GPIO2 - ok
09:47:48.0954 0x1dfc iaLPSS2i_I2C - ok
09:47:48.0959 0x1dfc iaLPSSi_GPIO - ok
09:47:48.0970 0x1dfc iaLPSSi_I2C - ok
09:47:48.0975 0x1dfc iaStorAV - ok
09:47:48.0980 0x1dfc iaStorV - ok
09:47:48.0994 0x1dfc ibbus - ok
09:47:49.0026 0x1dfc icssvc - ok
09:47:49.0470 0x1dfc [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
09:47:49.0653 0x1dfc igfx - ok
09:47:49.0684 0x1dfc IKEEXT - ok
09:47:49.0749 0x1dfc IndirectKmd - ok
09:47:49.0818 0x1dfc [ 55BB2E54302416B9F7D2489FC16F7333, FD697F033D56DE76718A83514A468267235BE3AE1ECD2B5E7B8BCA1520699E7F ] inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
09:47:49.0831 0x1dfc inspect - ok
09:47:50.0414 0x1dfc [ D172E06EFE08DF148155A59DB716C1B6, F059B0B37C5E944D70626E9F029BC6311029E0A9D778C9C75DDDDC59A5AF1605 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
09:47:50.0746 0x1dfc IntcAzAudAddService - ok
09:47:50.0775 0x1dfc intelide - ok
09:47:50.0780 0x1dfc intelpep - ok
09:47:50.0784 0x1dfc intelppm - ok
09:47:50.0789 0x1dfc iorate - ok
09:47:50.0795 0x1dfc IpFilterDriver - ok
09:47:50.0838 0x1dfc iphlpsvc - ok
09:47:50.0877 0x1dfc IPMIDRV - ok
09:47:50.0909 0x1dfc IPNAT - ok
09:47:51.0368 0x1dfc [ B76542085ABAD1AD4E5684F761DFC2EF, C6699B788D6E81E73519433F12BFD3B12C71A5EE2A12810697FE9C4350A179B3 ] IpOverUsbSvc C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
09:47:51.0382 0x1dfc IpOverUsbSvc - ok
09:47:51.0386 0x1dfc irda - ok
09:47:51.0390 0x1dfc IRENUM - ok
09:47:51.0400 0x1dfc irmon - ok
09:47:51.0413 0x1dfc isapnp - ok
09:47:51.0444 0x1dfc iScsiPrt - ok
09:47:51.0476 0x1dfc kbdclass - ok
09:47:51.0480 0x1dfc kbdhid - ok
09:47:51.0528 0x1dfc kdnic - ok
09:47:51.0534 0x1dfc KeyIso - ok
09:47:51.0612 0x1dfc KSecDD - ok
09:47:51.0631 0x1dfc KSecPkg - ok
09:47:51.0718 0x1dfc ksthunk - ok
09:47:51.0765 0x1dfc KtmRm - ok
09:47:51.0800 0x1dfc L1C - ok
09:47:51.0832 0x1dfc LanmanServer - ok
09:47:51.0868 0x1dfc LanmanWorkstation - ok
09:47:51.0900 0x1dfc lfsvc - ok
09:47:51.0988 0x1dfc LicenseManager - ok
09:47:52.0020 0x1dfc lltdio - ok
09:47:52.0041 0x1dfc lltdsvc - ok
09:47:52.0083 0x1dfc lmhosts - ok
09:47:52.0122 0x1dfc LSI_SAS - ok
09:47:52.0130 0x1dfc LSI_SAS2i - ok
09:47:52.0142 0x1dfc LSI_SAS3i - ok
09:47:52.0151 0x1dfc LSI_SSS - ok
09:47:52.0162 0x1dfc LSM - ok
09:47:52.0171 0x1dfc luafv - ok
09:47:52.0244 0x1dfc MapsBroker - ok
09:47:52.0264 0x1dfc megasas - ok
09:47:52.0287 0x1dfc megasr - ok
09:47:52.0347 0x1dfc [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
09:47:52.0357 0x1dfc MEIx64 - ok
09:47:52.0403 0x1dfc MessagingService - ok
09:47:52.0772 0x1dfc Microsoft SharePoint Workspace Audit Service - ok
09:47:52.0833 0x1dfc mlx4_bus - ok
09:47:52.0864 0x1dfc MMCSS - ok
09:47:52.0869 0x1dfc Modem - ok
09:47:52.0900 0x1dfc monitor - ok
09:47:52.0914 0x1dfc mouclass - ok
09:47:52.0926 0x1dfc mouhid - ok
09:47:52.0932 0x1dfc mountmgr - ok
09:47:52.0938 0x1dfc mpsdrv - ok
09:47:52.0961 0x1dfc MpsSvc - ok
09:47:52.0992 0x1dfc MRxDAV - ok
09:47:53.0004 0x1dfc mrxsmb - ok
09:47:53.0046 0x1dfc mrxsmb10 - ok
09:47:53.0088 0x1dfc mrxsmb20 - ok
09:47:53.0119 0x1dfc MsBridge - ok
09:47:53.0156 0x1dfc MSDTC - ok
09:47:53.0190 0x1dfc Msfs - ok
09:47:53.0208 0x1dfc msgpiowin32 - ok
09:47:53.0212 0x1dfc mshidkmdf - ok
09:47:53.0222 0x1dfc mshidumdf - ok
09:47:53.0226 0x1dfc msisadrv - ok
09:47:53.0261 0x1dfc MSiSCSI - ok
09:47:53.0267 0x1dfc msiserver - ok
09:47:53.0281 0x1dfc MSKSSRV - ok
09:47:53.0292 0x1dfc MsLldp - ok
09:47:53.0296 0x1dfc MSPCLOCK - ok
09:47:53.0301 0x1dfc MSPQM - ok
09:47:53.0305 0x1dfc MsRPC - ok
09:47:53.0355 0x1dfc mssmbios - ok
09:47:53.0360 0x1dfc MSTEE - ok
09:47:53.0377 0x1dfc MTConfig - ok
09:47:53.0390 0x1dfc Mup - ok
09:47:53.0395 0x1dfc mvumis - ok
09:47:53.0417 0x1dfc NativeWifiP - ok
09:47:53.0449 0x1dfc NcaSvc - ok
09:47:53.0502 0x1dfc NcbService - ok
09:47:53.0523 0x1dfc NcdAutoSetup - ok
09:47:53.0543 0x1dfc ndfltr - ok
09:47:53.0550 0x1dfc NDIS - ok
09:47:53.0555 0x1dfc NdisCap - ok
09:47:53.0573 0x1dfc NdisImPlatform - ok
09:47:53.0576 0x1dfc NdisTapi - ok
09:47:53.0582 0x1dfc Ndisuio - ok
09:47:53.0602 0x1dfc NdisVirtualBus - ok
09:47:53.0620 0x1dfc NdisWan - ok
09:47:53.0625 0x1dfc ndiswanlegacy - ok
09:47:53.0628 0x1dfc ndproxy - ok
09:47:53.0636 0x1dfc Ndu - ok
09:47:53.0643 0x1dfc NetAdapterCx - ok
09:47:53.0650 0x1dfc NetBIOS - ok
09:47:53.0659 0x1dfc NetBT - ok
09:47:53.0667 0x1dfc Netlogon - ok
09:47:53.0695 0x1dfc Netman - ok
09:47:53.0744 0x1dfc netprofm - ok
09:47:53.0776 0x1dfc NetSetupSvc - ok
09:47:54.0270 0x1dfc NetTcpPortSharing - ok
09:47:54.0360 0x1dfc NgcCtnrSvc - ok
09:47:54.0397 0x1dfc NgcSvc - ok
09:47:54.0440 0x1dfc NlaSvc - ok
09:47:54.0498 0x1dfc Npfs - ok
09:47:54.0545 0x1dfc npsvctrig - ok
09:47:54.0556 0x1dfc nsi - ok
09:47:54.0571 0x1dfc nsiproxy - ok
09:47:54.0608 0x1dfc NTFS - ok
09:47:54.0633 0x1dfc Null - ok
09:47:54.0667 0x1dfc nvraid - ok
09:47:54.0715 0x1dfc nvstor - ok
09:47:54.0759 0x1dfc OneSyncSvc - ok
09:47:54.0855 0x1dfc [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:47:54.0901 0x1dfc ose64 - ok
09:47:56.0031 0x1dfc [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:47:56.0252 0x1dfc osppsvc - ok
09:47:56.0303 0x1dfc p2pimsvc - ok
09:47:56.0334 0x1dfc p2psvc - ok
09:47:56.0338 0x1dfc Parport - ok
09:47:56.0399 0x1dfc partmgr - ok
09:47:56.0409 0x1dfc PcaSvc - ok
09:47:56.0433 0x1dfc pci - ok
09:47:56.0437 0x1dfc pciide - ok
09:47:56.0451 0x1dfc pcmcia - ok
09:47:56.0472 0x1dfc pcw - ok
09:47:56.0502 0x1dfc pdc - ok
09:47:56.0554 0x1dfc PEAUTH - ok
09:47:56.0580 0x1dfc percsas2i - ok
09:47:56.0585 0x1dfc percsas3i - ok
09:47:57.0146 0x1dfc PerfHost - ok
09:47:57.0263 0x1dfc PhoneSvc - ok
09:47:57.0331 0x1dfc PimIndexMaintenanceSvc - ok
09:47:57.0393 0x1dfc pla - ok
09:47:57.0411 0x1dfc PlugPlay - ok
09:47:57.0432 0x1dfc PNRPAutoReg - ok
09:47:57.0437 0x1dfc PNRPsvc - ok
09:47:57.0473 0x1dfc PolicyAgent - ok
09:47:57.0480 0x1dfc Power - ok
09:47:57.0509 0x1dfc PptpMiniport - ok
09:47:58.0425 0x1dfc [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
09:47:58.0865 0x1dfc PrintNotify - ok
09:47:58.0898 0x1dfc Processor - ok
09:47:58.0940 0x1dfc ProfSvc - ok
09:47:58.0947 0x1dfc Psched - ok
09:47:58.0995 0x1dfc QWAVE - ok
09:47:59.0031 0x1dfc QWAVEdrv - ok
09:47:59.0049 0x1dfc RasAcd - ok
09:47:59.0085 0x1dfc RasAgileVpn - ok
09:47:59.0113 0x1dfc RasAuto - ok
09:47:59.0118 0x1dfc Rasl2tp - ok
09:47:59.0138 0x1dfc RasMan - ok
09:47:59.0143 0x1dfc RasPppoe - ok
09:47:59.0148 0x1dfc RasSstp - ok
09:47:59.0183 0x1dfc rdbss - ok
09:47:59.0235 0x1dfc rdpbus - ok
09:47:59.0239 0x1dfc RDPDR - ok
09:47:59.0288 0x1dfc RdpVideoMiniport - ok
09:47:59.0305 0x1dfc rdyboost - ok
09:48:00.0151 0x1dfc [ F1D9E7B84A123F8861F63A2AE1E9F144, 7A56188DE148525B23617F8DA4AD49A88FA1BFC48641ED5065896C4408DA44ED ] ReflectService.exe C:\Program Files\Recovery\Macrium\ReflectService.exe
09:48:00.0310 0x1dfc ReflectService.exe - ok
09:48:00.0318 0x1dfc ReFSv1 - ok
09:48:00.0349 0x1dfc RemoteAccess - ok
09:48:00.0407 0x1dfc RemoteRegistry - ok
09:48:00.0482 0x1dfc RetailDemo - ok
09:48:00.0498 0x1dfc RmSvc - ok
09:48:00.0552 0x1dfc RpcEptMapper - ok
09:48:00.0577 0x1dfc RpcLocator - ok
09:48:00.0616 0x1dfc RpcSs - ok
09:48:00.0642 0x1dfc rspndr - ok
09:48:00.0754 0x1dfc [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
09:48:00.0772 0x1dfc RTSUER - ok
09:48:00.0812 0x1dfc s3cap - ok
09:48:01.0018 0x1dfc SamSs - ok
09:48:01.0125 0x1dfc [ D95D61869CE6A7F916E53F82E4C7917D, 423BCDFBCD5C670D13F1C390DF6CA83C91137C8FCBD2A07BE03DDD823E8CAB4F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
09:48:01.0141 0x1dfc SbieDrv - ok
09:48:01.0214 0x1dfc [ 8F237507759186A689450BD9B8CAB7AC, C08A26CE02872281E8C186A0824552DB9A3286D041ADAFBF3F977BBE0EBC266B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
09:48:01.0229 0x1dfc SbieSvc - ok
09:48:01.0300 0x1dfc sbp2port - ok
09:48:01.0366 0x1dfc SCardSvr - ok
09:48:01.0407 0x1dfc ScDeviceEnum - ok
09:48:01.0454 0x1dfc scfilter - ok
09:48:01.0468 0x1dfc Schedule - ok
09:48:01.0473 0x1dfc scmbus - ok
09:48:01.0488 0x1dfc scmdisk0101 - ok
09:48:01.0516 0x1dfc SCPolicySvc - ok
09:48:01.0578 0x1dfc [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus C:\WINDOWS\System32\drivers\ScpVBus.sys
09:48:01.0587 0x1dfc ScpVBus - ok
09:48:01.0657 0x1dfc sdbus - ok
09:48:01.0699 0x1dfc SDRSVC - ok
09:48:01.0715 0x1dfc sdstor - ok
09:48:01.0728 0x1dfc seclogon - ok
09:48:01.0746 0x1dfc SENS - ok
09:48:01.0848 0x1dfc SensorDataService - ok
09:48:01.0908 0x1dfc SensorService - ok
09:48:01.0935 0x1dfc SensrSvc - ok
09:48:01.0939 0x1dfc SerCx - ok
09:48:01.0987 0x1dfc SerCx2 - ok
09:48:02.0022 0x1dfc Serenum - ok
09:48:02.0027 0x1dfc Serial - ok
09:48:02.0033 0x1dfc sermouse - ok
09:48:02.0073 0x1dfc SessionEnv - ok
09:48:02.0095 0x1dfc sfloppy - ok
09:48:02.0160 0x1dfc SharedAccess - ok
09:48:02.0173 0x1dfc ShellHWDetection - ok
09:48:02.0201 0x1dfc shpamsvc - ok
09:48:02.0225 0x1dfc SiSRaid2 - ok
09:48:02.0230 0x1dfc SiSRaid4 - ok
09:48:02.0414 0x1dfc [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:48:02.0434 0x1dfc SkypeUpdate - ok
09:48:02.0528 0x1dfc [ AF9CA3A881483E6999CB2764BDAD3414, 95D6F7DA34DAD2CC1E4BC0B0867FA7E90293FB082EE0372DF5FE663E2AFD7AA4 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
09:48:02.0542 0x1dfc SmbDrvI - ok
09:48:02.0599 0x1dfc smphost - ok
09:48:02.0732 0x1dfc SmsRouter - ok
09:48:02.0807 0x1dfc SNMPTRAP - ok
09:48:02.0934 0x1dfc spaceport - ok
09:48:02.0938 0x1dfc SpbCx - ok
09:48:02.0952 0x1dfc Spooler - ok
09:48:03.0058 0x1dfc sppsvc - ok
09:48:03.0116 0x1dfc srv - ok
09:48:03.0157 0x1dfc srv2 - ok
09:48:03.0201 0x1dfc srvnet - ok
09:48:03.0237 0x1dfc SSDPSRV - ok
09:48:03.0299 0x1dfc SstpSvc - ok
09:48:03.0401 0x1dfc StateRepository - ok
09:48:03.0984 0x1dfc [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:48:04.0109 0x1dfc Steam Client Service - ok
09:48:04.0168 0x1dfc stexstor - ok
09:48:04.0210 0x1dfc stisvc - ok
09:48:04.0216 0x1dfc storahci - ok
09:48:04.0232 0x1dfc storflt - ok
09:48:04.0275 0x1dfc stornvme - ok
09:48:04.0305 0x1dfc storqosflt - ok
09:48:04.0383 0x1dfc StorSvc - ok
09:48:04.0389 0x1dfc storufs - ok
09:48:04.0395 0x1dfc storvsc - ok
09:48:04.0410 0x1dfc svsvc - ok
09:48:04.0423 0x1dfc swenum - ok
09:48:04.0427 0x1dfc swprv - ok
09:48:04.0489 0x1dfc Synth3dVsc - ok
09:48:04.0526 0x1dfc SysMain - ok
09:48:04.0600 0x1dfc SystemEventsBroker - ok
09:48:04.0637 0x1dfc TabletInputService - ok
09:48:04.0696 0x1dfc [ 876F4A55F3F5319132E3AC8DC7E75EF8, 2A347F168D406700E83F8BE39BB74E656ADD487018A73F0F4316348CD03C9F36 ] tap0901t C:\WINDOWS\System32\drivers\tap0901t.sys
09:48:04.0711 0x1dfc tap0901t - ok
09:48:04.0731 0x1dfc TapiSrv - ok
09:48:04.0766 0x1dfc Tcpip - ok
09:48:04.0771 0x1dfc Tcpip6 - ok
09:48:04.0779 0x1dfc tcpipreg - ok
09:48:04.0821 0x1dfc tdx - ok
09:48:05.0080 0x1dfc [ 1A4B1847BD8C7079C3A6C873342CC84A, E49E60896C6726EB8F8EE3A443B839AA6A6E802919C7D102DD820AD7C3DDA32C ] Te.Service C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
09:48:05.0171 0x1dfc Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
09:48:05.0253 0x1dfc Detect skipped due to KSN trusted
09:48:05.0253 0x1dfc Te.Service - ok
09:48:05.0298 0x1dfc terminpt - ok
09:48:05.0337 0x1dfc TermService - ok
09:48:05.0381 0x1dfc Themes - ok
09:48:05.0416 0x1dfc TieringEngineService - ok
09:48:05.0448 0x1dfc tiledatamodelsvc - ok
09:48:05.0474 0x1dfc TimeBrokerSvc - ok
09:48:05.0513 0x1dfc TPM - ok
09:48:05.0546 0x1dfc TrkWks - ok
09:48:05.0650 0x1dfc TrustedInstaller - ok
09:48:05.0656 0x1dfc tsusbflt - ok
09:48:05.0678 0x1dfc TsUsbGD - ok
09:48:05.0732 0x1dfc tunnel - ok
09:48:05.0928 0x1dfc [ E775DAF583CFF96F81306A4A93E501FE, C6F54D6D524CA3D3872C7BD53904A203F55C99EF93E08077183192587BE32D86 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
09:48:05.0962 0x1dfc TunngleService - ok
09:48:06.0318 0x1dfc tzautoupdate - ok
09:48:06.0322 0x1dfc UASPStor - ok
09:48:06.0328 0x1dfc UcmCx0101 - ok
09:48:06.0445 0x1dfc UcmTcpciCx0101 - ok
09:48:06.0453 0x1dfc UcmUcsi - ok
09:48:06.0476 0x1dfc Ucx01000 - ok
09:48:06.0482 0x1dfc UdeCx - ok
09:48:06.0487 0x1dfc udfs - ok
09:48:06.0513 0x1dfc UEFI - ok
09:48:06.0568 0x1dfc Ufx01000 - ok
09:48:06.0587 0x1dfc UfxChipidea - ok
09:48:06.0592 0x1dfc ufxsynopsys - ok
09:48:06.0683 0x1dfc UI0Detect - ok
09:48:06.0702 0x1dfc umbus - ok
09:48:06.0724 0x1dfc UmPass - ok
09:48:06.0761 0x1dfc UmRdpService - ok
09:48:06.0803 0x1dfc UnistoreSvc - ok
09:48:06.0835 0x1dfc upnphost - ok
09:48:06.0839 0x1dfc UrsChipidea - ok
09:48:06.0880 0x1dfc UrsCx01000 - ok
09:48:06.0887 0x1dfc UrsSynopsys - ok
09:48:06.0893 0x1dfc usbccgp - ok
09:48:06.0921 0x1dfc usbcir - ok
09:48:06.0934 0x1dfc usbehci - ok
09:48:06.0938 0x1dfc usbhub - ok
09:48:06.0992 0x1dfc USBHUB3 - ok
09:48:06.0997 0x1dfc usbohci - ok
09:48:07.0003 0x1dfc usbprint - ok
09:48:07.0018 0x1dfc usbser - ok
09:48:07.0030 0x1dfc USBSTOR - ok
09:48:07.0037 0x1dfc usbuhci - ok
09:48:07.0082 0x1dfc usbvideo - ok
09:48:07.0125 0x1dfc USBXHCI - ok
09:48:07.0183 0x1dfc UserDataSvc - ok
09:48:07.0288 0x1dfc UserManager - ok
09:48:07.0333 0x1dfc UsoSvc - ok
09:48:07.0338 0x1dfc VaultSvc - ok
09:48:07.0369 0x1dfc vdrvroot - ok
09:48:07.0405 0x1dfc vds - ok
09:48:07.0410 0x1dfc VerifierExt - ok
09:48:07.0436 0x1dfc vhdmp - ok
09:48:07.0441 0x1dfc vhf - ok
09:48:07.0462 0x1dfc vmbus - ok
09:48:07.0468 0x1dfc VMBusHID - ok
09:48:07.0499 0x1dfc vmgid - ok
09:48:07.0534 0x1dfc vmicguestinterface - ok
09:48:07.0539 0x1dfc vmicheartbeat - ok
09:48:07.0546 0x1dfc vmickvpexchange - ok
09:48:07.0558 0x1dfc vmicrdv - ok
09:48:07.0566 0x1dfc vmicshutdown - ok
09:48:07.0577 0x1dfc vmictimesync - ok
09:48:07.0586 0x1dfc vmicvmsession - ok
09:48:07.0593 0x1dfc vmicvss - ok
09:48:07.0617 0x1dfc volmgr - ok
09:48:07.0623 0x1dfc volmgrx - ok
09:48:07.0639 0x1dfc volsnap - ok
09:48:07.0655 0x1dfc volume - ok
09:48:07.0712 0x1dfc vpci - ok
09:48:07.0717 0x1dfc vsmraid - ok
09:48:07.0750 0x1dfc VSS - ok
09:48:07.0770 0x1dfc VSTXRAID - ok
09:48:07.0793 0x1dfc vwifibus - ok
09:48:07.0799 0x1dfc vwififlt - ok
09:48:07.0809 0x1dfc vwifimp - ok
09:48:07.0894 0x1dfc W32Time - ok
09:48:07.0932 0x1dfc WacomPen - ok
09:48:08.0041 0x1dfc WalletService - ok
09:48:08.0053 0x1dfc wanarp - ok
09:48:08.0059 0x1dfc wanarpv6 - ok
09:48:08.0094 0x1dfc wbengine - ok
09:48:08.0116 0x1dfc WbioSrvc - ok
09:48:08.0187 0x1dfc wcifs - ok
09:48:08.0209 0x1dfc Wcmsvc - ok
09:48:08.0223 0x1dfc wcncsvc - ok
09:48:08.0228 0x1dfc wcnfs - ok
09:48:08.0235 0x1dfc WdBoot - ok
09:48:08.0241 0x1dfc Wdf01000 - ok
09:48:08.0255 0x1dfc WdFilter - ok
09:48:08.0276 0x1dfc WdiServiceHost - ok
09:48:08.0281 0x1dfc WdiSystemHost - ok
09:48:08.0289 0x1dfc wdiwifi - ok
09:48:08.0295 0x1dfc WdNisDrv - ok
09:48:08.0361 0x1dfc WdNisSvc - ok
09:48:08.0389 0x1dfc WebClient - ok
09:48:08.0433 0x1dfc Wecsvc - ok
09:48:08.0463 0x1dfc WEPHOSTSVC - ok
09:48:08.0501 0x1dfc wercplsupport - ok
09:48:08.0519 0x1dfc WerSvc - ok
09:48:08.0528 0x1dfc WFPLWFS - ok
09:48:08.0536 0x1dfc WiaRpc - ok
09:48:08.0565 0x1dfc WIMMount - ok
09:48:08.0570 0x1dfc WinDefend - ok
09:48:08.0623 0x1dfc WindowsTrustedRT - ok
09:48:08.0627 0x1dfc WindowsTrustedRTProxy - ok
09:48:08.0689 0x1dfc WinHttpAutoProxySvc - ok
09:48:08.0758 0x1dfc WinMad - ok
09:48:08.0790 0x1dfc Winmgmt - ok
09:48:08.0803 0x1dfc WinRM - ok
09:48:08.0829 0x1dfc WINUSB - ok
09:48:08.0844 0x1dfc WinVerbs - ok
09:48:08.0930 0x1dfc wisvc - ok
09:48:08.0998 0x1dfc WlanSvc - ok
09:48:09.0054 0x1dfc wlidsvc - ok
09:48:09.0059 0x1dfc WmiAcpi - ok
09:48:09.0094 0x1dfc wmiApSrv - ok
09:48:09.0125 0x1dfc WMPNetworkSvc - ok
09:48:09.0138 0x1dfc Wof - ok
09:48:09.0155 0x1dfc workfolderssvc - ok
09:48:09.0168 0x1dfc WPDBusEnum - ok
09:48:09.0212 0x1dfc WpdUpFltr - ok
09:48:09.0236 0x1dfc WpnService - ok
09:48:09.0243 0x1dfc WpnUserService - ok
09:48:09.0276 0x1dfc ws2ifsl - ok
09:48:09.0297 0x1dfc wscsvc - ok
09:48:09.0329 0x1dfc WSDPrintDevice - ok
09:48:09.0404 0x1dfc WSDScan - ok
09:48:09.0411 0x1dfc WSearch - ok
09:48:09.0471 0x1dfc wuauserv - ok
09:48:09.0476 0x1dfc WudfPf - ok
09:48:09.0482 0x1dfc WUDFRd - ok
09:48:09.0517 0x1dfc wudfsvc - ok
09:48:09.0526 0x1dfc WUDFWpdFs - ok
09:48:09.0604 0x1dfc WwanSvc - ok
09:48:09.0644 0x1dfc XblAuthManager - ok
09:48:09.0680 0x1dfc XblGameSave - ok
09:48:09.0712 0x1dfc xboxgip - ok
09:48:09.0765 0x1dfc XboxNetApiSvc - ok
09:48:09.0845 0x1dfc [ 65343781331B6AE59E01C4C337682DE4, 738D00277B9137BF3D7C427E41B7835AF41388CF6C04D494CA4525F96CF7F0CC ] xhunter1 C:\WINDOWS\xhunter1.sys
09:48:09.0907 0x1dfc xhunter1 - ok
09:48:09.0922 0x1dfc xinputhid - ok
09:48:09.0931 0x1dfc ================ Scan global ===============================
09:48:10.0075 0x1dfc [ Global ] - ok
09:48:10.0075 0x1dfc ================ Scan MBR ==================================
09:48:10.0137 0x1dfc [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:48:24.0021 0x1dfc \Device\Harddisk0\DR0 - ok
09:48:24.0022 0x1dfc ================ Scan VBR ==================================
09:48:24.0034 0x1dfc [ D8393C0DAD999B3D1B1E6EB915DF2D89 ] \Device\Harddisk0\DR0\Partition1
09:48:24.0049 0x1dfc \Device\Harddisk0\DR0\Partition1 - ok
09:48:24.0061 0x1dfc [ 05B046D7D4313F6540B14AAA0C888290 ] \Device\Harddisk0\DR0\Partition2
09:48:24.0100 0x1dfc \Device\Harddisk0\DR0\Partition2 - ok
09:48:24.0101 0x1dfc ================ Scan generic autorun ======================
09:48:24.0129 0x1dfc ETDCtrl - ok
09:48:24.0957 0x1dfc [ BF225BCD0EC2D85719C382019B5B4250, 7FE5A85209BD930FC1622600AB74E59854488986AA052A0D03D5FC7B361F247D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:48:25.0347 0x1dfc RTHDVCPL - ok
09:48:25.0437 0x1dfc [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
09:48:27.0275 0x1dfc IgfxTray - ok
09:48:27.0320 0x1dfc [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
09:48:27.0344 0x1dfc HotKeysCmds - ok
09:48:27.0392 0x1dfc [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
09:48:27.0420 0x1dfc Persistence - ok
09:48:27.0613 0x1dfc [ 0FCF03482EA4AAA23E663E047CA48D41, 728156EEDAA37F41C11F141571F1136AD1599E151E9E11462568B3A7759DF984 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
09:48:27.0674 0x1dfc COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - ok
09:48:27.0808 0x1dfc [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:48:27.0826 0x1dfc BCSSync - ok
09:48:28.0196 0x1dfc [ 739D7E0025F5CE97309695D3081E3823, 46A4B51123992B2FA3DF51F80C3E9E7118C6CCB6A68B6EDA3585BF87208B7DFC ] C:\Program Files\AMD\CNext\CNext\cnext.exe
09:48:28.0337 0x1dfc StartCN - ok
09:48:28.0436 0x1dfc [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:48:28.0468 0x1dfc SunJavaUpdateSched - ok
09:48:28.0722 0x1dfc OneDriveSetup - ok
09:48:28.0725 0x1dfc OneDriveSetup - ok
09:48:28.0966 0x1dfc [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\OneDrive.exe
09:48:28.0992 0x1dfc OneDrive - ok
09:48:29.0237 0x1dfc [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
09:48:29.0350 0x1dfc Steam - ok
09:48:29.0572 0x1dfc [ 330049982A6CF1A2A0500E8E620889D3, 81A804621F9FAD520CB47FC084F6BD4EF2697E1FB8AF30596303089597FE7C2C ] C:\Users\Oliver\AppData\Roaming\Spotify\SpotifyWebHelper.exe
09:48:29.0625 0x1dfc Spotify Web Helper - ok
09:48:29.0704 0x1dfc [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
09:48:29.0852 0x1dfc SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
09:48:29.0976 0x1dfc Detect skipped due to KSN trusted
09:48:29.0976 0x1dfc SpybotPostWindows10UpgradeReInstall - ok
09:48:30.0655 0x1dfc [ 8A793A1618B8C37FC70E85DC03E9567D, 568156DB22BB9E3411923BD3417C1E8BAFC641FB82C298FCFAAD8708BE8E7DF3 ] C:\Users\Oliver\AppData\Roaming\Spotify\Spotify.exe
09:48:30.0952 0x1dfc Spotify - ok
09:48:31.0017 0x1dfc Skype - ok
09:48:31.0995 0x1dfc [ 63405C389EB81881D68AEEB0E05F3F7D, BBE8D64C600A6FCA4BF4B89EF39B551DEB8ED826C33FD6FB2C7E2F7D773AB0E2 ] C:\Program Files\CCleaner\CCleaner64.exe
09:48:32.0353 0x1dfc CCleaner Monitoring - ok
09:48:32.0512 0x1dfc [ 1D37F21A8295466B831E446F3C3082B8, 680B2D309DB4318AD1619537233C70869B3C878FF161999838DDC37801BCC77D ] C:\Program Files\Sandboxie\SbieCtrl.exe
09:48:32.0543 0x1dfc SandboxieControl - ok
09:48:35.0647 0x1dfc Uninstall C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 - ok
09:48:35.0726 0x1dfc AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled : outofdate )
09:48:35.0726 0x1dfc AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
09:48:35.0728 0x1dfc FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled )
09:48:35.0845 0x1dfc ============================================================
09:48:35.0845 0x1dfc Scan finished
09:48:35.0845 0x1dfc ============================================================
09:48:35.0856 0x0fd4 Detected object count: 0
09:48:35.0856 0x0fd4 Actual detected object count: 0
09:48:43.0536 0x1978 ============================================================
09:48:43.0536 0x1978 Scan started
09:48:43.0536 0x1978 Mode: Manual; SigCheck; TDLFS;
09:48:43.0536 0x1978 ============================================================
09:48:43.0536 0x1978 KSN ping started
09:48:43.0603 0x1978 KSN ping finished: true
09:48:45.0354 0x1978 ================ Scan system memory ========================
09:48:45.0355 0x1978 System memory - ok
09:48:45.0355 0x1978 ================ Scan services =============================
09:48:48.0551 0x1978 1394ohci - ok
09:48:48.0556 0x1978 3ware - ok
09:48:48.0587 0x1978 ACPI - ok
09:48:48.0592 0x1978 AcpiDev - ok
09:48:48.0596 0x1978 acpiex - ok
09:48:48.0607 0x1978 acpipagr - ok
09:48:48.0644 0x1978 AcpiPmi - ok
09:48:48.0659 0x1978 acpitime - ok
09:48:48.0841 0x1978 [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:48:48.0855 0x1978 AdobeARMservice - ok
09:48:49.0912 0x1978 [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:48:49.0937 0x1978 AdobeFlashPlayerUpdateSvc - ok
09:48:49.0973 0x1978 ADP80XX - ok
09:48:49.0981 0x1978 AFD - ok
09:48:50.0211 0x1978 [ E20C1118524DF19945BCD83A3843E8CF, 90C87096E9E2595DAA503CFD9C24D7D8F9CB2D567ACAB06FBF5527C8A6059409 ] AGSService C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
09:48:50.0274 0x1978 AGSService - ok
09:48:50.0296 0x1978 ahcache - ok
09:48:50.0322 0x1978 AJRouter - ok
09:48:50.0353 0x1978 ALG - ok
09:48:50.0397 0x1978 [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
09:48:50.0423 0x1978 AMD External Events Utility - ok
09:48:50.0440 0x1978 AmdK8 - ok
09:48:50.0451 0x1978 amdkmdag - ok
09:48:50.0556 0x1978 [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap C:\WINDOWS\system32\DRIVERS\atikmpag.sys
09:48:50.0596 0x1978 amdkmdap - ok
09:48:50.0624 0x1978 AmdPPM - ok
09:48:50.0628 0x1978 amdsata - ok
09:48:50.0641 0x1978 amdsbs - ok
09:48:50.0646 0x1978 amdxata - ok
09:48:50.0649 0x1978 AppID - ok
09:48:50.0667 0x1978 AppIDSvc - ok
09:48:50.0683 0x1978 Appinfo - ok
09:48:50.0702 0x1978 applockerfltr - ok
09:48:50.0737 0x1978 AppReadiness - ok
09:48:50.0772 0x1978 AppXSvc - ok
09:48:50.0818 0x1978 arcsas - ok
09:48:51.0056 0x1978 aspnet_state - ok
09:48:51.0060 0x1978 AsyncMac - ok
09:48:51.0084 0x1978 atapi - ok
09:48:51.0131 0x1978 athr - ok
09:48:51.0193 0x1978 AudioEndpointBuilder - ok
09:48:51.0227 0x1978 Audiosrv - ok
09:48:51.0233 0x1978 AxInstSV - ok
09:48:51.0250 0x1978 b06bdrv - ok
09:48:51.0259 0x1978 BasicDisplay - ok
09:48:51.0265 0x1978 BasicRender - ok
09:48:51.0274 0x1978 bcmfn - ok
09:48:51.0279 0x1978 bcmfn2 - ok
09:48:51.0306 0x1978 BDESVC - ok
09:48:51.0318 0x1978 Beep - ok
09:48:51.0340 0x1978 BFE - ok
09:48:51.0393 0x1978 BITS - ok
09:48:51.0490 0x1978 bowser - ok
09:48:51.0524 0x1978 BrokerInfrastructure - ok
09:48:51.0537 0x1978 Browser - ok
09:48:51.0579 0x1978 BthAvrcpTg - ok
09:48:51.0604 0x1978 BthHFEnum - ok
09:48:51.0617 0x1978 bthhfhid - ok
09:48:51.0662 0x1978 BthHFSrv - ok
09:48:51.0671 0x1978 BTHMODEM - ok
09:48:51.0682 0x1978 bthserv - ok
09:48:51.0718 0x1978 buttonconverter - ok
09:48:51.0733 0x1978 CapImg - ok
09:48:51.0740 0x1978 cdfs - ok
09:48:51.0759 0x1978 CDPSvc - ok
09:48:51.0782 0x1978 CDPUserSvc - ok
09:48:51.0849 0x1978 cdrom - ok
09:48:51.0868 0x1978 CertPropSvc - ok
09:48:51.0907 0x1978 cht4iscsi - ok
09:48:51.0917 0x1978 cht4vbd - ok
09:48:51.0991 0x1978 circlass - ok
09:48:51.0996 0x1978 CLFS - ok
09:48:52.0003 0x1978 ClipSVC - ok
09:48:52.0008 0x1978 clreg - ok
09:48:52.0023 0x1978 CmBatt - ok
09:48:52.0691 0x1978 [ 7DFC16B25788C97F3E9C42B1FCAC0A67, D729D138CAAE8295B750A48F8A9806F4C54224BEF4A5260EDDB5B1D959FC9CFF ] CmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:48:52.0924 0x1978 CmdAgent - ok
09:48:53.0002 0x1978 [ EAE2829CFBE8A84E3CC2A1451966E74F, 621AEA870D79A99FBA1339AA8C105A65ED3194E082DFFC33EA7513C0E5C453B5 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
09:48:53.0012 0x1978 cmderd - ok
09:48:53.0098 0x1978 [ 08400F4E1D6F586EE7C4136C4CB4B1D8, 629FED82F975BC18FCAA9E6B19C5A3CA42DAF2C2F9B383590987A62747707D74 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:48:53.0195 0x1978 cmdGuard - ok
09:48:53.0265 0x1978 [ 752041CFBE3C0EEA5BC4E9F0E98F7929, A88C70610E242B0F3E459A0926A44D6F2CB179C741313D9B4602A48559E313ED ] cmdhlp C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:48:53.0284 0x1978 cmdhlp - ok
09:48:53.0650 0x1978 [ 084A29576C98C45E836CC977C1D311FD, BE01F6A181AB43590C15271E09BEC9B2CF14A011E7A8EE226CA1A2E6C874B39B ] cmdvirth C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
09:48:54.0908 0x1978 cmdvirth - ok
09:48:55.0095 0x1978 CNG - ok
09:48:55.0101 0x1978 cnghwassist - ok
09:48:55.0613 0x1978 CompositeBus - ok
09:48:55.0619 0x1978 COMSysApp - ok
09:48:55.0928 0x1978 condrv - ok
09:48:55.0990 0x1978 CoreMessagingRegistrar - ok
09:48:56.0724 0x1978 [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
09:48:56.0750 0x1978 cphs - ok
09:48:56.0768 0x1978 CryptSvc - ok
09:48:56.0782 0x1978 dam - ok
09:48:56.0817 0x1978 DcomLaunch - ok
09:48:56.0853 0x1978 DcpSvc - ok
09:48:56.0871 0x1978 defragsvc - ok
09:48:56.0927 0x1978 DeviceAssociationService - ok
09:48:56.0942 0x1978 DeviceInstall - ok
09:48:56.0960 0x1978 DevQueryBroker - ok
09:48:56.0983 0x1978 Dfsc - ok
09:48:56.0988 0x1978 Dhcp - ok
09:48:57.0056 0x1978 diagnosticshub.standardcollector.service - ok
09:48:57.0084 0x1978 DiagTrack - ok
09:48:57.0107 0x1978 disk - ok
09:48:57.0142 0x1978 DmEnrollmentSvc - ok
09:48:57.0177 0x1978 dmvsc - ok
09:48:57.0207 0x1978 dmwappushservice - ok
09:48:57.0212 0x1978 Dnscache - ok
09:48:57.0224 0x1978 dot3svc - ok
09:48:57.0245 0x1978 DPS - ok
09:48:57.0268 0x1978 drmkaud - ok
09:48:57.0315 0x1978 DsmSvc - ok
09:48:57.0331 0x1978 DsSvc - ok
09:48:57.0350 0x1978 DXGKrnl - ok
09:48:57.0363 0x1978 EapHost - ok
09:48:57.0381 0x1978 ebdrv - ok
09:48:57.0416 0x1978 EFS - ok
09:48:57.0440 0x1978 EhStorClass - ok
09:48:57.0489 0x1978 EhStorTcgDrv - ok
09:48:57.0522 0x1978 embeddedmode - ok
09:48:57.0534 0x1978 EntAppSvc - ok
09:48:57.0544 0x1978 ErrDev - ok
09:48:57.0664 0x1978 [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD C:\WINDOWS\system32\DRIVERS\ETD.sys
09:48:57.0700 0x1978 ETD - ok
09:48:57.0753 0x1978 [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService C:\Program Files\Elantech\ETDService.exe
09:48:57.0769 0x1978 ETDService - ok
09:48:57.0827 0x1978 EventSystem - ok
09:48:57.0832 0x1978 exfat - ok
09:48:57.0850 0x1978 fastfat - ok
09:48:57.0861 0x1978 Fax - ok
09:48:57.0885 0x1978 fdc - ok
09:48:57.0898 0x1978 fdPHost - ok
09:48:57.0909 0x1978 FDResPub - ok
09:48:57.0917 0x1978 fhsvc - ok
09:48:57.0980 0x1978 FileCrypt - ok
09:48:57.0984 0x1978 FileInfo - ok
09:48:57.0992 0x1978 Filetrace - ok
09:48:57.0995 0x1978 flpydisk - ok
09:48:57.0999 0x1978 FltMgr - ok
09:48:58.0016 0x1978 FontCache - ok
09:48:58.0170 0x1978 FontCache3.0.0.0 - ok
09:48:58.0209 0x1978 FrameServer - ok
09:48:58.0227 0x1978 FsDepends - ok
09:48:58.0231 0x1978 Fs_Rec - ok
09:48:58.0236 0x1978 fvevol - ok
09:48:58.0266 0x1978 gencounter - ok
09:48:58.0287 0x1978 genericusbfn - ok
09:48:58.0297 0x1978 GPIOClx0101 - ok
09:48:58.0325 0x1978 gpsvc - ok
09:48:58.0346 0x1978 GpuEnergyDrv - ok
09:48:58.0389 0x1978 [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi C:\WINDOWS\System32\drivers\Hamdrv.sys
09:48:58.0418 0x1978 Hamachi - ok
09:48:58.0431 0x1978 HdAudAddService - ok
09:48:58.0463 0x1978 HDAudBus - ok
09:48:58.0467 0x1978 HidBatt - ok
09:48:58.0476 0x1978 HidBth - ok
09:48:58.0500 0x1978 hidi2c - ok
09:48:58.0517 0x1978 hidinterrupt - ok
09:48:58.0564 0x1978 HidIr - ok
09:48:58.0592 0x1978 hidserv - ok
09:48:58.0640 0x1978 HidUsb - ok
09:48:58.0676 0x1978 HomeGroupListener - ok
09:48:58.0703 0x1978 HomeGroupProvider - ok
09:48:58.0717 0x1978 HpSAMD - ok
09:48:58.0723 0x1978 HTTP - ok
09:48:58.0843 0x1978 HvHost - ok
09:48:58.0886 0x1978 hvservice - ok
09:48:58.0890 0x1978 hwpolicy - ok
09:48:58.0919 0x1978 hyperkbd - ok
09:48:58.0932 0x1978 i8042prt - ok
09:48:58.0936 0x1978 iagpio - ok
09:48:58.0942 0x1978 iai2c - ok
09:48:58.0947 0x1978 iaLPSS2i_GPIO2 - ok
09:48:58.0959 0x1978 iaLPSS2i_I2C - ok
09:48:58.0973 0x1978 iaLPSSi_GPIO - ok
09:48:58.0998 0x1978 iaLPSSi_I2C - ok
09:48:59.0016 0x1978 iaStorAV - ok
09:48:59.0020 0x1978 iaStorV - ok
09:48:59.0031 0x1978 ibbus - ok
09:48:59.0057 0x1978 icssvc - ok
09:48:59.0627 0x1978 [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
09:48:59.0826 0x1978 igfx - ok
09:48:59.0859 0x1978 IKEEXT - ok
09:48:59.0902 0x1978 IndirectKmd - ok
09:48:59.0960 0x1978 [ 55BB2E54302416B9F7D2489FC16F7333, FD697F033D56DE76718A83514A468267235BE3AE1ECD2B5E7B8BCA1520699E7F ] inspect C:\WINDOWS\system32\DRIVERS\inspect.sys
09:48:59.0980 0x1978 inspect - ok
09:49:00.0348 0x1978 [ D172E06EFE08DF148155A59DB716C1B6, F059B0B37C5E944D70626E9F029BC6311029E0A9D778C9C75DDDDC59A5AF1605 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
09:49:00.0475 0x1978 IntcAzAudAddService - ok
09:49:00.0506 0x1978 intelide - ok
09:49:00.0510 0x1978 intelpep - ok
09:49:00.0514 0x1978 intelppm - ok
09:49:00.0518 0x1978 iorate - ok
09:49:00.0526 0x1978 IpFilterDriver - ok
09:49:00.0558 0x1978 iphlpsvc - ok
09:49:00.0608 0x1978 IPMIDRV - ok
09:49:00.0629 0x1978 IPNAT - ok
09:49:00.0832 0x1978 [ B76542085ABAD1AD4E5684F761DFC2EF, C6699B788D6E81E73519433F12BFD3B12C71A5EE2A12810697FE9C4350A179B3 ] IpOverUsbSvc C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
09:49:00.0849 0x1978 IpOverUsbSvc - ok
09:49:00.0853 0x1978 irda - ok
09:49:00.0857 0x1978 IRENUM - ok
09:49:00.0881 0x1978 irmon - ok
09:49:00.0919 0x1978 isapnp - ok
09:49:00.0933 0x1978 iScsiPrt - ok
09:49:00.0946 0x1978 kbdclass - ok
09:49:00.0951 0x1978 kbdhid - ok
09:49:00.0979 0x1978 kdnic - ok
09:49:00.0984 0x1978 KeyIso - ok
09:49:01.0009 0x1978 KSecDD - ok
09:49:01.0029 0x1978 KSecPkg - ok
09:49:01.0037 0x1978 ksthunk - ok
09:49:01.0062 0x1978 KtmRm - ok
09:49:01.0087 0x1978 L1C - ok
09:49:01.0107 0x1978 LanmanServer - ok
09:49:01.0128 0x1978 LanmanWorkstation - ok
09:49:01.0153 0x1978 lfsvc - ok
09:49:01.0219 0x1978 LicenseManager - ok
09:49:01.0240 0x1978 lltdio - ok
09:49:01.0267 0x1978 lltdsvc - ok
09:49:01.0291 0x1978 lmhosts - ok
09:49:01.0330 0x1978 LSI_SAS - ok
09:49:01.0334 0x1978 LSI_SAS2i - ok
09:49:01.0359 0x1978 LSI_SAS3i - ok
09:49:01.0371 0x1978 LSI_SSS - ok
09:49:01.0377 0x1978 LSM - ok
09:49:01.0382 0x1978 luafv - ok
09:49:01.0427 0x1978 MapsBroker - ok
09:49:01.0573 0x1978 megasas - ok
09:49:01.0592 0x1978 megasr - ok
09:49:01.0644 0x1978 [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64 C:\WINDOWS\System32\drivers\HECIx64.sys
09:49:01.0654 0x1978 MEIx64 - ok
09:49:01.0679 0x1978 MessagingService - ok
09:49:01.0804 0x1978 Microsoft SharePoint Workspace Audit Service - ok
09:49:01.0830 0x1978 mlx4_bus - ok
09:49:01.0853 0x1978 MMCSS - ok
09:49:01.0861 0x1978 Modem - ok
09:49:01.0898 0x1978 monitor - ok
09:49:01.0909 0x1978 mouclass - ok
09:49:01.0923 0x1978 mouhid - ok
09:49:01.0930 0x1978 mountmgr - ok
09:49:01.0936 0x1978 mpsdrv - ok
09:49:01.0947 0x1978 MpsSvc - ok
09:49:01.0969 0x1978 MRxDAV - ok
09:49:01.0978 0x1978 mrxsmb - ok
09:49:01.0999 0x1978 mrxsmb10 - ok
09:49:02.0019 0x1978 mrxsmb20 - ok
09:49:02.0040 0x1978 MsBridge - ok
09:49:02.0065 0x1978 MSDTC - ok
09:49:02.0095 0x1978 Msfs - ok
09:49:02.0108 0x1978 msgpiowin32 - ok
09:49:02.0112 0x1978 mshidkmdf - ok
09:49:02.0131 0x1978 mshidumdf - ok
09:49:02.0135 0x1978 msisadrv - ok
09:49:02.0159 0x1978 MSiSCSI - ok
09:49:02.0164 0x1978 msiserver - ok
09:49:02.0173 0x1978 MSKSSRV - ok
09:49:02.0191 0x1978 MsLldp - ok
09:49:02.0194 0x1978 MSPCLOCK - ok
09:49:02.0200 0x1978 MSPQM - ok
09:49:02.0209 0x1978 MsRPC - ok
09:49:02.0231 0x1978 mssmbios - ok
09:49:02.0235 0x1978 MSTEE - ok
09:49:02.0245 0x1978 MTConfig - ok
09:49:02.0256 0x1978 Mup - ok
09:49:02.0264 0x1978 mvumis - ok
09:49:02.0285 0x1978 NativeWifiP - ok
09:49:02.0313 0x1978 NcaSvc - ok
09:49:02.0345 0x1978 NcbService - ok
09:49:02.0353 0x1978 NcdAutoSetup - ok
09:49:02.0376 0x1978 ndfltr - ok
09:49:02.0406 0x1978 NDIS - ok
09:49:02.0415 0x1978 NdisCap - ok
09:49:02.0453 0x1978 NdisImPlatform - ok
09:49:02.0457 0x1978 NdisTapi - ok
09:49:02.0464 0x1978 Ndisuio - ok
09:49:02.0487 0x1978 NdisVirtualBus - ok
09:49:02.0497 0x1978 NdisWan - ok
09:49:02.0501 0x1978 ndiswanlegacy - ok
09:49:02.0506 0x1978 ndproxy - ok
09:49:02.0513 0x1978 Ndu - ok
09:49:02.0519 0x1978 NetAdapterCx - ok
09:49:02.0539 0x1978 NetBIOS - ok
09:49:02.0549 0x1978 NetBT - ok
09:49:02.0553 0x1978 Netlogon - ok
09:49:02.0570 0x1978 Netman - ok
09:49:02.0589 0x1978 netprofm - ok
09:49:02.0629 0x1978 NetSetupSvc - ok
09:49:02.0747 0x1978 NetTcpPortSharing - ok
09:49:02.0790 0x1978 NgcCtnrSvc - ok
09:49:02.0806 0x1978 NgcSvc - ok
09:49:02.0826 0x1978 NlaSvc - ok
09:49:02.0840 0x1978 Npfs - ok
09:49:02.0876 0x1978 npsvctrig - ok
09:49:02.0894 0x1978 nsi - ok
09:49:02.0902 0x1978 nsiproxy - ok
09:49:02.0929 0x1978 NTFS - ok
09:49:02.0941 0x1978 Null - ok
09:49:02.0976 0x1978 nvraid - ok
09:49:02.0990 0x1978 nvstor - ok
09:49:03.0023 0x1978 OneSyncSvc - ok
09:49:03.0107 0x1978 [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64 C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:03.0121 0x1978 ose64 - ok
09:49:03.0478 0x1978 [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:49:03.0619 0x1978 osppsvc - ok
09:49:03.0667 0x1978 p2pimsvc - ok
09:49:03.0709 0x1978 p2psvc - ok
09:49:03.0712 0x1978 Parport - ok
09:49:03.0730 0x1978 partmgr - ok
09:49:03.0737 0x1978 PcaSvc - ok
09:49:03.0820 0x1978 pci - ok
09:49:03.0824 0x1978 pciide - ok
09:49:03.0837 0x1978 pcmcia - ok
09:49:03.0851 0x1978 pcw - ok
09:49:03.0889 0x1978 pdc - ok
09:49:03.0918 0x1978 PEAUTH - ok
09:49:03.0964 0x1978 percsas2i - ok
09:49:03.0969 0x1978 percsas3i - ok
09:49:05.0523 0x1978 PerfHost - ok
09:49:05.0627 0x1978 PhoneSvc - ok
09:49:05.0684 0x1978 PimIndexMaintenanceSvc - ok
09:49:05.0710 0x1978 pla - ok
09:49:05.0730 0x1978 PlugPlay - ok
09:49:05.0768 0x1978 PNRPAutoReg - ok
09:49:05.0774 0x1978 PNRPsvc - ok
09:49:05.0792 0x1978 PolicyAgent - ok
09:49:05.0799 0x1978 Power - ok
09:49:05.0929 0x1978 PptpMiniport - ok
09:49:06.0750 0x1978 [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
09:49:06.0937 0x1978 PrintNotify - ok
09:49:06.0975 0x1978 Processor - ok
09:49:07.0016 0x1978 ProfSvc - ok
09:49:07.0020 0x1978 Psched - ok
09:49:07.0037 0x1978 QWAVE - ok
09:49:07.0062 0x1978 QWAVEdrv - ok
09:49:07.0084 0x1978 RasAcd - ok
09:49:07.0116 0x1978 RasAgileVpn - ok
09:49:07.0130 0x1978 RasAuto - ok
09:49:07.0135 0x1978 Rasl2tp - ok
09:49:07.0146 0x1978 RasMan - ok
09:49:07.0152 0x1978 RasPppoe - ok
09:49:07.0157 0x1978 RasSstp - ok
09:49:07.0181 0x1978 rdbss - ok
09:49:07.0221 0x1978 rdpbus - ok
09:49:07.0226 0x1978 RDPDR - ok
09:49:07.0262 0x1978 RdpVideoMiniport - ok
09:49:07.0295 0x1978 rdyboost - ok
09:49:07.0831 0x1978 [ F1D9E7B84A123F8861F63A2AE1E9F144, 7A56188DE148525B23617F8DA4AD49A88FA1BFC48641ED5065896C4408DA44ED ] ReflectService.exe C:\Program Files\Recovery\Macrium\ReflectService.exe
09:49:07.0936 0x1978 ReflectService.exe - ok
09:49:07.0945 0x1978 ReFSv1 - ok
09:49:07.0970 0x1978 RemoteAccess - ok
09:49:08.0005 0x1978 RemoteRegistry - ok
09:49:08.0050 0x1978 RetailDemo - ok
09:49:08.0063 0x1978 RmSvc - ok
09:49:08.0105 0x1978 RpcEptMapper - ok
09:49:08.0153 0x1978 RpcLocator - ok
09:49:08.0159 0x1978 RpcSs - ok
09:49:08.0208 0x1978 rspndr - ok
09:49:08.0275 0x1978 [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER C:\WINDOWS\system32\Drivers\RtsUer.sys
09:49:08.0306 0x1978 RTSUER - ok
09:49:08.0354 0x1978 s3cap - ok
09:49:08.0393 0x1978 SamSs - ok
09:49:08.0515 0x1978 [ D95D61869CE6A7F916E53F82E4C7917D, 423BCDFBCD5C670D13F1C390DF6CA83C91137C8FCBD2A07BE03DDD823E8CAB4F ] SbieDrv C:\Program Files\Sandboxie\SbieDrv.sys
09:49:08.0535 0x1978 SbieDrv - ok
09:49:08.0592 0x1978 [ 8F237507759186A689450BD9B8CAB7AC, C08A26CE02872281E8C186A0824552DB9A3286D041ADAFBF3F977BBE0EBC266B ] SbieSvc C:\Program Files\Sandboxie\SbieSvc.exe
09:49:08.0609 0x1978 SbieSvc - ok
09:49:08.0653 0x1978 sbp2port - ok
09:49:08.0664 0x1978 SCardSvr - ok
09:49:08.0705 0x1978 ScDeviceEnum - ok
09:49:08.0729 0x1978 scfilter - ok
09:49:08.0744 0x1978 Schedule - ok
09:49:08.0773 0x1978 scmbus - ok
09:49:08.0809 0x1978 scmdisk0101 - ok
09:49:08.0836 0x1978 SCPolicySvc - ok
09:49:08.0887 0x1978 [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus C:\WINDOWS\System32\drivers\ScpVBus.sys
09:49:08.0899 0x1978 ScpVBus - ok
09:49:09.0366 0x1978 sdbus - ok
09:49:09.0386 0x1978 SDRSVC - ok
09:49:09.0431 0x1978 sdstor - ok
09:49:09.0441 0x1978 seclogon - ok
09:49:09.0459 0x1978 SENS - ok
09:49:09.0524 0x1978 SensorDataService - ok
09:49:09.0539 0x1978 SensorService - ok
09:49:09.0549 0x1978 SensrSvc - ok
09:49:09.0553 0x1978 SerCx - ok
09:49:09.0563 0x1978 SerCx2 - ok
09:49:09.0587 0x1978 Serenum - ok
09:49:09.0591 0x1978 Serial - ok
09:49:09.0596 0x1978 sermouse - ok
09:49:09.0614 0x1978 SessionEnv - ok
09:49:09.0654 0x1978 sfloppy - ok
09:49:09.0702 0x1978 SharedAccess - ok
09:49:09.0715 0x1978 ShellHWDetection - ok
09:49:09.0743 0x1978 shpamsvc - ok
09:49:09.0751 0x1978 SiSRaid2 - ok
09:49:09.0756 0x1978 SiSRaid4 - ok
09:49:09.0977 0x1978 [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
09:49:09.0996 0x1978 SkypeUpdate - ok
09:49:10.0070 0x1978 [ AF9CA3A881483E6999CB2764BDAD3414, 95D6F7DA34DAD2CC1E4BC0B0867FA7E90293FB082EE0372DF5FE663E2AFD7AA4 ] SmbDrvI C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
09:49:10.0078 0x1978 SmbDrvI - ok
09:49:10.0141 0x1978 smphost - ok
09:49:10.0163 0x1978 SmsRouter - ok
09:49:10.0227 0x1978 SNMPTRAP - ok
09:49:10.0265 0x1978 spaceport - ok
09:49:10.0269 0x1978 SpbCx - ok
09:49:10.0307 0x1978 Spooler - ok
09:49:10.0345 0x1978 sppsvc - ok
09:49:10.0370 0x1978 srv - ok
09:49:10.0410 0x1978 srv2 - ok
09:49:10.0422 0x1978 srvnet - ok
09:49:10.0455 0x1978 SSDPSRV - ok
09:49:10.0474 0x1978 SstpSvc - ok
09:49:10.0554 0x1978 StateRepository - ok
09:49:10.0858 0x1978 [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:49:10.0906 0x1978 Steam Client Service - ok
09:49:10.0944 0x1978 stexstor - ok
09:49:10.0965 0x1978 stisvc - ok
09:49:10.0972 0x1978 storahci - ok
09:49:11.0092 0x1978 storflt - ok
09:49:11.0117 0x1978 stornvme - ok
09:49:11.0124 0x1978 storqosflt - ok
09:49:11.0158 0x1978 StorSvc - ok
09:49:11.0165 0x1978 storufs - ok
09:49:11.0171 0x1978 storvsc - ok
09:49:11.0196 0x1978 svsvc - ok
09:49:11.0206 0x1978 swenum - ok
09:49:11.0212 0x1978 swprv - ok
09:49:11.0243 0x1978 Synth3dVsc - ok
09:49:11.0269 0x1978 SysMain - ok
09:49:11.0286 0x1978 SystemEventsBroker - ok
09:49:11.0312 0x1978 TabletInputService - ok
09:49:11.0360 0x1978 [ 876F4A55F3F5319132E3AC8DC7E75EF8, 2A347F168D406700E83F8BE39BB74E656ADD487018A73F0F4316348CD03C9F36 ] tap0901t C:\WINDOWS\System32\drivers\tap0901t.sys
09:49:11.0375 0x1978 tap0901t - ok
09:49:11.0391 0x1978 TapiSrv - ok
09:49:11.0419 0x1978 Tcpip - ok
09:49:11.0424 0x1978 Tcpip6 - ok
09:49:11.0431 0x1978 tcpipreg - ok
09:49:11.0451 0x1978 tdx - ok
09:49:11.0604 0x1978 [ 1A4B1847BD8C7079C3A6C873342CC84A, E49E60896C6726EB8F8EE3A443B839AA6A6E802919C7D102DD820AD7C3DDA32C ] Te.Service C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
09:49:11.0615 0x1978 Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
09:49:11.0615 0x1978 Detect skipped due to KSN trusted
09:49:11.0615 0x1978 Te.Service - ok
09:49:11.0629 0x1978 terminpt - ok
09:49:11.0646 0x1978 TermService - ok
09:49:11.0667 0x1978 Themes - ok
09:49:11.0714 0x1978 TieringEngineService - ok
09:49:11.0727 0x1978 tiledatamodelsvc - ok
09:49:11.0739 0x1978 TimeBrokerSvc - ok
09:49:11.0766 0x1978 TPM - ok
09:49:11.0779 0x1978 TrkWks - ok
09:49:11.0869 0x1978 TrustedInstaller - ok
09:49:11.0876 0x1978 tsusbflt - ok
09:49:11.0898 0x1978 TsUsbGD - ok
09:49:11.0929 0x1978 tunnel - ok
09:49:12.0056 0x1978 [ E775DAF583CFF96F81306A4A93E501FE, C6F54D6D524CA3D3872C7BD53904A203F55C99EF93E08077183192587BE32D86 ] TunngleService C:\Program Files (x86)\Tunngle\TnglCtrl.exe
09:49:12.0092 0x1978 TunngleService - ok
09:49:12.0149 0x1978 tzautoupdate - ok
09:49:12.0155 0x1978 UASPStor - ok
09:49:12.0161 0x1978 UcmCx0101 - ok
09:49:12.0187 0x1978 UcmTcpciCx0101 - ok
09:49:12.0207 0x1978 UcmUcsi - ok
09:49:12.0230 0x1978 Ucx01000 - ok
09:49:12.0235 0x1978 UdeCx - ok
09:49:12.0241 0x1978 udfs - ok
09:49:12.0266 0x1978 UEFI - ok
09:49:12.0296 0x1978 Ufx01000 - ok
09:49:12.0310 0x1978 UfxChipidea - ok
09:49:12.0318 0x1978 ufxsynopsys - ok
09:49:12.0381 0x1978 UI0Detect - ok
09:49:12.0388 0x1978 umbus - ok
09:49:12.0408 0x1978 UmPass - ok
09:49:12.0437 0x1978 UmRdpService - ok
09:49:12.0446 0x1978 UnistoreSvc - ok
09:49:12.0467 0x1978 upnphost - ok
09:49:12.0475 0x1978 UrsChipidea - ok
09:49:12.0498 0x1978 UrsCx01000 - ok
09:49:12.0502 0x1978 UrsSynopsys - ok
09:49:12.0529 0x1978 usbccgp - ok
09:49:12.0564 0x1978 usbcir - ok
09:49:12.0575 0x1978 usbehci - ok
09:49:12.0579 0x1978 usbhub - ok
09:49:12.0596 0x1978 USBHUB3 - ok
09:49:12.0609 0x1978 usbohci - ok
09:49:12.0614 0x1978 usbprint - ok
09:49:12.0622 0x1978 usbser - ok
09:49:12.0638 0x1978 USBSTOR - ok
09:49:12.0655 0x1978 usbuhci - ok
09:49:12.0679 0x1978 usbvideo - ok
09:49:12.0687 0x1978 USBXHCI - ok
09:49:12.0714 0x1978 UserDataSvc - ok
09:49:12.0752 0x1978 UserManager - ok
09:49:12.0787 0x1978 UsoSvc - ok
09:49:12.0795 0x1978 VaultSvc - ok
09:49:12.0818 0x1978 vdrvroot - ok
09:49:12.0848 0x1978 vds - ok
09:49:12.0855 0x1978 VerifierExt - ok
09:49:12.0878 0x1978 vhdmp - ok
09:49:12.0884 0x1978 vhf - ok
09:49:12.0891 0x1978 vmbus - ok
09:49:12.0897 0x1978 VMBusHID - ok
09:49:12.0918 0x1978 vmgid - ok
09:49:12.0942 0x1978 vmicguestinterface - ok
09:49:12.0948 0x1978 vmicheartbeat - ok
09:49:12.0963 0x1978 vmickvpexchange - ok
09:49:13.0005 0x1978 vmicrdv - ok
09:49:13.0014 0x1978 vmicshutdown - ok
09:49:13.0022 0x1978 vmictimesync - ok
09:49:13.0036 0x1978 vmicvmsession - ok
09:49:13.0049 0x1978 vmicvss - ok
09:49:13.0056 0x1978 volmgr - ok
09:49:13.0064 0x1978 volmgrx - ok
09:49:13.0076 0x1978 volsnap - ok
09:49:13.0094 0x1978 volume - ok
09:49:13.0121 0x1978 vpci - ok
09:49:13.0129 0x1978 vsmraid - ok
09:49:13.0147 0x1978 VSS - ok
09:49:13.0156 0x1978 VSTXRAID - ok
09:49:13.0185 0x1978 vwifibus - ok
09:49:13.0195 0x1978 vwififlt - ok
09:49:13.0209 0x1978 vwifimp - ok
09:49:13.0259 0x1978 W32Time - ok
09:49:13.0275 0x1978 WacomPen - ok
09:49:13.0316 0x1978 WalletService - ok
09:49:13.0328 0x1978 wanarp - ok
09:49:13.0335 0x1978 wanarpv6 - ok
09:49:13.0341 0x1978 wbengine - ok
09:49:13.0356 0x1978 WbioSrvc - ok
09:49:13.0364 0x1978 wcifs - ok
09:49:13.0383 0x1978 Wcmsvc - ok
09:49:13.0393 0x1978 wcncsvc - ok
09:49:13.0398 0x1978 wcnfs - ok
09:49:13.0404 0x1978 WdBoot - ok
09:49:13.0410 0x1978 Wdf01000 - ok
09:49:13.0420 0x1978 WdFilter - ok
09:49:13.0433 0x1978 WdiServiceHost - ok
09:49:13.0441 0x1978 WdiSystemHost - ok
09:49:13.0452 0x1978 wdiwifi - ok
09:49:13.0459 0x1978 WdNisDrv - ok
09:49:13.0492 0x1978 WdNisSvc - ok
09:49:13.0501 0x1978 WebClient - ok
09:49:13.0508 0x1978 Wecsvc - ok
09:49:13.0529 0x1978 WEPHOSTSVC - ok
09:49:13.0537 0x1978 wercplsupport - ok
09:49:13.0555 0x1978 WerSvc - ok
09:49:13.0564 0x1978 WFPLWFS - ok
09:49:13.0576 0x1978 WiaRpc - ok
09:49:13.0607 0x1978 WIMMount - ok
09:49:13.0611 0x1978 WinDefend - ok
09:49:13.0665 0x1978 WindowsTrustedRT - ok
09:49:13.0670 0x1978 WindowsTrustedRTProxy - ok
09:49:13.0698 0x1978 WinHttpAutoProxySvc - ok
09:49:13.0728 0x1978 WinMad - ok
09:49:14.0019 0x1978 Winmgmt - ok
09:49:14.0045 0x1978 WinRM - ok
09:49:14.0088 0x1978 WINUSB - ok
09:49:14.0104 0x1978 WinVerbs - ok
09:49:14.0150 0x1978 wisvc - ok
09:49:14.0206 0x1978 WlanSvc - ok
09:49:14.0229 0x1978 wlidsvc - ok
09:49:14.0235 0x1978 WmiAcpi - ok
09:49:14.0259 0x1978 wmiApSrv - ok
09:49:14.0289 0x1978 WMPNetworkSvc - ok
09:49:14.0313 0x1978 Wof - ok
09:49:14.0353 0x1978 workfolderssvc - ok
09:49:14.0364 0x1978 WPDBusEnum - ok
09:49:14.0399 0x1978 WpdUpFltr - ok
09:49:14.0434 0x1978 WpnService - ok
09:49:14.0442 0x1978 WpnUserService - ok
09:49:14.0474 0x1978 ws2ifsl - ok
09:49:14.0480 0x1978 wscsvc - ok
09:49:14.0492 0x1978 WSDPrintDevice - ok
09:49:14.0512 0x1978 WSDScan - ok
09:49:14.0517 0x1978 WSearch - ok
09:49:14.0558 0x1978 wuauserv - ok
09:49:14.0568 0x1978 WudfPf - ok
09:49:14.0572 0x1978 WUDFRd - ok
09:49:14.0589 0x1978 wudfsvc - ok
09:49:14.0597 0x1978 WUDFWpdFs - ok
09:49:14.0655 0x1978 WwanSvc - ok
09:49:14.0684 0x1978 XblAuthManager - ok
09:49:14.0700 0x1978 XblGameSave - ok
09:49:14.0721 0x1978 xboxgip - ok
09:49:14.0732 0x1978 XboxNetApiSvc - ok
09:49:14.0777 0x1978 [ 65343781331B6AE59E01C4C337682DE4, 738D00277B9137BF3D7C427E41B7835AF41388CF6C04D494CA4525F96CF7F0CC ] xhunter1 C:\WINDOWS\xhunter1.sys
09:49:14.0785 0x1978 xhunter1 - ok
09:49:14.0809 0x1978 xinputhid - ok
09:49:14.0811 0x1978 ================ Scan global ===============================
09:49:14.0924 0x1978 [ Global ] - ok
09:49:14.0925 0x1978 ================ Scan MBR ==================================
09:49:14.0946 0x1978 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:49:24.0111 0x1978 \Device\Harddisk0\DR0 - ok
09:49:24.0111 0x1978 ================ Scan VBR ==================================
09:49:24.0132 0x1978 [ D8393C0DAD999B3D1B1E6EB915DF2D89 ] \Device\Harddisk0\DR0\Partition1
09:49:24.0157 0x1978 \Device\Harddisk0\DR0\Partition1 - ok
09:49:24.0168 0x1978 [ 05B046D7D4313F6540B14AAA0C888290 ] \Device\Harddisk0\DR0\Partition2
09:49:24.0187 0x1978 \Device\Harddisk0\DR0\Partition2 - ok
09:49:24.0187 0x1978 ================ Scan generic autorun ======================
09:49:24.0233 0x1978 ETDCtrl - ok
09:49:25.0732 0x1978 [ BF225BCD0EC2D85719C382019B5B4250, 7FE5A85209BD930FC1622600AB74E59854488986AA052A0D03D5FC7B361F247D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:49:26.0102 0x1978 RTHDVCPL - ok
09:49:26.0347 0x1978 [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
09:49:26.0368 0x1978 IgfxTray - ok
09:49:26.0441 0x1978 [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
09:49:26.0463 0x1978 HotKeysCmds - ok
09:49:26.0541 0x1978 [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
09:49:26.0568 0x1978 Persistence - ok
09:49:26.0841 0x1978 [ 0FCF03482EA4AAA23E663E047CA48D41, 728156EEDAA37F41C11F141571F1136AD1599E151E9E11462568B3A7759DF984 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
09:49:26.0891 0x1978 COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - ok
09:49:27.0017 0x1978 [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:49:27.0027 0x1978 BCSSync - ok
09:49:27.0637 0x1978 [ 739D7E0025F5CE97309695D3081E3823, 46A4B51123992B2FA3DF51F80C3E9E7118C6CCB6A68B6EDA3585BF87208B7DFC ] C:\Program Files\AMD\CNext\CNext\cnext.exe
09:49:27.0770 0x1978 StartCN - ok
09:49:27.0905 0x1978 [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:49:27.0930 0x1978 SunJavaUpdateSched - ok
09:49:28.0353 0x1978 OneDriveSetup - ok
09:49:28.0355 0x1978 OneDriveSetup - ok
09:49:28.0653 0x1978 [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\OneDrive.exe
09:49:28.0676 0x1978 OneDrive - ok
09:49:29.0355 0x1978 [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
09:49:29.0453 0x1978 Steam - ok
09:49:30.0081 0x1978 [ 330049982A6CF1A2A0500E8E620889D3, 81A804621F9FAD520CB47FC084F6BD4EF2697E1FB8AF30596303089597FE7C2C ] C:\Users\Oliver\AppData\Roaming\Spotify\SpotifyWebHelper.exe
09:49:30.0131 0x1978 Spotify Web Helper - ok
09:49:30.0375 0x1978 [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
09:49:30.0434 0x1978 SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
09:49:30.0434 0x1978 Detect skipped due to KSN trusted
09:49:30.0434 0x1978 SpybotPostWindows10UpgradeReInstall - ok
09:49:31.0207 0x1978 [ 8A793A1618B8C37FC70E85DC03E9567D, 568156DB22BB9E3411923BD3417C1E8BAFC641FB82C298FCFAAD8708BE8E7DF3 ] C:\Users\Oliver\AppData\Roaming\Spotify\Spotify.exe
09:49:31.0386 0x1978 Spotify - ok
09:49:31.0459 0x1978 Skype - ok
09:49:33.0181 0x1978 [ 63405C389EB81881D68AEEB0E05F3F7D, BBE8D64C600A6FCA4BF4B89EF39B551DEB8ED826C33FD6FB2C7E2F7D773AB0E2 ] C:\Program Files\CCleaner\CCleaner64.exe
09:49:33.0456 0x1978 CCleaner Monitoring - ok
09:49:33.0690 0x1978 [ 1D37F21A8295466B831E446F3C3082B8, 680B2D309DB4318AD1619537233C70869B3C878FF161999838DDC37801BCC77D ] C:\Program Files\Sandboxie\SbieCtrl.exe
09:49:33.0718 0x1978 SandboxieControl - ok
09:49:34.0329 0x1978 Uninstall C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 - ok
09:49:34.0341 0x1978 AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled : outofdate )
09:49:34.0341 0x1978 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
09:49:34.0343 0x1978 FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled )
09:49:34.0457 0x1978 ============================================================
09:49:34.0457 0x1978 Scan finished
09:49:34.0457 0x1978 ============================================================
09:49:34.0466 0x0fbc Detected object count: 0
09:49:34.0466 0x0fbc Actual detected object count: 0
|
|
26.09.2016, 12:20
| #5 |
| /// TB-Ausbilder /// Anleitungs-Guru | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Schritt 1 Downloade Dir bitte  AdwCleaner auf Deinen Desktop.
Schritt 2  
Jetzt bitte Suchscan durchführen: Schritt 3 ESET Online Scanner
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
26.09.2016, 16:12
| #6 |
| | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Hallo, vieleicht stelle ich mich blöd an, aber ich kriege bei mbam keinen scan bericht, nur sowas hier: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan, 26.09.2016 17:06, SYSTEM, LAP-OLI-PB, Manual, Start: 26.09.2016 16:29, Dauer: 37 Min. 41 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, (end) // ESET läuft noch und AdwCleaner hat normale logs ausgespuckt, die kommen zusammen. |
|
26.09.2016, 20:50
| #7 |
| /// TB-Ausbilder /// Anleitungs-Guru | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Wenn Du oben auf Verlauf klickst, Anwendungsprotokolle, Scan-Protokoll?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
27.09.2016, 18:19
| #8 |
| | Unregelmäßige Abstürze auf dem Laptop (Windows 10) So, da bin ich wieder mit logs. ESET: Code:
ATTFilter # product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=init
# utc_time=2016-09-26 02:30:45
# local_time=2016-09-26 04:30:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 30873
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=updated
# utc_time=2016-09-26 02:34:40
# local_time=2016-09-26 04:34:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=restart
# utc_time=2016-09-26 04:44:54
# local_time=2016-09-26 06:44:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3091 16777213 100 100 4064098 38566668 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 859210 6238910 0 0
# scanned=243500
# found=6
# cleaned=0
# scan_time=7814
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=init
# utc_time=2016-09-26 08:29:21
# local_time=2016-09-26 10:29:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 30877
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=updated
# utc_time=2016-09-26 08:58:51
# local_time=2016-09-26 10:58:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# engine=30877
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-09-27 12:15:08
# local_time=2016-09-27 02:15:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3091 16777213 100 100 4091112 38593682 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 886224 6265924 0 0
# scanned=600805
# found=6
# cleaned=0
# scan_time=11777
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
Code:
ATTFilter # AdwCleaner v6.020 - Bericht erstellt am 26/09/2016 um 15:42:23
# Aktualisiert am 14/09/2016 von ToolsLib
# Datenbank : 2016-09-26.1 [Server]
# Betriebssystem : Windows 10 Home (X64)
# Benutzername : Oliver - LAP-OLI-PB
# Gestartet von : C:\Users\Oliver\Desktop\AdwCleaner_6.020.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum
***** [ Dienste ] *****
***** [ Ordner ] *****
[-] Ordner gelöscht: C:\Users\Oliver\AppData\Local\slimware utilities inc
[-] Ordner gelöscht: C:\ProgramData\SlimWare Utilities, Inc
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] Ordner gelöscht: C:\Program Files (x86)\SlimDrivers
***** [ Dateien ] *****
[-] Datei gelöscht: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Verknüpfungen ] *****
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\soft Xpansion\Perfect PDF 6 Converter\Produktregistrierung.lnk
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PB - Security & Support\Contact.lnk
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inet\Mozilla Firefox.lnk
***** [ Aufgabenplanung ] *****
***** [ Registrierungsdatenbank ] *****
[-] Schlüssel gelöscht: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Schlüssel gelöscht: HKLM\SOFTWARE\SlimWare Utilities Inc
***** [ Browser ] *****
*************************
:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1976 Bytes] - [26/09/2016 15:42:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [2380 Bytes] - [26/09/2016 15:36:50]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2122 Bytes] ##########
Es will net, unter Anwendungsprotokolle finde ich nur Schutzprotokolle und die sehen so aus: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Update, 27.09.2016 18:29, SYSTEM, LAP-OLI-PB, Manual, Rootkit Database, 2016.9.26.1, 2016.9.26.2, Update, 27.09.2016 18:29, SYSTEM, LAP-OLI-PB, Manual, Domain Database, 2016.9.23.3, 2016.9.27.4, Update, 27.09.2016 18:30, SYSTEM, LAP-OLI-PB, Manual, Malware Database, 2016.9.26.6, 2016.9.27.10, Protection, 27.09.2016 18:30, SYSTEM, LAP-OLI-PB, Protection, Refresh, Starting, Protection, 27.09.2016 18:30, SYSTEM, LAP-OLI-PB, Protection, Refresh, Success, Scan, 27.09.2016 18:59, SYSTEM, LAP-OLI-PB, Manual, Start: 27.09.2016 18:30, Dauer: 29 Min. 16 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen, (end)  |
|
28.09.2016, 18:58
| #9 |
| /// TB-Ausbilder /// Anleitungs-Guru | Unregelmäßige Abstürze auf dem Laptop (Windows 10)Gibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
28.09.2016, 21:28
| #10 |
| | Unregelmäßige Abstürze auf dem Laptop (Windows 10) Überraschender Weise läuft es normal so weit, doch die Abstürze waren ja ziemlich unregelmässig, vieleicht kommt da noch was. Ich hab noch eine Frage, ESET hatte ja 6 Bedrohungen gefunden, jedoch nicht gelöscht, war das Fehlalarm? Sind die schon weg, oder wie? |
|
28.09.2016, 21:33
| #11 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Unregelmäßige Abstürze auf dem Laptop (Windows 10)Zitat:
 Code:
ATTFilter C:\ProgramData\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}
C:\ProgramData\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}
C:\ProgramData\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}
C:\Users\All Users\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}
C:\Users\All Users\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}
C:\Users\All Users\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}
Malware ist jedenfalls keine erkennbar auf dem PC. Poste bitte letztmalig frische Logs: Schritt 1   Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
| Themen zu Unregelmäßige Abstürze auf dem Laptop (Windows 10) |
| administrator, adobe, auslastung, dateien, defender, explorer, firefox, home, installation, malware, malwarebytes, microsoft, mozilla, ordner, prozesse, realtek, registry, scan, security, software, svchost.exe, system, treiber, windows, windowsapps, winlogon.exe |
Linear-Darstellung
