|
Plagegeister aller Art und deren Bekämpfung: Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werdenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.03.2017, 14:10 | #1 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Hallo! Ich bin neu hier und hoffe auf eine Antwort (Lösung) von Problemen, bei denen ich nicht ausschließen kann, daß eventuell Viren o.ä. die Ursachen sind. 1. Problem: Offenbar beim Herunterfahren oder beim Starten deaktiviert sich bei mir die Windows Firewall. ich bekomme nach einigen Minuten PC-lauf dann die Meldung (unten rechts) eingeblendet, das Die WFW deaktiviert ist und ich sie durch klicken auf diese Meldung aktivieren muß. Ich benutze Panda Antivirus und dort zeigt ein Scan nichts Ungewöhnliches. habe auch schon Malwarebytes und ADW-Cleaner laufen lassen - ebenfalls ohne Ergebnis. Kann die Ursache trotzdem Schadsoftware sein? Auch falls es kein Fall für dieses Forum ist, kann mir vielleicht trotzdem jemand einen Hinweis geben, wie ich die Firewall permanent ab Start aktiv halten kann. Vielen Dank schon im Voraus. Rudi |
13.03.2017, 14:17 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Scan mit Farbar's Recovery Scan Tool (FRST)
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
14.03.2017, 08:49 | #3 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Danke!
__________________Hier ist das erste File FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017 Ran by Rudi (administrator) on RUDI-PC (14-03-2017 08:18:34) Running from Z:\Aktuelle Downloads Loaded Profiles: Rudi (Available Profiles: Rudi & Administrator & DefaultAppPool) Platform: Windows 10 Pro Version 1607 (X64) Language: Englisch (Vereinigte Staaten) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe (Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe (New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (HP) C:\Windows\System32\HPSIsvc.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe () D:\Program Files\Atomic Alarm Clock\timeserv.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Panda Security, S.L.) D:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Panda Security, S.L.) D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe (Apache Software Foundation) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe () C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Malwarebytes Corporation) D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Ascora GmbH) D:\Program Files (x86)\StartupStar\StartupStar.exe (Apache Software Foundation) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe (Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe Failed to access process -> FreemakeUtilsService.exe (Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe ( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe () D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe (Celartem, Inc., doing business as Extensis.) D:\Program Files (x86)\Extensis Suitcase Fusion\FMCore.exe (Panda Security, S.L.) D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe (Bartels Media GmbH) D:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Harry Stahl Software) D:\Program Files (x86)\Timonize\TRemind.EXE () C:\ProgramData\Abelssoft\AntiRansomware\Program\AntiRansomware.exe (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe ((C) LINE Corporation) D:\WindowsApps\NAVER.LINEwin8_5.4.7.0_x64__8ptj331gd3tyt\LINE_APP.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-14] (NVIDIA Corporation) HKLM\...\Run: [*Restore] => C:\WINDOWS\System32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation) HKLM-x32\...\Run: [PSUAMain] => D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.) HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-07] (Dropbox, Inc.) HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Run: [SkinClock] => D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [4287488 2011-10-25] () HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Run: [FMCore.exe] => D:\Program Files (x86)\Extensis Suitcase Fusion\FMCore.exe [10760192 2014-10-16] (Celartem, Inc.,) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] () ShellIconOverlayIdentifiers: [ AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] () ShellIconOverlayIdentifiers: [ AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] () ShellIconOverlayIdentifiers: [ AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] () ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => -> No File ShellIconOverlayIdentifiers: ["11CloudOverlayIcon"] -> {7287689B-8C79-4D52-A8C7-CC11D4D8ECE3} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] () ShellIconOverlayIdentifiers: ["12CloudOverlayIcon"] -> {75804F50-7528-4089-91DC-ABD7144EC960} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] () ShellIconOverlayIdentifiers: ["13CloudOverlayIcon"] -> {8B680D9E-7971-4ED5-BC1D-C0B7CA89B5A6} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] () ShellIconOverlayIdentifiers: ["14CloudOverlayIcon"] -> {2FFEFB84-A51D-4FAC-B125-17E44C87BC84} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] () ShellIconOverlayIdentifiers: ["15CloudOverlayIcon"] -> {D0F0E8F3-5536-4A04-80A1-40FB42B296EC} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] () ShellIconOverlayIdentifiers: ["16CloudOverlayIcon"] -> {5B3DEF8D-36B5-4A0C-AF95-BB774BE05E8F} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] () ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-02-15] () Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2017-02-15] ShortcutTarget: PhraseExpress.lnk -> D:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH) Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2017-03-13] ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRemind.EXE.lnk [2015-09-24] ShortcutTarget: TRemind.EXE.lnk -> D:\Program Files (x86)\Timonize\TRemind.EXE (Harry Stahl Software) Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WF.msc - Verknüpfung.lnk [2017-02-28] ShortcutTarget: WF.msc - Verknüpfung.lnk -> C:\Windows\System32\WF.msc () GroupPolicy: Restriction - Chrome <======= ATTENTION GroupPolicy\User: Restriction <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{72c20bae-8251-48ad-b79c-f22df13eacaa}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{9158bc68-ff9c-47ef-8194-53b98366daf8}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://th.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_09¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dth%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CtA0C0E0F0CzytA0FyBtN0D0Tzu0StCyDtBtBtN1L2XzutAtFtCyBtFtCtCtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEzytDzyyCtB0E0DtGtD0CtD0FtGtDzytD0FtGtCzz0BtCtGtByDtByEtC0F0CtDzz0B0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BtB0B0C0AzyzztGtByCtCzytGyEtCyEzytG0AzzyDtBtGtDzztCyB0AyBtA0ByByC0AtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzyyE%26cr%3D1173861011%26a%3Djmb_dnldastr_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page = SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: No Name -> {26C3165B-FC58-4910-802D-250B2E68A04E} -> No File BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Promt IE Helper -> {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} -> D:\Program Files (x86)\PRMT12\PRMTIE\prmtie.dll [2014-02-07] (PROMT Ltd.) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab FireFox: ======== FF ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default [2017-03-05] FF NewTab: Mozilla\Firefox\Profiles\08i3m0cl.default -> about:newtab FF DefaultSearchEngine: Mozilla\Firefox\Profiles\08i3m0cl.default -> Yahoo! Powered FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\08i3m0cl.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\08i3m0cl.default -> Yahoo! Powered FF Homepage: Mozilla\Firefox\Profiles\08i3m0cl.default -> hxxp://www.google.de/ FF Keyword.URL: Mozilla\Firefox\Profiles\08i3m0cl.default -> user_pref("keyword.URL", true); FF Extension: (LastPass) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\support@lastpass.com [2017-02-10] FF Extension: (YesScript) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\yesscript@userstyles.org.xpi [2016-08-05] FF Extension: (Video DownloadHelper) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-05] FF Extension: (Adblock Plus) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-10] FF Extension: (BetterPrivacy) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-03-05] FF ProfilePath: C:\Users\Rudi\AppData\Roaming\bitmedia\Contentlauncher\Profiles\16bfeq6a.default [2017-02-25] FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Extension: (Foxit PDF Creator) - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-11-14] FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 15\spmplugin3 => not found FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed] FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-12-23] FF HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manage\idmmzcc2.xpi FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manage\idmmzcc2.xpi [2016-08-03] FF HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rudi\AppData\Roaming\IDM\idmmzcc5 FF Extension: (IDM CC) - C:\Users\Rudi\AppData\Roaming\IDM\idmmzcc5 [2016-10-29] [not signed] FF HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manage\idmmzcc2.xpi FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.) FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-29] (LastPass) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-29] (LastPass) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [No File] FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File] FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-08-24] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-21] (Wacom, Inc.) FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom) FF Plugin-x32: @webex.com/npatgpc -> D:\ProgramData\WebEx\npatgpc.dll [2016-10-20] (Cisco WebEx LLC) FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems) FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [No File] FF Plugin HKU\S-1-5-21-595107073-3459872703-1893278198-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rudi\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-09] (Citrix Online) FF Plugin HKU\S-1-5-21-595107073-3459872703-1893278198-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Rudi\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( ) FF Plugin HKU\S-1-5-21-595107073-3459872703-1893278198-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom) StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe Chrome: ======= CHR DefaultProfile: Default CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=de-de CHR StartupUrls: Default -> "hxxps://www.google.de/?gws_rd=ssl" CHR Profile: C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default [2017-03-14] CHR Extension: (ProxFlow) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-01-24] CHR Extension: (uBlock Origin) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09] CHR Extension: (Copay) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnidaodnidkbaplmghlelgikaiejfhja [2017-02-19] CHR Extension: (Adobe Acrobat) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04] CHR Extension: (LastPass: Free Password Manager) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-25] CHR Extension: (OkayFreedom) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2016-07-03] CHR Extension: (Proxy for Chrome) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilpibhiihokecnbdkaminemnmecjfed [2016-08-09] CHR Extension: (Cisco WebEx Extension) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-09] CHR Extension: (Video DownloadHelper) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21] CHR Extension: (Video download helper) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-10-29] CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09] CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2016-06-27] CHR Extension: (Proxy SwitchyOmega) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-03-12] CHR Extension: (Chrome Media Router) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07] CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> CHR HKU\S-1-5-21-595107073-3459872703-1893278198-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10] CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found> ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [1175976 2017-01-16] (Acronis International GmbH) S4 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276464 2017-01-18] () S4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-01-28] () S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated) R2 AtomicAlarmClock; D:\Program Files\Atomic Alarm Clock\timeserv.exe [2062336 2011-10-25] () [File not signed] S4 Avira Secure Backup Crawler; C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe [4121960 2013-06-24] () [File not signed] S4 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2012-08-01] () [File not signed] S4 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.) S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-23] (Creative Labs) [File not signed] S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed] S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink) S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink) S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-26] (Dropbox, Inc.) S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-26] (Dropbox, Inc.) R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-01-24] (Freemake) [File not signed] R2 FreemakeVideoCapture; D:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed] R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-14] (NVIDIA Corporation) R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation) R2 MBAMScheduler; D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation) R2 MBAMService; D:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4679576 2016-12-20] (Acronis International GmbH) S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH) S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1611368 2017-01-18] () R2 NanoServiceMain; D:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.) R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-14] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-14] (NVIDIA Corporation) R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.) R2 PSUAService; D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.) R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-09-23] (Sandboxie Holdings, LLC) S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation) S3 ss_conn_service; D:\Program Files\Kies\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7013704 2016-12-21] () R2 ThemlerApache; C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe [20992 2015-07-13] (Apache Software Foundation) [File not signed] R2 ThemlerMySql; C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe [8148480 2015-07-13] () [File not signed] S4 UPSmonitor; D:\Program Files (x86)\MonitorSoftware\monitor.exe [114688 2013-03-29] (Macrovision) [File not signed] S4 UPSRMI; D:\Program Files (x86)\MonitorSoftware\wpRMI.exe [114688 2013-03-29] (Macrovision) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) S4 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [53248 2007-05-31] (Tablet Driver) [File not signed] R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-12] (Zemana Ltd.) S4 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.) S4 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2004-08-12] (Samsung Electronics Co., Ltd.) [File not signed] R1 eusk2par; C:\Windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.) R1 Eve; C:\WINDOWS\system32\DRIVERS\eve.sys [41304 2014-04-10] () R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [447328 2017-01-28] (Acronis International GmbH) R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2017-01-28] (Acronis International GmbH) R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [34056 2014-11-17] (Paragon Software Group) R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2017-03-14] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation) R1 MpKsl0a5bf91f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{725266B7-095B-4D5A-A803-53D716526B4C}\MpKsl0a5bf91f.sys [44928 2017-03-14] (Microsoft Corporation) S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.) R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.) R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.) R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.) R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.) R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.) R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.) R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.) R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.) R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.) R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.) R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.) R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.) R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.) R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-14] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-10-14] (NVIDIA Corporation) S3 OSFMount; D:\Program Files\OSFMount\OSFMount.sys [540224 2012-05-09] (PassMark Software) R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [174000 2016-02-18] (Panda Security, S.L.) R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [129456 2016-02-18] (Panda Security, S.L.) R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207280 2016-02-18] (Panda Security, S.L.) R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133552 2016-02-18] (Panda Security, S.L.) R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-02-24] (Panda Security, S.L.) R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-02-18] (Panda Security, S.L.) S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.) R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [56936 2015-12-27] (Realtek Semiconductor Corp.) S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [404184 2015-12-27] (Realsil Semiconductor Corporation) R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-09-23] (Sandboxie Holdings, LLC) R1 SLEE_19_DRIVER; C:\WINDOWS\Sleen1964.sys [117848 2014-10-24] (Softwareentwicklung Remus - ArchiCrypt - ) R3 Spyder3; C:\WINDOWS\System32\drivers\Spyder3.sys [15360 2008-09-08] () R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310560 2017-01-28] (Acronis International GmbH) R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [214360 2017-01-28] (Acronis International GmbH) S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [688864 2017-01-28] (Acronis International GmbH) R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [92848 2016-08-08] () R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [26800 2016-08-08] () R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [484528 2016-08-08] () R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [467368 2017-02-28] (IDRIX) R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [324448 2017-01-28] (Acronis International GmbH) S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) S3 WsAudio_Device; C:\WINDOWS\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare) R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-20] (Zemana Ltd.) R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-20] (Zemana Ltd.) R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.) S3 dbx; system32\DRIVERS\dbx.sys [X] U3 idsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-12 14:05 - 2017-03-14 08:12 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2017-03-12 14:04 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2017-03-12 14:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2017-03-10 12:57 - 2017-03-10 13:04 - 435513784 _____ (ON1) C:\Users\Rudi\Downloads\ON1_Effects_10.5.1_Free.exe 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\ zAnti Ransomeware Honeypot 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Roaming\ zAnti Ransomeware Honeypot 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Roaming\ ! Anti Ransomeware Honeypot 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Local\ zAnti Ransomeware Honeypot 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Local\ ! Anti Ransomeware Honeypot 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\ ! Anti Ransomeware Honeypot 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Abelssoft 2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ____D C:\ProgramData\Abelssoft 2017-03-10 07:17 - 2017-03-10 07:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-09 11:48 - 2017-03-09 11:53 - 00000000 ____D C:\Users\Rudi\Desktop\7 2017-03-07 20:30 - 2017-03-07 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional 2017-03-07 12:42 - 2017-03-07 12:42 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Affinity 2017-03-07 12:42 - 2017-03-07 12:42 - 00000000 ____D C:\ProgramData\Affinity 2017-03-07 12:40 - 2017-03-07 12:40 - 00000836 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affinity Photo Trial.lnk 2017-03-07 12:39 - 2017-03-07 12:39 - 00000000 ____D C:\Program Files\Affinity 2017-03-07 03:50 - 2017-03-07 03:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys 2017-03-06 21:01 - 2017-03-06 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD 2017-03-04 16:15 - 2017-03-04 16:15 - 00003254 _____ C:\WINDOWS\System32\Tasks\{9E502815-3FB8-422D-934C-BEAC4F7F61A3} 2017-03-04 15:27 - 2017-03-10 10:39 - 00001824 _____ C:\Users\Rudi\Desktop\Bridge17.lnk 2017-03-03 18:11 - 2017-03-04 14:12 - 00001086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC 2017.lnk 2017-02-28 19:12 - 2017-02-28 19:12 - 00467368 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys 2017-02-28 19:12 - 2017-02-28 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt 2017-02-27 14:32 - 2017-02-27 14:32 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2017-02-27 14:32 - 2017-02-27 14:32 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\chc 2017-02-26 16:53 - 2017-02-26 16:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RUDI-PC-Windows-10-Pro-(64-bit).dat 2017-02-26 16:53 - 2017-02-26 16:53 - 00000000 ____D C:\RegBackup 2017-02-26 16:04 - 2017-03-04 16:06 - 00000000 __SHD C:\Users\Rudi\xncenz 2017-02-26 16:03 - 2017-02-26 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com 2017-02-26 16:02 - 2017-02-26 16:03 - 00174775 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt 2017-02-26 16:02 - 2017-02-26 16:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com 2017-02-23 15:30 - 2017-02-23 15:33 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\RGS Fotokalender 2017-02-23 15:30 - 2017-02-23 15:30 - 00000000 ____D C:\Users\Rudi\Documents\RGS Fotokalender 2017-02-23 15:30 - 2017-02-23 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGS Fotokalender (64-bit) 2017-02-22 12:00 - 2017-02-22 12:00 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO 2017-02-21 21:30 - 2017-02-21 21:30 - 00000098 _____ C:\ProgramData\.SF170 2017-02-21 18:03 - 2017-02-21 18:03 - 00000010 _____ C:\Users\Rudi\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740 2017-02-21 18:03 - 2017-02-21 18:03 - 00000010 _____ C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822 2017-02-21 16:43 - 2017-02-21 21:24 - 00000000 ____D C:\Users\Rudi\AppData\Local\Extensis 2017-02-21 16:43 - 2017-02-21 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis 2017-02-19 17:56 - 2017-02-19 17:57 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\your-app 2017-02-19 17:56 - 2017-02-19 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZXPInstaller 2017-02-19 17:56 - 2017-02-19 17:56 - 00000000 ____D C:\Program Files (x86)\ZXPInstaller 2017-02-17 19:09 - 2017-02-17 19:09 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Bitcoin 2017-02-17 17:01 - 2017-02-17 17:01 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\contentlauncher 2017-02-17 17:01 - 2017-02-17 17:01 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\bitmedia 2017-02-17 17:01 - 2017-02-17 17:01 - 00000000 ____D C:\Users\Rudi\AppData\Local\bitmedia 2017-02-17 14:58 - 2017-02-17 14:58 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core 2017-02-15 15:01 - 2017-02-16 15:15 - 00000000 ____D C:\Users\Rudi\Desktop\8 2017-02-15 14:29 - 2017-02-15 14:29 - 05188646 _____ C:\Users\Rudi\Documents\AutoRuns2.arn 2017-02-15 13:18 - 2017-03-13 17:23 - 00000000 ____D C:\Users\Rudi\Documents\PhraseExpress 2017-02-15 13:18 - 2017-02-15 14:30 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\PhraseExpress 2017-02-15 11:07 - 2017-02-15 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress 2017-02-15 11:07 - 2017-02-15 11:07 - 00000874 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-14 08:19 - 2016-10-01 16:08 - 00097857 _____ C:\WINDOWS\ZAM_Guard.krnl.trace 2017-03-14 08:19 - 2016-08-03 16:07 - 00138054 _____ C:\WINDOWS\ZAM.krnl.trace 2017-03-14 08:03 - 2015-07-23 16:51 - 00000000 ____D C:\Users\Rudi\Desktop\Foto 2017-03-14 07:52 - 2016-10-31 11:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2017-03-14 07:28 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2017-03-14 07:28 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\WindowsApps 2017-03-14 07:25 - 2016-11-01 02:15 - 00759728 _____ C:\WINDOWS\system32\perfh007.dat 2017-03-14 07:25 - 2016-11-01 02:15 - 00154462 _____ C:\WINDOWS\system32\perfc007.dat 2017-03-14 07:25 - 2016-10-31 11:24 - 01757026 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2017-03-14 07:22 - 2013-01-31 19:35 - 00000788 _____ C:\Users\Rudi\AppData\Roaming\AtomicAlarmClock.ini 2017-03-14 07:21 - 2016-10-31 11:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2017-03-14 07:21 - 2016-10-31 11:23 - 00000000 ____D C:\ProgramData\NVIDIA 2017-03-14 07:21 - 2016-01-28 19:53 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs 2017-03-13 20:42 - 2016-07-16 13:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI 2017-03-13 19:09 - 2016-12-28 20:23 - 00000000 ____D C:\ProgramData\Package Cache 2017-03-13 12:45 - 2017-01-30 17:11 - 00000000 ____D C:\Users\Rudi\Desktop\9 2017-03-12 20:47 - 2016-10-31 11:22 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2017-03-12 14:38 - 2012-12-23 17:30 - 00000000 ____D C:\Users\Rudi\Desktop\Utilities 2017-03-12 14:36 - 2017-01-10 09:31 - 00000000 ____D C:\Program Files\CCleaner 2017-03-12 14:36 - 2016-10-31 11:25 - 00000000 ____D C:\Users\Rudi 2017-03-12 14:36 - 2012-12-26 04:13 - 00000000 ____D C:\ProgramData\Ashampoo 2017-03-12 14:30 - 2017-01-17 13:04 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\krb 2017-03-12 14:29 - 2016-12-22 20:35 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Google Chrome 2017-03-12 14:04 - 2013-02-26 05:51 - 00000000 ____D C:\ProgramData\Malwarebytes 2017-03-12 13:41 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2017-03-12 11:24 - 2012-12-23 18:28 - 00000000 ____D C:\Users\Rudi\Desktop\1 2017-03-10 10:50 - 2016-09-17 14:04 - 00000000 ____D C:\Users\Rudi\AppData\Local\Abelssoft 2017-03-10 07:17 - 2016-08-26 13:00 - 00000000 ____D C:\Program Files (x86)\Dropbox 2017-03-09 12:18 - 2013-02-02 08:17 - 00000000 ____D C:\Users\Rudi\AppData\Local\ElevatedDiagnostics 2017-03-08 08:58 - 2012-12-24 11:48 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\vlc 2017-03-08 08:51 - 2017-02-09 11:19 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\dvdcss 2017-03-07 20:33 - 2015-09-30 19:49 - 00000000 ____D C:\ProgramData\TEMP 2017-03-07 13:36 - 2016-07-09 08:25 - 00000000 ____D C:\Users\Rudi\Desktop\Internet 2017-03-07 07:34 - 2012-12-23 17:30 - 00000000 ____D C:\Users\Rudi\Desktop\Favoriten 2017-03-06 15:27 - 2012-12-31 09:23 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\calibre 2017-03-05 18:06 - 2015-04-18 06:51 - 00000000 ____D C:\AdwCleaner 2017-03-05 17:58 - 2017-01-01 14:26 - 00000000 ____D C:\Users\Rudi\AppData\LocalLow\Mozilla 2017-03-04 16:26 - 2015-07-18 07:55 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\962C492D-EA7D-4B2D-AEBD-797E18FE960A 2017-03-04 16:22 - 2016-08-20 10:01 - 00000000 ____D C:\Users\Rudi\Desktop\Media 2017-03-04 16:14 - 2012-12-25 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs 2017-03-04 16:14 - 2012-12-25 14:25 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs 2017-03-04 15:48 - 2016-08-12 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake 2017-03-04 15:48 - 2016-08-12 09:56 - 00000000 ____D C:\ProgramData\Freemake 2017-03-03 18:11 - 2012-12-25 05:26 - 00000000 ____D C:\Program Files\Common Files\Adobe 2017-03-01 06:42 - 2016-10-31 11:22 - 06072576 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2017-02-27 14:32 - 2016-12-20 21:16 - 00000000 ____D C:\Users\Public\Documents\Adobe 2017-02-27 14:29 - 2016-09-27 09:39 - 00063042 _____ C:\Users\Rudi\Documents\MuseLog.txt 2017-02-26 17:51 - 2011-04-12 15:28 - 00000000 ____D C:\WINDOWS\CSC 2017-02-26 17:50 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2017-02-26 16:33 - 2016-12-21 15:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job 2017-02-26 15:28 - 2016-12-28 11:53 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{70873BFD-9BBF-42E9-BD13-632471A738CD} 2017-02-25 16:35 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF 2017-02-23 18:51 - 2012-12-24 13:01 - 00000000 ____D C:\Users\Rudi\Desktop\Drucken 2017-02-22 16:35 - 2017-01-27 08:21 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2 2017-02-22 16:35 - 2016-01-28 20:42 - 00002425 _____ C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2017-02-22 16:35 - 2016-01-28 20:42 - 00000000 ___RD C:\Users\Rudi\OneDrive 2017-02-20 21:19 - 2016-11-01 02:11 - 00000000 ____D C:\Program Files (x86)\MSBuild 2017-02-20 21:19 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\Globalization 2017-02-19 12:27 - 2016-06-18 10:01 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps 2017-02-19 10:23 - 2012-12-23 13:45 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information 2017-02-15 14:31 - 2016-11-09 04:55 - 00000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000.job 2017-02-15 14:31 - 2016-11-09 04:55 - 00000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000.job 2017-02-15 14:31 - 2016-08-26 13:00 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job 2017-02-15 14:19 - 2017-02-01 07:57 - 00002636 _____ C:\WINDOWS\System32\Tasks\waygyehb 2017-02-15 14:19 - 2016-11-09 04:55 - 00003322 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000 2017-02-15 14:18 - 2017-01-10 09:32 - 00002278 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2017-02-15 14:18 - 2016-11-09 04:55 - 00003226 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000 2017-02-15 14:18 - 2016-10-31 11:42 - 00003800 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA 2017-02-15 12:56 - 2017-02-01 07:57 - 00000000 __SHD C:\Users\Rudi\waygyehb 2017-02-15 12:56 - 2016-12-28 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One 2017-02-15 12:56 - 2016-10-31 11:25 - 00000000 ____D C:\Users\DefaultAppPool 2017-02-15 12:56 - 2016-10-31 11:25 - 00000000 ____D C:\Users\Administrator 2017-02-15 12:56 - 2012-12-26 15:44 - 00000000 ____D C:\ProgramData\Xara 2017-02-15 12:56 - 2012-12-26 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara 2017-02-15 12:50 - 2017-02-11 13:06 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Phase One Media Pro 2017-02-15 12:50 - 2017-02-11 13:04 - 00000000 ____D C:\Program Files (x86)\Phase One 2017-02-15 12:50 - 2013-01-26 09:35 - 00000000 ____D C:\ProgramData\ABBYY 2017-02-15 12:50 - 2012-12-25 16:11 - 00000000 ____D C:\Users\Rudi\AppData\Local\Xara 2017-02-12 11:44 - 2014-09-17 13:32 - 00000000 ____D C:\Users\Rudi\AppData\Local\ABBYY ==================== Files in the root of some directories ======= 2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll 2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll 2016-08-29 09:13 - 2016-08-29 09:13 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest 2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll 2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll 2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll 2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll 2013-01-31 19:56 - 2016-08-03 18:45 - 0000000 _____ () C:\Users\Rudi\AppData\Roaming\alarms.ini 2013-01-31 19:35 - 2017-03-14 07:22 - 0000788 _____ () C:\Users\Rudi\AppData\Roaming\AtomicAlarmClock.ini 2015-08-13 16:02 - 2015-08-13 16:02 - 5082084 _____ (The Public) C:\Users\Rudi\AppData\Roaming\Avisynth.exe 2015-08-13 16:03 - 2015-08-13 16:03 - 5243208 _____ ( ) C:\Users\Rudi\AppData\Roaming\AvsP.exe 2013-10-06 14:46 - 2013-10-06 15:01 - 0008605 _____ () C:\Users\Rudi\AppData\Roaming\ContactSheetII.log 2016-11-10 11:39 - 2016-11-10 11:39 - 0937776 _____ (AutoIt Team) C:\Users\Rudi\AppData\Roaming\FhcV.exe 2013-07-01 08:38 - 2013-07-01 08:38 - 0000010 _____ () C:\Users\Rudi\AppData\Roaming\hhxprot5 2016-02-28 09:17 - 2016-02-28 09:17 - 0000010 _____ () C:\Users\Rudi\AppData\Roaming\hhxprot6 2014-06-08 10:05 - 2016-01-20 21:38 - 0002937 _____ () C:\Users\Rudi\AppData\Roaming\Image Processor Pro.log 2014-11-09 20:56 - 2016-01-20 21:38 - 0002180 _____ () C:\Users\Rudi\AppData\Roaming\Image Processor Pro.xml 2015-08-13 16:02 - 2015-08-13 16:02 - 2169915 _____ (LIGHTNING UK!) C:\Users\Rudi\AppData\Roaming\Imgburn.exe 2012-12-26 03:20 - 2012-12-26 03:20 - 0012971 _____ () C:\Users\Rudi\AppData\Roaming\Kommagetrennte Werte (DOS).CAL 2013-08-31 18:03 - 2016-03-19 12:52 - 0009320 _____ () C:\Users\Rudi\AppData\Roaming\Kommagetrennte Werte (DOS).EML 2013-10-06 14:46 - 2013-10-06 15:01 - 0000684 _____ () C:\Users\Rudi\AppData\Roaming\Kontaktabzug II.xml 2015-08-13 16:03 - 2015-08-13 16:03 - 1357348 _____ () C:\Users\Rudi\AppData\Roaming\MatroskaSplitter.exe 2015-09-29 19:03 - 2016-03-19 12:52 - 0009317 _____ () C:\Users\Rudi\AppData\Roaming\Microsoft Excel 97-2003.EML 2016-07-06 12:14 - 2016-07-06 12:14 - 0000032 _____ () C:\Users\Rudi\AppData\Roaming\New text document.txt 2015-02-08 11:10 - 2016-12-18 22:02 - 0000166 _____ () C:\Users\Rudi\AppData\Roaming\PLGComp.ini 2015-09-19 09:52 - 2015-09-27 16:37 - 0000622 _____ () C:\Users\Rudi\AppData\Roaming\PS13_panel.log 2012-12-25 17:47 - 2015-06-02 14:21 - 0002910 _____ () C:\Users\Rudi\AppData\Roaming\RUDI-PC.MTBF.txt 2015-08-13 16:03 - 2015-08-13 16:03 - 7760687 _____ (Boraxsoft) C:\Users\Rudi\AppData\Roaming\SetupGFD.exe 2012-12-24 15:07 - 2013-02-08 05:45 - 0001158 _____ () C:\Users\Rudi\AppData\Roaming\ShiftN.ini 2013-07-01 08:40 - 2013-07-03 14:45 - 0000018 _____ () C:\Users\Rudi\AppData\Roaming\sys386ll.dat 2016-02-28 09:20 - 2016-02-28 09:20 - 0000018 _____ () C:\Users\Rudi\AppData\Roaming\sys386ln.dat 2013-01-07 00:23 - 2013-01-07 08:42 - 0001386 ___SH () C:\Users\Rudi\AppData\Roaming\systemFP.$dk 2016-03-03 11:09 - 2016-08-12 11:11 - 0000176 _____ () C:\Users\Rudi\AppData\Roaming\WB.CFG 2016-12-01 16:25 - 2016-12-01 16:25 - 1141760 _____ () C:\Users\Rudi\AppData\Roaming\WinWord.exe 2015-08-13 16:02 - 2015-08-13 16:03 - 0117723 _____ () C:\Users\Rudi\AppData\Roaming\yuvcodecs-1.3.exe 2012-12-25 17:47 - 2015-01-09 10:42 - 0000672 _____ () C:\Users\Rudi\AppData\Roaming\__AvidCloudManager.log 2012-12-25 17:47 - 2015-01-09 10:35 - 0000672 _____ () C:\Users\Rudi\AppData\Roaming\__AvidCloudManagerPrevious.log 2017-02-21 18:03 - 2017-02-21 18:03 - 0000010 _____ () C:\Users\Rudi\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740 2015-12-02 18:08 - 2016-11-13 13:22 - 0001078 _____ () C:\Users\Rudi\AppData\Local\297ee9cad53a5fc00aaa2013a9c17a85 2013-02-26 14:03 - 2016-12-17 09:05 - 0001456 _____ () C:\Users\Rudi\AppData\Local\Adobe Für Web speichern 13.0 Prefs 2015-10-25 19:43 - 2016-11-14 14:26 - 0001078 _____ () C:\Users\Rudi\AppData\Local\d63cb09e00919dacd631ce4510c7086d 2012-12-25 17:59 - 2015-05-31 07:22 - 0013312 _____ () C:\Users\Rudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-04-10 05:39 - 2013-04-10 05:39 - 0000393 _____ () C:\Users\Rudi\AppData\Local\HamsterVideoConverterSettings.cfg 2013-02-20 17:19 - 2013-02-20 17:19 - 0000218 _____ () C:\Users\Rudi\AppData\Local\recently-used.xbel 2015-01-09 19:08 - 2015-07-18 08:57 - 0007625 _____ () C:\Users\Rudi\AppData\Local\Resmon.ResmonCfg 2013-02-02 03:12 - 2013-02-03 10:40 - 0212992 _____ () C:\Users\Rudi\AppData\Local\SageThumbs.db3 2013-01-07 09:02 - 2017-01-06 14:28 - 0000620 ___SH () C:\Users\Rudi\AppData\Local\settingsFL.dat 2013-01-07 08:59 - 2017-01-30 20:43 - 0001906 ___SH () C:\Users\Rudi\AppData\Local\win_fldb_sys.dat 2016-05-11 06:43 - 2017-01-30 20:41 - 0011781 ___SH () C:\Users\Rudi\AppData\Local\win_flfiles_sys.dat 2013-01-07 08:59 - 2017-01-30 20:41 - 0003465 ___SH () C:\Users\Rudi\AppData\Local\win_stlthdb_sys.dat 2014-10-22 19:54 - 2014-10-22 19:56 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{333EDD24-946E-4FFE-BEAA-B16E439B8AEF} 2017-02-21 18:03 - 2017-02-21 18:03 - 0000010 _____ () C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822 2017-02-21 21:30 - 2017-02-21 21:30 - 0000098 _____ () C:\ProgramData\.SF170 2015-12-05 16:48 - 2015-12-05 16:48 - 0004934 _____ () C:\ProgramData\mtbjfghn.xbe 2017-02-06 21:18 - 2012-08-31 14:08 - 0024772 _____ () C:\ProgramData\P1100DEF.css 2017-02-06 21:18 - 2017-02-06 21:18 - 0004174 _____ () C:\ProgramData\P1100OS.HTM 2017-02-06 21:18 - 2012-08-31 14:08 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF 2015-03-02 10:16 - 2017-01-30 20:41 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat Files to move or delete: ==================== C:\ProgramData\win_mpwd_sys.dat Some files in TEMP: ==================== 2017-03-11 17:09 - 2017-03-11 17:09 - 0040448 ____N () C:\Users\Rudi\AppData\Local\Temp\proxy_vole977337317339029466.dll 2017-02-27 07:27 - 2017-02-27 07:27 - 0307200 _____ (Eclipse Foundation) C:\Users\Rudi\AppData\Local\Temp\swt-win32-3347.dll 2015-02-13 23:38 - 2015-02-13 23:38 - 7188536 ____R (Microsoft Corporation) C:\Users\Rudi\AppData\Local\Temp\vcredist_x64.exe 2015-02-13 23:38 - 2015-02-13 23:38 - 6498200 ____R (Microsoft Corporation) C:\Users\Rudi\AppData\Local\Temp\vcredist_x86.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-08 17:30 ==================== End of FRST.txt ============================ --- --- --- |
14.03.2017, 08:50 | #4 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Hier ist das 2. File Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017 Ran by Rudi (14-03-2017 08:19:56) Running from Z:\Aktuelle Downloads Windows 10 Pro Version 1607 (X64) (2016-10-31 04:43:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-595107073-3459872703-1893278198-500 - Administrator - Disabled) => C:\Users\Administrator DefaultAccount (S-1-5-21-595107073-3459872703-1893278198-503 - Limited - Disabled) Guest (S-1-5-21-595107073-3459872703-1893278198-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-595107073-3459872703-1893278198-1003 - Limited - Enabled) postgres (S-1-5-21-595107073-3459872703-1893278198-1005 - Limited - Enabled) Rudi (S-1-5-21-595107073-3459872703-1893278198-1000 - Administrator - Enabled) => C:\Users\Rudi ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 3D Sound Back Beta0.1 (HKLM-x32\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.) 4Videosoft MKV Video Converter 5.0.8 (HKLM-x32\...\{D78503CE-97C0-4751-9DCC-F73222EB571E}_is1) (Version: - ) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) AAA Logo 2014 v4.11 FULL (HKLM-x32\...\AAA Logo 2014_is1) (Version: - SWGSoft) ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC) ACDSee Ultimate 9 (64-bit) (HKLM\...\{97EE2327-B39E-429C-970B-0DB6CBBEC8E1}) (Version: 9.3.0.674 - ACD Systems International Inc.) Acronis True Image (HKLM-x32\...\{6C68FFAD-90B3-4DE1-B64A-3073CFFCCA70}Visible) (Version: 21.0.6116 - Acronis) Acronis True Image (x32 Version: 21.0.6116 - Acronis) Hidden Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated) Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_1) (Version: 10.0.1 - Adobe Systems Incorporated) Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated) Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated) Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated) Adobe Installer 3.9.0.327 (HKLM-x32\...\Adobe Installer 3.9.0.327) (Version: 3.9.0.327 - Adobe Systems Incorporated) Adobe Muse CC 2015 (HKLM-x32\...\MUSE_2015_2_1) (Version: 2015.2.1.21 - Adobe Systems Incorporated) Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated) Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated) Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.) Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR) Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated) Affinity Photo Trial (HKLM\...\{8FD1B683-89C5-4E7D-838A-9AADE52734F5}) (Version: 1.5.1.54 - Serif (Europe) Ltd) AIS Aircard Connection (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - ) Alien Skin Exposure 7 (HKLM\...\Alien Skin Exposure 7) (Version: - Alien Skin) AllDup 3.4.13 (HKLM-x32\...\AllDup_is1) (Version: 3.4.13 - Michael Thummerer Software Design) Amberlight (HKLM\...\Amberlight_is1) (Version: 1.2.1 - Escape Motions, s.r.o) android converter 2 (x32 Version: 2.0.5380.18781 - Engelmann Media GmbH) Hidden android converter 2 Free (HKLM-x32\...\{c41dcb09-3536-484f-b555-4d8a1c8becde}) (Version: 2.0.5380.18832 - Engelmann Media GmbH) ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version: - ) Anti Ransomware 2017 (HKLM-x32\...\AbAppId-82_is1) (Version: 17.04 - Abelssoft) AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 173 - Abelssoft) AntiLogger (HKLM-x32\...\AntiLogger) (Version: - Zemana Ltd.) AntiLogger (x32 Version: 1.9.3.502 - Zemana Ltd.) Hidden AnvSoft Photo Slideshow Maker Platinum 5.53 (HKLM-x32\...\AnvSoft Photo Slideshow Maker Platinum) (Version: 5.53 - AnvSoft, Inc.) AnySend 1.0.18.0 (x64) (HKLM\...\{7203C44E-08F7-471D-8C9B-349A0D17506F}) (Version: 1.0.18.0 - ClickMeIn Limited) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) AquaSoft DiaShow 7 Blue Net (HKLM-x32\...\AquaSoft DiaShow 7 Blue Net) (Version: 7.7.11 - AquaSoft) AquaSoft DiaShow 7 Blue Net (x32 Version: 7.7.11 - AquaSoft) Hidden Artensoft Photo Collage Maker 1.3.74 RePack (HKLM\...\Artensoft Photo Collage Maker_is1) (Version: 1.3.74 - Artensoft) Artensoft Photo Mosaic Wizard (HKLM\...\Artensoft Photo Mosaic Wizard_is1) (Version: 1.6 - Artensoft) Artensoft Tilt Shift Generator (HKLM\...\Artensoft Tilt Shift Generator_is1) (Version: 1.2 - Artensoft) Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.3 - Extensoft) ArtRage Studio Pro (HKLM-x32\...\{FFEFA415-4970-4575-A87B-41123B08B680}) (Version: 3.5.0 - Ambient Design) Ashampoo Burning Studio 18 (HKLM-x32\...\{91B33C97-AF35-C3DC-976E-8A253D817482}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG) Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG) Atomic Alarm Clock 5.91 (HKLM\...\Atomic Alarm Clock_is1) (Version: - Drive Software Company) Aurora 3D Text & Logo Maker version 12.08.31 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 12.08.31 - Aurora3D Software) Ausschneiden 3.0 (HKLM-x32\...\{829CAB57-8D17-49F8-A5B0-302B501FCEC2}) (Version: 7.03.0 - InPixio) Auto FX Free (HKLM\...\{CA3BE898-945B-4E25-AA73-22557338BF4B}) (Version: 3.1.0 - Auto FX Software) Avanquest Message (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.06.0 - Avanquest Software) Avid Studio (HKLM-x32\...\{B35DC076-CEF2-4631-9EF7-45380E27C841}) (Version: 1.0.0.2804 - Avid) Avira Secure Backup 1.0.0 (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup) Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.) Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden BenVista PhotoZoom Pro 6.0.4 (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\PhotoZoom Pro 6) (Version: 6.0.4 - BenVista Ltd.) BenVista PhotoZoom Pro 7.0.2 (HKLM\...\PhotoZoom Pro 7) (Version: 7.0.2 - BenVista Ltd.) Bitcoin Core (64-bit) (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Bitcoin Core (64-bit)) (Version: 0.13.2 - Bitcoin Core project) Blackmagic Fusion (HKLM\...\{8DF42D7E-19AA-4057-80CE-1E667ED39839}) (Version: 8.2 - Blackmagic Design) BusinessCards MX (HKLM-x32\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.93 - MOJOSOFT) calibre (HKLM-x32\...\{FDE8FDFF-7B95-4235-BB3F-AE63397864C9}) (Version: 0.8.46 - Kovid Goyal) Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation) Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - ) Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.7.0.56 - Canon Inc.) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Capture One 10.0 (HKLM\...\CaptureOne10_is1) (Version: 10.0.0.225 - Phase One A/S) CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform) Chief Architect Interiors X5 Trial Version (HKLM-x32\...\{386D72CE-8916-4364-83B3-382039106DA3}) (Version: 15.2.1.0 - Chief Architect) Cisco WebEx Meetings (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\ActiveTouchMeetingClient) (Version: - Cisco WebEx LLC) Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix) Color Cone 1.1 (HKLM\...\{9206FF92-3C83-4808-ADE7-0B3FDE55FF04}_is1) (Version: 1.1 - Picture Instruments) Color Efex Pro 3.0 Standard (HKLM-x32\...\Color Efex Pro 3.0 Stand-Alone Standard) (Version: 3.1.0.9 - Nik Software, Inc.) Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.) COLOR projects professional (64-Bit) (HKLM\...\COLOR_PROJECTS_1_3_C935FDA1_is1) (Version: 1.13 - Franzis Verlag GmbH) Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.5.0.10 - concept/design GmbH) ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper) Coolmuster Android Assistant (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Coolmuster Android Assistant) (Version: 1.9.72 - Coolmuster) Corel Graphics - Windows Shell Extension (HKLM\...\_{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.0.448 - Corel Corporation) CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation) Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited) Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited) Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.0 - Avid Technology, Inc.) Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited) Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - ) Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited) Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited) CutOut 5.0 professional (HKLM\...\CutOut 5 professional_is1) (Version: 5.0 - Franzis.de) CyberLink PhotoDirector 6 (HKLM-x32\...\{6B684CDB-7255-4e46-9AB1-1D2F2D5540B3}) (Version: 6.0.7307.0 - CyberLink Corp.) CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.) DATA BECKER CD-DVD Druckerei 7 (HKLM-x32\...\CD-DVD Druckerei 7_is1) (Version: 7.50.0.30 - DATA BECKER GmbH & Co. KG) DENOISE projects professional (64-Bit) (HKLM\...\DENOISE_PROJECTS_1_3_FBC348A0_is1) (Version: 1.17 - Franzis Verlag GmbH) DesignPro 5 (x32 Version: 5.0.1056 - Avery Dennison) Hidden Dfine 2.0 (HKLM-x32\...\Dfine 2.0) (Version: 2.002 - Nik Software, Inc.) DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC) D-Link Wireless G DWA-110 (HKLM-x32\...\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}) (Version: - D-Link) Driver Magician 4.9 (HKLM-x32\...\Driver Magician_is1) (Version: - GoldSolution Software, Inc.) Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.) Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH) DxO OpticsPro 11.0.0.11397 (HKLM-x32\...\DxO OpticsPro 11.0.0.11397) (Version: 11.0.0.11397 - dxo) DxO ViewPoint 2 (HKLM\...\{5602DC38-848F-42BD-B764-4BE48E9E7623}) (Version: 2.1.39.0 - DxO Labs) Etiketten DruckStudio (HKLM-x32\...\{7638B473-70B0-4A08-8B98-A3E5BDDBDDB3}_is1) (Version: - ) Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology) Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden Extensis Suitcase Fusion 6 (HKLM-x32\...\{A93F43E0-9811-48FA-91C7-58FA3069961C}) (Version: 17.0.0 - 2014 Celartem, Inc. d.b.a Extensis All rights reserved) Eye4 1.3.0.85 (HKLM-x32\...\{DE24BB52-3A46-4ED1-8E57-41E724F6BC74}_is1) (Version: - Shenzhen VStarcam Technology Co., Ltd) FaxMail for Windows (HKLM-x32\...\FaxMail for Windows) (Version: - ElectraSoft) ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - ) FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse) Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant) Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden FinePrint (HKLM\...\FinePrint) (Version: - ) FixFoto 3.00 (HKLM-x32\...\FixFoto_is1) (Version: - Joachim Koopmann Software) Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd) FOCUS projects 3 professional (64-Bit) (HKLM\...\FOCUS_PROJECTS_3_3_EDC5B478_is1) (Version: 3.25 - Franzis Verlag GmbH) FOCUS projects professional (64-Bit) (HKLM\...\FOCUS_PROJECTS_1_3_EDC5B478_is1) (Version: 1.15 - Franzis Verlag GmbH) FontExpert 2014 Font Manager (HKLM-x32\...\FontExpert 2014) (Version: 12.0.0.2 - Proxima Software) FotoBeschriften 5.3.5.435 (HKLM-x32\...\FotoBeschriften_is1) (Version: 5.3.5.435 - SpeedySoft) FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: FRANZIS onlineTV 8 - FRANZIS Verlag GmbH) Free Monitor for Google 2.5 (HKLM-x32\...\Free Monitor for Google_is1) (Version: - CleverStat) Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation) freenet Cloud (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\freenet Cloud) (Version: 1.00.00.81 - freenet cloud) GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version: - Friedemann Schmidt) Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation) Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden Gmail Notifier Pro (HKLM-x32\...\{E0A41B1B-8D69-40C5-BAEA-1ADC11281E89}) (Version: 4.6.2.0 - IntelliBreeze Software) GnuCash 2.4.11 (HKLM-x32\...\GnuCash_is1) (Version: - GnuCash Development Team) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline) GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft) Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home) Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home) Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.8.11 - Hamster Soft) Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version: - ) Hetman FAT Recovery 2.1 (HKLM-x32\...\Hetman FAT Recovery) (Version: - ) Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.0 - Avid Technology, Inc.) HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - ) HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP) HP Support Solutions Framework (HKLM-x32\...\{3A1CB1B8-8646-41A0-B496-35DC48916904}) (Version: 12.4.18.7 - HP) hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.) Human Anatomy Atlas 3.0.1 (HKLM-x32\...\Human Anatomy Atlas 3.0.1) (Version: - ) Image Trends' ShineOff Plug-In 1.0.2 (HKLM-x32\...\{022B0C16-18C9-464A-8BC6-2B2CC6342E5F}) (Version: 1.0.2 - Image Trends, Inc. ) Imagenomic Portraiture 2 Plug-in (build 2342) (HKLM\...\ImagenomicPortraiturePlugin) (Version: - ) Imagenomic Professional Plugin Suite (build 1409) (HKLM\...\ImagenomicNoisewarePlugin) (Version: - ) IMatch 3.6 (HKLM-x32\...\{7AD57513-275F-458A-B1ED-C38049C318D2}) (Version: 3.36.50 - photools.com) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!) INCENDIA EX VI (HKLM\...\12031B46-075F-4028-A7B6-CA6218BB65E2_is1) (Version: - Incendia.Net) Incomedia WebSite X5 v12 - Evolution (HKLM-x32\...\{B7B23A06-AD7B-4ADE-809C-E8E34676EE13}_is1) (Version: 12.0.9.30 - Incomedia s.r.l.) Incomedia WebSite X5 v12 - Professional (HKLM-x32\...\{042C2A1D-2A0B-46E0-BAA1-60D62E33DB23}_is1) (Version: 12.0.5.22 - Incomedia s.r.l.) InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.1 - Avanquest Software) Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation) Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.14 - Intel(R) Corporation) Hidden Internet Download Manager installer 6, 25, 25, 1 (HKLM-x32\...\Internet Download Manager installer 6, 25, 25, 1) (Version: 6, 25, 25, 1 - Tonec Inc.) IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan) Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation) K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - ) Kosmos Himmelsjahr 2017 (HKLM-x32\...\{0DDB261B-5B1A-45E2-81E5-31F0ADF506C3}) (Version: 1.0 - ) KronosFaktura 8.04 (HKLM-x32\...\KronosFaktura_is1) (Version: - Kro4Pro) L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version: - ) L&H TTS3000 Español (HKLM-x32\...\LHTTSSPE) (Version: - ) L&H TTS3000 Français (HKLM-x32\...\LHTTSFRF) (Version: - ) L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version: - ) LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version: - LastPass) Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version: - ) Livebrush Mini (HKLM-x32\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou) Livebrush Mini (x32 Version: 1.5 - MoreMeYou) Hidden Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logo Design Studio Pro (HKLM-x32\...\Logo Design Studio Pro 1.7.3) (Version: 1.7.3 - Summitsoft) Logo Design Studio Pro (x32 Version: 1.7.3 - Summitsoft) Hidden Logosmartz Logo Maker Software 10.0 (HKLM-x32\...\Logosmartz Logo Maker Software 10.0) (Version: - ) Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - ) MAGIX Fotos auf DVD 2013 Deluxe (HKLM-x32\...\MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}) (Version: 12.0.0.75 - MAGIX AG) MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.0.75 - MAGIX AG) Hidden MAGIX Fotostory easy (HKLM-x32\...\MX.{22455877-9905-429B-819A-57829CE55FDB}) (Version: 2.0.0.35 - MAGIX Software GmbH) MAGIX Fotostory easy (Version: 2.0.0.35 - MAGIX Software GmbH) Hidden MAGIX Movie Edit Pro 2013 (HKLM-x32\...\MAGIX_{895F56BC-FA27-4E59-B53D-E29A4B59F195}) (Version: 12.0.0.32 - MAGIX AG) MAGIX Movie Edit Pro 2013 (Version: 12.0.0.32 - MAGIX AG) Hidden MAGIX Video Pro X (HKLM\...\MX.{26CA1516-0839-4485-A111-0FD3E789E43D}) (Version: 15.0.0.56 - MAGIX Software GmbH) MAGIX Video Pro X (Version: 15.0.0.56 - MAGIX Software GmbH) Hidden MAGIX Video Pro X Update (Version: 15.0.2.72 - MAGIX Software GmbH) Hidden Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Media Pro (HKLM-x32\...\{62F10A97-EBA2-461F-9BFE-0BAFC16E501A}) (Version: 1.4.5044.0 - Phase One) Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Camera Codec Pack (HKLM\...\{3FF70821-58E6-44DA-B512-095F547F3F18}) (Version: 16.4.1734.1104 - Microsoft Corporation) Microsoft Expression Blend 3 SDK (HKLM-x32\...\{B006B9E9-41DD-4479-9177-3743A53B7735}) (Version: 1.0.1343.0 - Microsoft Corporation) Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{0536BCDF-7EF6-48F6-8765-A3C065A065A5}) (Version: 2.0.20621.0 - Microsoft Corporation) Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}) (Version: 2.0.20621.0 - Microsoft Corporation) Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation) Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20705.0) (Version: 4.0.20705.0 - Microsoft Corporation) Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation) Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version: - Microsoft Corporation) Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft) Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Language Pack 2010 - Spanish/Español (HKLM-x32\...\Office14.OMUI.es-es) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Language Pack 2010 - Thai/ไทย (HKLM-x32\...\Office14.OMUI.th-th) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation) Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation) Microsoft Silverlight 4 SDK (HKLM-x32\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation) Microsoft SQL Server 2012 PowerPivot for Excel 32-bit (HKLM-x32\...\{4CFC749F-E178-42C7-8095-796C5814C9C3}) (Version: 11.1.3129.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation) Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.) Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft) MonitorTest V3.2 (HKLM-x32\...\MonitorTest_is1) (Version: 3.2 - PassMark Software) MoodTuner (HKLM-x32\...\com.gugga.radiomini) (Version: 1.1 - GUGA EOOD) MoodTuner (x32 Version: 1.1 - GUGA EOOD) Hidden Mozilla Firefox 51.0.1 (x64 de) (HKLM\...\Mozilla Firefox 51.0.1 (x64 de)) (Version: 51.0.1 - Mozilla) MPEG Video Wizard DVD 5.0.1.111 (12/2014) (HKLM-x32\...\{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.1.111 - Womble Multimedia, Inc.) MPEG Video Wizard DVD 5.0.1.111 (12/2014) (HKLM-x32\...\Mpeg Video Wizard DVD 5.0) (Version: 5.0.1.111 (12/2014) - Womble Multimedia, Inc.) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MyFreeCodec (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\MyFreeCodec) (Version: - ) Neat Image v7.6.0 Pro plug-in for Photoshop (32-bit) (HKLM-x32\...\Neat Image plug-in for Photoshop (32-bit)_is1) (Version: - Neat Image team, ABSoft) Neat Image v7.6.0 Pro plug-in for Photoshop (64-bit) (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version: - Neat Image team, ABSoft) Neat Video for Premiere (HKLM\...\Neat Video for Premiere_is1) (Version: 3.5 - ABSoft) Network Recording Player (HKLM-x32\...\{BBD46C1C-CB49-4BE8-8306-E6F1607E93C6}) (Version: 31.7.2.15 - Cisco WebEx LLC) Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden Nuke 10.0v5 (HKLM\...\Nuke 10.0v5_is1) (Version: - The Foundry) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation) NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation) NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) ON1 Effects Free 10 (HKLM\...\ON1 Effects Free 10) (Version: 10.1.0 - ON1) ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.5.1 - ON1) Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation) Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation) OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1012 - Passmark Software) Panda Antivirus Pro 2016 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security) Panda Antivirus Pro 2016 (Version: 8.21.00 - Panda Security) Hidden Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security) Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden Paragon Backup and Recovery™ 16 (HKLM\...\{DADAA9CF-36B6-11E6-B0B5-005056C00008}) (Version: 10.28.101 - Paragon Software) Paragon Partition Manager™ 15 Professional -nSane- (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software) Pavtube HD Video Converter Ver 4.6.0.5344 (HKLM-x32\...\{3021E0C8-0021-4EA3-A8EC-7B87944A0B05}_is1) (Version: - ) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) PC-Bibliothek (HKLM-x32\...\PC-Bibliothek) (Version: - ) PD Particles (HKLM-x32\...\ST5UNST #1) (Version: - ) Perfect Portrait 2.0.1 (HKLM-x32\...\{22E1139E-1D55-4988-8F3C-23BB22F3D62D}) (Version: 2.0.1 - onOne Software) Photo Calendar Studio (HKLM-x32\...\Photo Calendar Studio_is1) (Version: 1.18 - MOJOSOFT) Photo Frame Studio (HKLM-x32\...\Photo Frame Studio_is1) (Version: 2.96 - MOJOSOFT) Photo Ninja version 1.2.1 (HKLM-x32\...\{A7529D5D-2F7E-4AFC-B279-9CFE153474B8}_is1) (Version: 1.2.1 - PictureCode LLC) Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation) Photomizer 3 (HKLM-x32\...\{94d8e633-0bdb-496d-aba3-00d9742577f1}) (Version: 3.0.5949.26767 - Engelmann Media GmbH) Photomizer 3 (Version: 3.0.5949.26652 - Engelmann Media GmbH) Hidden Photomizer Pro (HKLM-x32\...\{41B5224D-6857-4D8B-0001-C8949A33B608}) (Version: 2.0.14.110 - Engelmann Media GmbH) Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH) PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 3.28 - NCH Software) PhraseExpress (HKLM-x32\...\{EC86A48F-B71C-4004-9531-674F07C86541}) (Version: 9.1.36 - Bartels Media GmbH) Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd) Portrait Professional Studi installer 10.9.5 (HKLM-x32\...\Portrait Professional Studi installer 10.9.5) (Version: 10.9.5 - Portrait Professional Studi) Portrait Professional Studio 10.9 (HKLM-x32\...\Portrait Professional Studio 10 (Version: 10.9 - ) PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.0 - Avid Technology, Inc.) Proxy Rental (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\{75287708-9D20-4CD7-B5FE-FCC7D5F0AF07}_is1) (Version: 5.8.40 - Allied Way International Holdings Limited) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.) Recover My Files (HKLM-x32\...\Recover My Files_is1) (Version: 4.9.4.1343 - GetData Pty Ltd) Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform) Rename Master (HKLM-x32\...\Rename Master_is1) (Version: - ) Revo Uninstaller Pro 3.0.8 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.0.8 - VS Revo Group, Ltd.) RGS Fotokalender 1.4.1 (HKLM-x32\...\{A5CA920A-0620-4937-89CA-02C51C841EB5}_is1) (Version: - RoGaSoft) RonyaSoft Poster Designer (Poster Forge) 2.02 (HKLM-x32\...\RonyaSoft Poster Designer (Poster Forge)) (Version: 2.02 - RonyaSoft) RonyaSoft Poster Printer (ProPoster) 3.01 (HKLM-x32\...\RonyaSoft Poster Printer (ProPoster)) (Version: 3.01 - RonyaSoft) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.) ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.0 - Avid Technology, Inc.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-041E-0000-0000000FF1CE}_Office14.OMUI.th-th_{C3CE6665-BB17-4BC4-A332-7FDBDDDAA0E4}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{18B9CFE9-6DD6-4C09-8146-F443DBBD62CF}) (Version: - Microsoft) Setup Application 3.9.0.17 (HKLM-x32\...\Setup Application 3.9.0.17) (Version: 3.9.0.17 - Tweaking.com) SharewareOnSale Notifier (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale) Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0) (Version: 3.0.0.1 - Nik Software, Inc.) SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden Silver Efex Pro (HKLM-x32\...\Silver Efex Pro) (Version: 1.001 - Nik Software, Inc.) Simply Good Pictures 4 Free (HKLM-x32\...\{41beccfc-71a7-4aba-8a48-3329bb75b549}) (Version: 4.0.5956.22106 - Engelmann Media GmbH) Simply Good Pictures 4 Free (Version: 4.0.5956.22030 - Engelmann Media GmbH) Hidden SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc) SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden Snagit 12 (HKLM-x32\...\{8f4df1fe-49bb-4295-99d2-0e29ad8f99c6}) (Version: 12.2.0.1656 - TechSmith Corporation) Snagit 12 (x32 Version: 12.2.0 - TechSmith Corporation) Hidden SNS-HDR Home v1.4.22 (HKLM\...\SNS-HDR Home_is1) (Version: - Sebastian Nibisz) SNS-HDR Pro 2.0 Alpha 3 (HKLM\...\snshdrpro2_is1) (Version: - Sebastian Nibisz) SNS-HDR Pro v1.x.1 (HKLM\...\test_is1) (Version: - Sebastian Nibisz) Softwarenetz Haushaltsbuch6 (HKLM-x32\...\Haushaltsbuch6) (Version: - Softwarenetz) Sound Blaster 5.1 VX (HKLM-x32\...\{BBCC4C9A-14C9-4EE4-9099-DB2C7316666B}) (Version: 1.0 - Creative Technology Limited) Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform) Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - ) StartupStar (HKLM-x32\...\{C8A6121E-BE35-418D-91EF-A9536DA70B36}_is1) (Version: 7.02 - Abelssoft) Steganos Safe 17 (HKLM-x32\...\{F5545FAD-705B-4252-B7DD-E437044A15E1}) (Version: 17.1.2 - Steganos Software GmbH) SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (HKLM-x32\...\{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1) (Version: +Recorder.2013.55 - eRightSoft) SUPER © v2016.Build.69+3D+Recorder (2016/04/02) Version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft) Super Unit Converter 1.2.1 (HKLM-x32\...\{37FA7D0E-01A0-4C75-B41B-521D635B5977}_is1) (Version: - zxt2007.com) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Themler (HKLM-x32\...\Themler) (Version: 1.0 - Themler) TimOnize deinstalieren (HKLM-x32\...\Timo10-u) (Version: - ) Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.0 - Avid Technology, Inc.) TKexe (HKLM-x32\...\Kalender) (Version: - ) TKexe designer 64 Bit (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\20fa2c0f7916925a) (Version: 2.0.1.31 - TKexe Printservice) Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC) Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC) Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs) Topaz Clean 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.3.0 - Topaz Labs, LLC) Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.0.1 - Topaz Labs) Topaz Fusion Express 2 (64-bit) (Version: 2.0.1 - Topaz Labs) Hidden Topaz Fusion Express 2 (x32 Version: 2.0.1 - Topaz Labs) Hidden Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.1.0 - Topaz Labs) Topaz ReMask 3 (64-bit) (Version: 3.1.0 - Topaz Labs) Hidden Topaz ReMask 3 (x32 Version: 3.1.0 - Topaz Labs) Hidden Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC) Topaz Star Effects (64-bit) (HKLM-x32\...\Topaz Star Effects (64-bit)) (Version: 1.1.0 - Topaz Labs) Topaz Texture Effects 2 (HKLM-x32\...\Topaz Texture Effects 2) (Version: 2.0.0 - Topaz Labs, LLC) Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH) Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version: - EffectMatrix Inc.) TreeSize Professional V6.0.3 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.0.3 - JAM Software) TVPaint Animation 10.0 Professional Edition (32bits) (DEMO) (remove only) (HKLM-x32\...\TVP Animation 10 Pro DEMO) (Version: - ) Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.17 - Tweaking.com) TwistedBrush Pro Studio (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\TwistedBrush Pro Studio) (Version: - ) Typograf 5.1f (HKLM-x32\...\Typograf) (Version: 5.1f - Neuber Software) UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.00.1029 - IDM Computer Solutions, Inc.) UltraEdit (x32 Version: 18.00.1029 - IDM Computer Solutions, Inc.) Hidden Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX) Video Player 2.0.0.2 (HKLM-x32\...\Video Player_is1) (Version: - *) <==== ATTENTION Videomizer 2 (HKLM-x32\...\{B84CB121-58A9-4D5E-0001-805171E318F3}) (Version: 2.0.16.504 - Engelmann Media GmbH) Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation) Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation) Viveza (HKLM-x32\...\Viveza) (Version: 1.003 - Nik Software, Inc.) VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN) VSO Downloader 4.2.6.2 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.2.6.2 - VSO Software) VSO EVE Network Driver version 1.0.0.27 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software) Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.) Webacappella Responsive Business (HKLM-x32\...\{597C60B4-1D6F-45E9-A689-3C643CF96069}) (Version: 1.3.27.0 - Intuisphere) WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.) WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.) WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.) WIA-Loader 1.9.0.0 (HKLM-x32\...\WIA-Loader_is1) (Version: - Patrick Mortara) Windows 7 Codec Pack 3.4.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 3.4.0 - Windows 7 Codec Pack) Windows Driver Package - Wacom (WacHidRouter) HIDClass (08/19/2015 3.5.0.2) (HKLM\...\A08DEEC507912E009BF95801DC212677B966E495) (Version: 08/19/2015 3.5.0.2 - Wacom) Windows Driver Package - Wacom Technology (wacomrouterfilter) Mouse (08/19/2015 3.5.0.2) (HKLM\...\72C6F31798DC21C8B45A51ED47FDFA57B1B4C2A6) (Version: 08/19/2015 3.5.0.2 - Wacom Technology) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) Windows-Treiberpaket - Leaf Imaging Ltd. Image (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.) Windows-Treiberpaket - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya) Windows-Treiberpaket - Phase One A/S (WinUSB) USBDevice (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) Winpower (HKLM-x32\...\Winpower) (Version: 3.6.0.3 - ) WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH) WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation) Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org) Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - ) Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.118 - Zemana Ltd.) Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.9 - ZONER software) ZXPInstaller (HKLM-x32\...\ZXPInstaller) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{0186DEAF-61CE-89A3-F13A-FE346B9F3242}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{05E88098-3750-457A-AC42-1B019F9E3FE8}\InprocServer32 -> D:\Program Files\Xara\Xara Designer Pro X11\Filters\DEU\HDPImport.dll () CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom) CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7362073574F1}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.) CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{B1275BA0-C082-CF35-7F95-2950AA42B34B}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> D:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll () CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {01B9C55F-BE95-4C99-8804-433ECCE958A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe Task: {04632EDD-F88A-4876-87C0-64FC6925C254} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe Task: {07BD94FF-F606-4D2C-82ED-0C505BA230ED} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {099194F8-1343-4D47-A417-92C6269042B2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe Task: {0A02C041-AC86-4B69-BF0A-4F5491C112A0} - System32\Tasks\{9E502815-3FB8-422D-934C-BEAC4F7F61A3} => pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall Task: {0DE91209-C07D-4950-8A11-39CA6D1FAD3D} - \{B46C2F41-635B-45EF-8DA9-315783A65493} -> No File <==== ATTENTION Task: {1B254972-BB56-49E7-A998-028EDB5F11CC} - \{2FA392C3-F18D-4786-9204-E291CD6EC365} -> No File <==== ATTENTION Task: {1D8416DA-0E23-4EDF-9577-6F5268B300DA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe Task: {1FF4C0F6-4909-43CB-B6DF-F402FE13823B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe Task: {273924A0-4C1E-4ACB-A835-8CC7CC622938} - \{2AFE2AE5-C836-47D9-815D-C94B64AB036B} -> No File <==== ATTENTION Task: {28EB2A70-8575-4A06-94BB-C33657777EE3} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e163edbcf89 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.) Task: {2BC6FD32-2761-40F6-8ACE-1B81642EC868} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Task: {2CC6C41B-9C90-476D-BEB3-870D68E7E128} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {2EB1BCF9-A0D8-4CF9-B4D3-E2CEE7E781AB} - \{27ACFFA3-A528-42D7-9993-4D7BA7F8289D} -> No File <==== ATTENTION Task: {33430D3C-9BAE-42A6-9BED-D99B22974BCC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {345BCEB3-F0CE-4D18-9C94-693CD6AB015B} - \{35618E89-5502-4200-A129-85A1A80A8896} -> No File <==== ATTENTION Task: {38215234-A313-48E7-9FC0-E65CD6CFCB20} - System32\Tasks\waygyehb => C:\Users\Rudi\waygyehb\meevl.exe [2016-10-09] (AutoIt Team) Task: {3F8D7688-A040-4BC0-BCF0-4EC95DEC4245} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard) Task: {42E3C262-0E8A-4CB5-95C4-E175EDC3C48A} - \{740791FB-2D36-47A8-B120-94BBFB93EA79} -> No File <==== ATTENTION Task: {476E7DF0-F93D-47BA-AD82-6411B283976D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe Task: {497937FF-D6A3-44E8-A158-840514DDB167} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe Task: {4AB9730C-C7FD-4EA5-AB62-05F486A8DE18} - \AutoPico Daily Restart -> No File <==== ATTENTION Task: {4F08BBEE-78FC-45BD-990D-DB64E90F721C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION Task: {5A9692BE-D138-43DD-A4D4-C95DF686FC7D} - \{02875574-2A0D-4655-8292-6FE33F678028} -> No File <==== ATTENTION Task: {5EDEAED5-7762-4CE8-AFAE-19974B6906AC} - \{FEF9E990-CDC7-4608-9449-A62A81C61278} -> No File <==== ATTENTION Task: {6A36C4A3-FDF7-426E-A095-B5BFA75766E5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe Task: {6B0F9117-9960-49C4-AF3B-B3DC35A41504} - \AnySendUpdate -> No File <==== ATTENTION Task: {6C4AC4B4-696B-441D-A2B9-94B543742014} - \{1305724E-31B3-43E0-AEFD-498F4F4393F8} -> No File <==== ATTENTION Task: {6F56472D-5812-4404-A27E-D1A9AFBEBDCA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-26] (Dropbox, Inc.) Task: {86A4ACD0-2264-4E1F-AC21-39DA46145AC2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe Task: {879FC82A-46AF-4CD9-BB4D-5269B49CBF38} - \{9583FF67-63D5-420A-B3D5-9B61836A7A5E} -> No File <==== ATTENTION Task: {8BC1E41B-4A1D-4F18-BCD8-2E21A340FE01} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe Task: {901F23E8-55F1-4F9C-8A45-EBFEE659EF67} - \AdobeAAMUpdater-1.0-Rudi-PC-Rudi -> No File <==== ATTENTION Task: {922FDBE2-22A0-4935-A5D4-4CE4169DD074} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe Task: {926BF885-444B-4DAA-997F-0CC7FC57476B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe Task: {9794AE7B-C958-4600-9C08-5C2B8E4E058E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe Task: {98593EC2-F06E-4B56-BF30-DE8EF69236D3} - \{1040CF9C-0062-40A4-AF45-B096E3C2974E} -> No File <==== ATTENTION Task: {9A72A093-B729-4F29-BCE5-EAA166CA4ABA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {A2782706-C1BF-4ABB-8C7F-A9518699BCF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard) Task: {A402EDE3-604B-4508-BD20-D8EC21771475} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe Task: {AAFCD6AD-6B1B-44DD-A1F4-E7D6D9020AD1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe Task: {AB1BCC63-E290-4A7A-A430-681FF4C8AE87} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation) Task: {AD1CAB19-40B6-4FF5-B388-AFDE38B053BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000 => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-12-14] (Citrix Online, a division of Citrix Systems, Inc.) Task: {B012D145-E06D-4FE1-A69B-469C0EA72B75} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {B41D848D-6628-4088-BEAE-A283CB2DCCC3} - \Baidu PC Faster Update -> No File <==== ATTENTION Task: {C547956D-27FA-4D62-8252-0B6000A29F1A} - \Ashampoo Privacy Protector Weekly Security Scan -> No File <==== ATTENTION Task: {CB4C58A5-CA6D-4385-BD06-59DB8E742E3E} - \{78BD3CA8-F7D2-4CAF-A931-B4643241F98A} -> No File <==== ATTENTION Task: {CC8B37F2-6EA5-4C5F-B8BE-FD9FD51F399F} - \AnySendUpdateLogin -> No File <==== ATTENTION Task: {D1BA245F-C0AD-4A2D-A418-DA5E78912884} - System32\Tasks\Driver Booster SkipUAC (Rudi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {D24F4EDC-DEDD-4800-96A8-FF934264E3AC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe Task: {D5A1BDA8-9D24-49C2-9011-DD245FFF4879} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION Task: {D5AC7BAC-E97D-4645-91E7-9C204EF7DB99} - \{FD2D9535-4683-4F99-BB10-97FA6368465F} -> No File <==== ATTENTION Task: {DBC58B05-7E40-4FBE-8710-14F23AF64C8B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {DEF4C4D7-B73B-4A9B-83B1-14796FBEF0D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {E2178E6E-4377-4D65-8EFA-6349A2468340} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe Task: {E2C140E7-3D1C-4872-AFED-370975FAAAC1} - System32\Tasks\Abelssoft\Anti Ransomware => D:\Program Files (x86)\AntiRansomware\AbLauncher.exe [2016-11-09] () Task: {E57A4F62-3A95-4312-8F44-412990D1BBAC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {EE5F6DD7-B83B-4816-881D-5B8CB8F1B53A} - System32\Tasks\qlgdobk => C:\Users\Rudi\qlgdobk\hgls.exe Task: {EFB5A742-B99C-433A-B34E-E882A42126CF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe Task: {F5D354CE-DB91-41E5-AB64-9E92F21C5ACB} - System32\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000 => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-12-14] (Citrix Online, a division of Citrix Systems, Inc.) Task: {FC8A9233-6163-4B2F-82C3-B385EF05AB4A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe Task: {FE6223FD-CCF7-4E57-9B15-F1E35ACAC39E} - \AutoKMS -> No File <==== ATTENTION Task: {FF2FC822-71D1-4F65-BE61-0DF6C493D264} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation) Task: {FF57077F-353D-4388-B666-F91D1529B531} - \StartupStar Firewall -> No File <==== ATTENTION Task: {FF6EA1BB-D0FF-4CF7-89D3-3EDB8E25F940} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-29] (Piriform Ltd) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000.job => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000.job => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\StartupStar Firewall.job => D:\Program Files (x86)\StartupStar\StartupStar.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Rudi\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm Shortcut: C:\Users\Rudi\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm Shortcut: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10-Sekunden-Haushaltsbuch\Homepage.lnk -> hxxp: ShortcutWithArgument: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Copay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=cnidaodnidkbaplmghlelgikaiejfhja ShortcutWithArgument: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\FLV Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=dhogabmliblgpadclikpkjfnnipeebjm ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-18 08:33 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-10-31 11:23 - 2016-11-14 18:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2016-11-23 21:03 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL 2013-03-14 10:53 - 2008-06-04 13:53 - 00027648 _____ () C:\WINDOWS\System32\spd__l.dll 2006-12-09 04:55 - 2006-12-09 04:55 - 00022016 _____ () C:\WINDOWS\System32\sugg1l6.dll 2016-11-23 21:01 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL 2013-01-31 19:38 - 2011-10-25 13:26 - 02062336 _____ () D:\Program Files\Atomic Alarm Clock\timeserv.exe 2015-07-13 18:09 - 2015-07-13 18:09 - 08148480 _____ () C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe 2016-12-18 08:33 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2017-01-12 14:07 - 2017-01-12 14:07 - 05654128 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll 2015-11-18 21:33 - 2015-11-18 21:33 - 01598464 _____ () D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll 2016-08-23 20:05 - 2016-08-23 20:05 - 00052400 _____ () D:\Program Files\FileZilla FTP Client\fzshellext_64.dll 2013-01-31 19:38 - 2011-10-20 17:40 - 00647168 _____ () D:\Program Files\Atomic Alarm Clock\Clock.dll 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-07-15 11:44 - 2010-07-15 11:44 - 00020032 _____ () D:\Program Files\Utility\Unlocker\UnlockerCOM.dll 2012-03-13 18:00 - 2012-03-13 18:00 - 00111104 _____ () D:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll 2013-09-06 09:30 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll 2016-11-03 16:48 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2017-01-11 16:34 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2017-01-11 16:34 - 2016-12-21 14:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll 2017-01-11 16:34 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2017-01-11 16:34 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2017-01-11 16:34 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2017-01-11 16:34 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2017-01-11 16:34 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2013-01-31 19:38 - 2011-10-25 15:21 - 04287488 _____ () D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe 2017-03-10 10:50 - 2016-11-09 10:04 - 03860504 _____ () C:\ProgramData\Abelssoft\AntiRansomware\Program\AntiRansomware.exe 2016-12-21 14:13 - 2016-12-21 14:13 - 07013704 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe 2016-11-17 08:33 - 2016-11-17 08:33 - 01079808 ____X () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.7.0_x64__8ptj331gd3tyt\Sqlite.dll 2017-02-23 07:19 - 2017-02-23 07:21 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 2017-02-23 07:19 - 2017-02-23 07:21 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll 2017-02-23 07:19 - 2017-02-23 07:21 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll 2017-02-23 07:19 - 2017-02-23 07:21 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2017-02-23 07:19 - 2017-02-23 07:21 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll 2017-02-23 07:19 - 2017-02-23 07:21 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll 2017-02-23 07:19 - 2017-02-23 07:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll 2017-03-14 07:27 - 2017-03-14 07:27 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe 2017-03-14 07:27 - 2017-03-14 07:27 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2017-03-14 07:27 - 2017-03-14 07:27 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll 2017-03-14 07:27 - 2017-03-14 07:27 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll 2017-01-18 18:42 - 2017-01-18 18:42 - 03629008 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll 2017-01-18 18:41 - 2017-01-18 18:41 - 01312888 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll 2016-08-29 20:16 - 2016-08-29 20:16 - 00685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll 2017-01-18 18:40 - 2017-01-18 18:40 - 20956944 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll 2017-01-18 18:02 - 2017-01-18 18:02 - 00396208 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll 2016-08-15 10:28 - 2016-08-15 10:28 - 00129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll 2016-12-21 14:01 - 2016-12-21 14:01 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll 2016-12-20 19:31 - 2016-12-20 19:31 - 00034736 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll 2016-11-23 13:41 - 2016-11-23 13:41 - 00160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll 2015-12-16 00:17 - 2015-12-16 00:17 - 00618544 _____ () D:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll 2015-09-21 20:11 - 2015-09-21 20:11 - 00284672 _____ () C:\Program Files (x86)\Themler\bin\apache\bin\pcre.dll 2015-07-13 18:09 - 2015-07-13 18:09 - 00166912 _____ () C:\Program Files (x86)\Themler\bin\apache\bin\libssh2.dll 2014-10-16 09:54 - 2014-10-16 09:54 - 01007616 _____ () D:\Program Files (x86)\Extensis Suitcase Fusion\libxml2.2.6.24.dll 2014-10-16 09:54 - 2014-10-16 09:54 - 00901120 _____ () D:\Program Files (x86)\Extensis Suitcase Fusion\iconv-1.9.2.dll 2014-10-16 09:54 - 2014-10-16 09:54 - 00007168 _____ () D:\Program Files (x86)\Extensis Suitcase Fusion\libcharset.dll 2016-08-23 20:05 - 2016-08-23 20:05 - 00048304 _____ () D:\Program Files\FileZilla FTP Client\fzshellext.dll 2013-04-15 13:09 - 2013-04-15 13:09 - 00500224 _____ () D:\Program Files (x86)\PhraseExpress\pexlang.dll 2016-08-29 22:57 - 2016-08-29 22:57 - 00444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2016-08-29 20:16 - 2016-08-29 20:16 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll 2017-02-07 13:41 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-07 13:41 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll 2017-02-15 10:08 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Windows:nlsPreferences [514] AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [456] AlternateDataStreams: C:\ProgramData\TEMP:A303874F [294] AlternateDataStreams: C:\ProgramData\TEMP:A5B56640 [193] AlternateDataStreams: C:\ProgramData\TEMP:B102485A [126] AlternateDataStreams: C:\Users\Rudi\Cookies:zuMnBzX7YO6d07i2AKh7kQHc0V [2368] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\facebook.com -> hxxps://staticxx.facebook.com IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\facebook.net -> hxxps://connect.facebook.net IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\fbcdn.net -> hxxps://static.xx.fbcdn.net IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\google-analytics.com -> hxxps://www.google-analytics.com IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\paragon-software.com -> hxxps://bo4-fe.paragon-software.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2016-12-27 18:25 - 2017-03-04 16:10 - 00002908 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-595107073-3459872703-1893278198-1000\Control Panel\Desktop\\Wallpaper -> c:\users\rudi\appdata\local\microsoft\windows\themes\transcodedwallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is disabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.12.0 => 2 MSCONFIG\Services: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 => 2 MSCONFIG\Services: AcrSch2Svc => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AeLookupSvc => 3 MSCONFIG\Services: afcdpsrv => 2 MSCONFIG\Services: AGSService => 2 MSCONFIG\Services: ALG => 3 MSCONFIG\Services: AnySendService => 2 MSCONFIG\Services: CLHNServiceForPowerDVD12 => 2 MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2 MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2 MSCONFIG\Services: Fax => 2 MSCONFIG\Services: PSI_SVC_2_x64 => 2 MSCONFIG\Services: ScsiAccess => 2 MSCONFIG\Services: ServiceLayer => 3 MSCONFIG\Services: SkypeUpdate => 3 MSCONFIG\Services: syncagentsrv => 3 MSCONFIG\Services: TryAndDecideService => 2 MSCONFIG\Services: UPSmonitor => 2 MSCONFIG\Services: UPSRMI => 3 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCdownloader.lnk => C:\Windows\pss\NCdownloader.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Terminplaner.lnk => C:\Windows\pss\Terminplaner.lnk.Startup MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimOnize-start.LNK => C:\Windows\pss\TimOnize-start.LNK.Startup MSCONFIG\startupreg: ACPW06EN => "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe MSCONFIG\startupreg: AddressBookReminderApp => D:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe MSCONFIG\startupreg: ANIWZCS2Service => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe MSCONFIG\startupreg: AntiLogger => "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized MSCONFIG\startupreg: AnySend User Interface => C:\Program Files (x86)\AnySend\AnySendUI.exe MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Ashampoo Anti-Virus Guard => "D:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\AAV_Guard.exe" -AUTORUN MSCONFIG\startupreg: autodetect => D:\Program Files (x86)\AIS Aircard Connection\AutoDect.exe MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min MSCONFIG\startupreg: Avira Secure Backup => "C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe" /delayed MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe MSCONFIG\startupreg: AVTray => C:\Program Files (x86)\UtilTool\Antivirus\AVTray.exe MSCONFIG\startupreg: BackupOutlook => "D:\Program Files (x86)\Wisco\BackupOutlook\BackupOutlook.exe" silent MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: Bonus.SSR.FR12 => "D:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun MSCONFIG\startupreg: BrowserPlugInHelper => D:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR MSCONFIG\startupreg: CuteReminder => D:\Program Files (x86)\CuteReminderEnterprise\CuteReminder.exe MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-110 => D:\Program Files (x86)\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe MSCONFIG\startupreg: DivXMediaServer => D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW MSCONFIG\startupreg: FontExpertType1Loader => D:\Program Files (x86)\FontExpert\Type1Loader.exe MSCONFIG\startupreg: GmailNotifierPro => D:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe /minimized MSCONFIG\startupreg: GoogleChromeAutoLaunch_48A5624A9F8D410DFDDC0DF16A2DABA7 => "C:\Users\Rudi\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session MSCONFIG\startupreg: IcS Control Check => %TEMP%\hsstv64.exe MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler MSCONFIG\startupreg: KiesAirMessage => D:\Program Files\Kies\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => D:\Program Files\Kies\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => D:\Program Files\Kies\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: Klr => "C:\klr\klr.exe" I MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent MSCONFIG\startupreg: MMAgent => C:\Program Files (x86)\Mobile Master\MMAgent.exe MSCONFIG\startupreg: MtdAcqu => "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray MSCONFIG\startupreg: OpAgent => "OpAgent.exe" /agent MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe MSCONFIG\startupreg: PMBVolumeWatcher => D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe" MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe" MSCONFIG\startupreg: PromptService64 => C:\Windows\PromptService64.exe MSCONFIG\startupreg: QuickTime Task => "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun MSCONFIG\startupreg: SSS15 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosBrowserMonitor.exe" MSCONFIG\startupreg: SSS15 Chrome Autofill Relay => "C:\Program Files (x86)\Steganos Privacy Suite 15\passwordmanagercom.exe" MSCONFIG\startupreg: SSS15 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 15\fredirstarter.exe" MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosHotKeyService.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: TrayServer => D:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Download-Version\TrayServer_de.exe MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: TypografFontSets => d:\program files (x86)\typograph\typograf\fontsets.exe MSCONFIG\startupreg: UPSMS => D:\Program Files (x86)\MonitorSoftware\UPSMS.exe MSCONFIG\startupreg: Windows File Locker Helper => "D:\Program Files (x86)\GiliSoft\Privacy Protector\WinFLockerHelp.exe" UnmountDisk MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe MSCONFIG\startupreg: WTClient => WTClient.exe MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => D:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE HKLM\...\StartupApproved\Run: => "ZAM" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "ProductUpdater" HKLM\...\StartupApproved\Run32: => "TrayServer" HKLM\...\StartupApproved\Run32: => "Dropbox" HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "OneDrive" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "Customer Update Utility" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "Browser Extensions" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "winClient" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "IDMan" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "Chromium" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "CCleaner Monitoring" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "AntiBrowserSpy - BrowserMask" HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "AdobeBridge" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [{92DDDA61-E10B-4218-A42C-3938BED15865}] => (Block) %ProgramFiles% FirewallRules: [{343203A7-BFB6-48F7-86ED-D53A0BDB4AC4}] => (Block) %ProgramFiles% (x86)\Picture Instruments\Color Cone\exiftool.exe FirewallRules: [{4E6AA035-C3B0-41C9-87D0-1E9A89953CB6}] => (Block) %ProgramFiles% (x86)\Picture Instruments\Color Cone\Color_Cone.exe FirewallRules: [{76374B33-D92B-42B0-A6E0-269E495E9FCA}] => (Allow) C:\Program Files\MAGIX\Video Pro X\8\Video_Pro_X.exe FirewallRules: [{ACF1C0D6-CAB6-4974-9294-33EFF9A485C3}] => (Allow) C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe FirewallRules: [{AE6D21EC-AF00-424F-8450-F32AD8F13030}] => (Allow) C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe FirewallRules: [{D3982B8C-A41C-415E-83B9-CF4CF2AB8D3B}] => (Allow) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe FirewallRules: [{3634DA3D-816E-4CE4-9B57-CF5379B8A9CA}] => (Allow) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe FirewallRules: [{087C574D-C291-4D46-A690-5658C1CB5829}] => (Allow) D:\Program Files (x86)\Artisteer 4\bin\Artisteer.exe FirewallRules: [{2B7C81BD-3E9E-4CEA-A6C6-785C3A522B31}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{3E9BDE80-6AA4-4C99-8039-ECA373ABED9A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe FirewallRules: [{1C6959C4-731B-44A1-8CD7-10E860BEB17B}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{8610B2E8-72BB-4A38-BBEF-014824F1049A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe FirewallRules: [{210C36A5-5707-4BC0-B5AC-9E8EFF9780AF}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{4F8322A4-38AB-4C37-BACA-E451600B2622}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe FirewallRules: [{78D01D20-85AA-4AA5-AF1C-5F488533A8D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{7A1D4035-8E3F-4688-AA06-0E92B50C9E7D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{096B0E49-EAF4-4EE6-B813-C00A510E7474}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{31A8840F-D394-4FD4-A589-5E6549668CE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{3ADEE13B-782F-41AF-A2F7-17A258E9EA1E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{244CD225-548C-4FB5-A054-7F2B9574DA3B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{F5549210-C24C-4912-80D1-62CD2DC7FF25}] => (Allow) D:\Program Files (x86)\gnucash\bin\gnucash.exe FirewallRules: [{03F67F62-07AC-4DCA-960B-DE59BBCDC830}] => (Allow) D:\Program Files (x86)\gnucash\bin\gnucash.exe FirewallRules: [{514637EA-4E95-4628-91B7-43F53283CA59}] => (Allow) D:\Program Files (x86)\gnucash\bin\gconfd-2.exe FirewallRules: [{18F0CBE4-B523-462E-AE21-300844AF8924}] => (Allow) D:\Program Files (x86)\gnucash\bin\gconfd-2.exe FirewallRules: [{6BEE3BE6-1314-40A0-BE8B-F81E85109FF8}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{9987847A-04DF-498A-B509-C997DB20FFC6}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{56F1FB23-CE8F-45E8-9ADD-4BBF8A6C5483}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\RM.exe FirewallRules: [{5C05F7D2-56F8-466D-B0CF-3EFB369E561E}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\RM.exe FirewallRules: [{E823DB60-76E2-4E7D-9043-903B9B191A15}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\NGStudio.exe FirewallRules: [{55AFA9C4-0AAB-4DEA-8261-05675E0CFE17}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\NGStudio.exe FirewallRules: [{81E731ED-1B26-4AD8-BE1C-C25A9BF3DEF1}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\UMI.exe FirewallRules: [{50253750-8B23-48F6-BD19-45C558C2BCEE}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\UMI.exe FirewallRules: [TCP Query User{5C195D51-E479-4471-B613-C8D8E19714F1}D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe FirewallRules: [UDP Query User{B63962BA-E046-48CE-B790-D44B8EC1650E}D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe FirewallRules: [TCP Query User{BD6A8247-5044-4FBA-A53B-3E76F9B159C8}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe FirewallRules: [UDP Query User{0E143700-BA52-4F52-AEFC-C7203C23BB1C}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe FirewallRules: [{4AC0F8FE-8692-4C17-B80B-9AE277E66735}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{47CB69A7-E8E8-4F79-8D23-A5EA79C064EF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe FirewallRules: [{533A753D-D854-4724-A674-30B2A1D9F8C5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{8EF7F021-8882-45BE-A71A-65D9F18E531E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe FirewallRules: [{93728EB7-BB5D-4B66-A900-CB91CCEB9EFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{33E0A8CE-405A-442A-BE7D-BEB5C9947DA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe FirewallRules: [{34124BF5-369E-4452-A75C-492899114C06}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{C1778ED6-0E53-4417-89CD-5D2F17C45EB8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe FirewallRules: [{37E92E1B-007F-487D-AFF3-D30B5764C96A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{68BEDED7-3650-43D0-9F77-44E501020909}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe FirewallRules: [{F8AC81F9-93FE-4D32-8134-F8B64AC27850}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{BE94671C-AADB-4A11-BF3B-03BB7A062D8E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe FirewallRules: [{4486823B-F4D8-4B5A-BAFF-2979CFB2258E}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTV.exe FirewallRules: [{70039998-A8BD-4B39-936D-3A70BE91BAD2}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTV.exe FirewallRules: [{2019AE57-E054-4D82-B531-B5A2974FF682}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTVStarter.exe FirewallRules: [{F1C990BE-DF28-4CBF-BFC1-0C9BDAB303F3}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTVStarter.exe FirewallRules: [TCP Query User{B003675D-6750-43B7-BD9B-3CE20CB7B917}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe FirewallRules: [UDP Query User{E36BBF5C-E88B-4359-A658-71EDF668E8A6}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe FirewallRules: [TCP Query User{8EE92EF5-EFAE-4B3A-BFB0-EDE27F7F7E8A}C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe] => (Allow) C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe FirewallRules: [UDP Query User{2D6D6FC6-A75E-4F9B-8CE7-215CC17BE21A}C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe] => (Allow) C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe FirewallRules: [{EA0E752C-BA1C-4768-9093-D1DAC6360409}] => (Allow) LPort=8298 FirewallRules: [{A5E15D82-1A59-480C-B92A-94C10B6EA8B8}] => (Allow) D:\Program Files (x86)\ABBYY Scan Station\ScanStationBR.exe FirewallRules: [{1544CEDB-7794-4D00-8761-E0727DB93FD7}] => (Allow) D:\Program Files (x86)\ABBYY Scan Station\ScanStationBR.exe FirewallRules: [{0E903599-3EB2-4551-9A9F-5FA1AF4FC132}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{FA67384C-59C6-47D0-A07C-CEA1A955C4D1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{68279ADA-F142-4020-81A1-3F6B02383D4B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{54EAA105-F360-4F4D-B5A3-B9F4F3010D97}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{CA0FA361-1AB8-4E53-AE24-CBC00C082D52}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{19ECACD0-E02F-4EC9-964E-11759E6B9F9C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [TCP Query User{AC61D6F2-57CD-453E-9314-E663A8AAC4A8}D:\program files (x86)\ eye4\superipcam.exe] => (Allow) D:\program files (x86)\ eye4\superipcam.exe FirewallRules: [UDP Query User{692A0DC4-45CE-4511-B9D6-D83A041852A8}D:\program files (x86)\ eye4\superipcam.exe] => (Allow) D:\program files (x86)\ eye4\superipcam.exe FirewallRules: [{37C527A9-0DBF-4292-A284-BBAD1E4E9C9E}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{529BD4C3-4EFE-4A60-BB4A-3E660A0E44AD}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{F3C7CFBC-A8C1-49F0-8326-EAFF83FB1560}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\FuScript.exe FirewallRules: [{4B5B7FD8-C4BF-47C4-9E8F-F7EA9EA2409F}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\Fusion.exe FirewallRules: [{543E9678-C84C-4D1C-941C-21D30BE00B57}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\FusionServer.exe FirewallRules: [{FD7C670B-D19D-46AF-B245-7CD9A564C809}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\QTServer\FusionQTServer.exe FirewallRules: [{3B818112-9F06-4DDF-B4C7-0DED3303D73E}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeUltimate9.exe FirewallRules: [{E382B8D2-1EF7-45E2-89B8-C068C627278A}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeSRUltimate.exe FirewallRules: [{86956E22-AEFD-4386-B853-D70838A32EFF}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeQVUltimate9.exe FirewallRules: [{DED6CF2D-49CC-4D18-B98F-3FBBF9992C2A}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeIndexerUltimate9.exe FirewallRules: [{6C1A1CAA-DE81-4995-ACE3-6A082396D058}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe FirewallRules: [{27A6FBC8-6D86-4878-91DC-971C7258C641}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\acdIDWriter.exe FirewallRules: [{5F01C5EF-C385-4E75-A625-36AED3B52D02}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe FirewallRules: [{199FB244-C51E-4B53-A6A3-9D9EB04DEC0F}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\D3DBaseSlideShow.exe FirewallRules: [{C6872CD3-D525-44F7-9366-9C46361845D9}] => (Allow) D:\Program Files\MAGIX\Video deluxe Premium\2017\Videodeluxe.exe FirewallRules: [{4470F796-4ACA-4A01-AA09-BC1F4BA07AF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{C3388173-3F30-468A-A852-C2F15CA8AB84}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe FirewallRules: [{F13436ED-DC5E-4287-A01F-00B08A9DD03C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{64A71504-DADA-4DB5-8B46-39D8A2E48E89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe FirewallRules: [{5CA2267A-29D7-4AEE-A210-6BFA2B59CCF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{F2D5FC31-7734-451A-AFAB-B9DC86B95F41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe FirewallRules: [{A2CE3A7F-3546-453B-BEDF-7D073C4FC3FD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe FirewallRules: [{6ADF1FE9-CB16-46F8-9F8F-9BD26B91F749}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe FirewallRules: [{11BBA2C4-A21E-4AC5-A282-9AAAF4245B1A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe FirewallRules: [{EEF5CFFF-5ECA-49D6-9F52-33CE079958F3}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe FirewallRules: [{4C48D9CA-9AA2-4252-AFCB-7509F0D7A5AA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe FirewallRules: [{324357CD-B610-411C-9579-05CF8045B2C8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe FirewallRules: [{DB6E937E-8B6E-497E-90A2-F824296A09CF}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe FirewallRules: [{AFD68924-EB84-4478-9040-AC65FB232B85}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe FirewallRules: [{F68C1B6F-D434-4381-AA99-D4AD07898B56}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe FirewallRules: [{D000E2C8-99F1-4F99-B050-21B1EA36483B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe FirewallRules: [{7EE22F9C-7AC7-4F33-BA10-C2B8C6BE0FB7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe FirewallRules: [{DBA722E4-A3B5-4023-BF6B-4989E77AFDE6}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe FirewallRules: [{7031A7E2-3592-4B03-94F8-8B86050FABA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{B2898DF5-D2AF-495F-B386-C16706BD61C6}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{14BB7E39-D672-45E3-88CD-1A25CF430A37}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{51B09A1F-FA5B-498A-8825-F58B72F6F03F}] => (Block) D:\Program Files (x86)\Windows Repair (All in One)\Repair_Windows.exe FirewallRules: [TCP Query User{9183D5AA-2F5D-4438-9A1D-AAF662CBB7E2}D:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) D:\program files (x86)\phraseexpress\phraseexpress.exe FirewallRules: [UDP Query User{B9C37156-5CDB-4EB4-ACE8-208E7464A7E0}D:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) D:\program files (x86)\phraseexpress\phraseexpress.exe FirewallRules: [{6AE4B966-D33C-43E8-8A17-4A0237321D8A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe ==================== Restore Points ========================= 13-03-2017 19:08:57 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/14/2017 08:23:24 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:23:14 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:23:04 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:22:53 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:22:43 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:22:33 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:22:23 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:22:13 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:22:02 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). Error: (03/14/2017 08:21:52 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3). System errors: ============= Error: (03/14/2017 07:23:35 AM) (Source: DCOM) (EventID: 10010) (User: Rudi-PC) Description: Der Server "{21F282D1-A881-49E1-9A3A-26E44E39B86C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden. Error: (03/14/2017 07:21:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/14/2017 07:21:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (03/14/2017 07:21:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "HvHost" wurde mit folgendem Fehler beendet: Ein an das System angeschlossenes Gerät funktioniert nicht. Error: (03/14/2017 07:21:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "WwanSvc" wurde mit folgendem Fehler beendet: Zugriff verweigert Error: (03/14/2017 07:21:26 AM) (Source: NETLOGON) (EventID: 3095) (User: ) Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser Konfiguration nicht gestartet zu sein. Error: (03/13/2017 08:36:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: ) Description: Der Dienst "Windows Defender Advanced Threat Protection-Dienst" wurde mit folgendem Fehler beendet: Die Daten sind unzulässig. Error: (03/13/2017 04:36:17 PM) (Source: volsnap) (EventID: 25) (User: ) Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. CodeIntegrity: =================================== Date: 2017-03-14 07:33:20.212 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-13 08:04:33.499 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-12 10:51:44.944 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-11 10:38:12.319 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-09 18:47:01.749 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2017-03-08 17:32:10.925 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2017-03-08 17:32:10.896 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2017-03-08 17:32:10.861 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2017-03-08 17:32:10.798 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2017-03-08 17:32:10.781 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz Percentage of memory in use: 42% Total physical RAM: 8174.68 MB Available physical RAM: 4723.57 MB Total Virtual: 10350.68 MB Available Virtual: 6092.14 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:111.35 GB) (Free:9.24 GB) NTFS ==>[drive with boot components (obtained from BCD)] Drive d: (Programme) (Fixed) (Total:488.28 GB) (Free:402.82 GB) NTFS Drive e: (Recovery) (Fixed) (Total:1397.26 GB) (Free:1327.25 GB) NTFS Drive f: (Backup) (Fixed) (Total:932.98 GB) (Free:588.67 GB) NTFS Drive g: (Sonstiges) (Fixed) (Total:85.67 GB) (Free:33.28 GB) NTFS Drive i: (Kopien) (Fixed) (Total:930.03 GB) (Free:316.14 GB) NTFS Drive z: (Daten) (Fixed) (Total:1289.06 GB) (Free:247.15 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: 331278BE) Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS) Partition 2: (Active) - (Size=85.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=1289.1 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D3967C50) Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: F612D630) Partition 1: (Not Active) - (Size=933 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=930 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: AA2FCA67) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ |
14.03.2017, 10:46 | #5 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter cmd: type C:\WINDOWS\system32\Drivers\etc\hosts emptytemp: Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
14.03.2017, 12:10 | #6 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werdenCode:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017 Ran by Rudi (14-03-2017 17:28:25) Run:1 Running from Z:\Aktuelle Downloads Loaded Profiles: Rudi (Available Profiles: Rudi & Administrator & DefaultAppPool) Boot Mode: Normal ============================================== fixlist content: ***************** cmd: type C:\WINDOWS\system32\Drivers\etc\hosts emptytemp: ***************** ========= type C:\WINDOWS\system32\Drivers\etc\hosts ========= # Copyright (c) 1993-2009 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. # 127.0.0.1 localhost # ::1 localhost ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 294165 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44422450 B Java, Flash, Steam htmlcache => 0 B Windows/system/drivers => 57976 B Edge => 4336561 B Chrome => 514442345 B Firefox => 84659653 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 0 B LocalService => 443720 B NetworkService => 286184 B Rudi => 145140606 B UpdatusUser => 0 B Administrator => 0 B DefaultAppPool => 0 B RecycleBin => 468885 B EmptyTemp: => 757.7 MB temporary data Removed. ================================ The system needed a reboot. ==== End of Fixlog 17:29:09 ==== |
14.03.2017, 12:13 | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Hast du da an den hosts rumgefummelt? Denn da ist zwar jede Zeile auskommentiert und FRST meckert trotzdem: Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
__________________ Logfiles bitte immer in CODE-Tags posten |
15.03.2017, 06:32 | #8 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Hallo! Keine Ahnung! Nein. |
15.03.2017, 09:37 | #9 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Lesestoff: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
16.03.2017, 05:07 | #10 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Danke! Habe eine Malware gefunden. Aber die Meldung über die einzuschaltende FW kamnach dem Neustart wieder. Datei zu groß. Teil 1 Code:
ATTFilter --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Z:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 8571777024, free: 4885569536 Downloaded database version: v2017.03.15.08 Downloaded database version: v2017.03.11.01 Downloaded database version: v2017.03.14.01 Initializing... ====================== ------------ Kernel report ------------ 03/16/2017 07:23:12 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\pciide.sys \SystemRoot\System32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\atapi.sys \SystemRoot\System32\drivers\ataport.SYS \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\DRIVERS\file_tracker.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\system32\DRIVERS\FLGuard.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\system32\DRIVERS\hotcore3.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\SysWOW64\WinFLAdrv.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\NNSNAHSL.sys \SystemRoot\system32\DRIVERS\eve.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \??\C:\WINDOWS\System32\drivers\zamguard64.sys \??\C:\WINDOWS\System32\drivers\zam64.sys \SystemRoot\System32\drivers\veracrypt.sys \SystemRoot\System32\drivers\uim_im.sys \SystemRoot\System32\drivers\UimFIO.SYS \SystemRoot\System32\drivers\uim_devim.sys \SystemRoot\System32\drivers\UimBus.sys \??\C:\WINDOWS\Sleen1964.sys \SystemRoot\system32\DRIVERS\PSINKNC.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\system32\DRIVERS\NNSTLSC.sys \SystemRoot\system32\DRIVERS\NNSSTRM.sys \SystemRoot\system32\DRIVERS\NNSSMTP.sys \SystemRoot\system32\DRIVERS\NNSPRV.sys \SystemRoot\system32\DRIVERS\NNSPROT.sys \SystemRoot\system32\DRIVERS\NNSPOP3.sys \SystemRoot\system32\DRIVERS\NNSPIHSW.sys \SystemRoot\system32\DRIVERS\NNSPICC.sys \SystemRoot\system32\DRIVERS\NNSIDS.sys \SystemRoot\system32\DRIVERS\NNSHTTPS.sys \SystemRoot\system32\DRIVERS\NNSHTTP.sys \SystemRoot\system32\DRIVERS\NNSALPC.sys \SystemRoot\System32\drivers\mssmbios.sys \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS \SystemRoot\System32\drivers\gpuenergydrv.sys \??\C:\Windows\system32\Drivers\eusk2par-amd64.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\Windows\system32\drivers\AntiLog64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\P17.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\fdc.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\PTSimBus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\drivers\usbprint.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\Spyder3.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\wachidrouter.sys \SystemRoot\System32\drivers\hidkmdf.sys \SystemRoot\System32\drivers\wacomrouterfilter.sys \SystemRoot\system32\DRIVERS\lvuvc64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\lvrs64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\DRIVERS\file_protector.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\DRIVERS\PSINFile.sys \SystemRoot\system32\DRIVERS\PSINProc.sys \SystemRoot\system32\DRIVERS\PSINReg.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\system32\DRIVERS\virtual_file.sys \SystemRoot\System32\drivers\registry.sys \??\D:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\acedrv11.sys \SystemRoot\system32\drivers\hvservice.sys \SystemRoot\system32\drivers\winhvr.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\mqac.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys \SystemRoot\system32\DRIVERS\PSINAflt.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\system32\DRIVERS\PSINProt.sys \??\C:\Windows\system32\Drivers\SSPORT.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \??\C:\WINDOWS\system32\drivers\mwac.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.15.08 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 3, DevicePointer: 0xffffe50c093b2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe50c093b2ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe50c093b2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffffe50c08f019b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe50c08f46600, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffffe50c093ae060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe50c093aeae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe50c093ae060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffffe50c08f38c40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe50c08f3f060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 331278BE Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000000 Partition is not bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 1024002048 Numsec = 179662848 Partition is not bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1203664896 Numsec = 2703360000 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffffe50c093af060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe50c093afae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe50c093af060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffffe50c08f0b720, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe50c08f44060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: F612D630 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1956599808 Partition is not bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1956603904 Numsec = 1950420992 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffffe50c093b0610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffffe50c093b1040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffffe50c093b0610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffffe50c08f0b440, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffffe50c08f40060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-8\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: AA2FCA67 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 2930272002 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1500301910016 bytes Sector size: 512 bytes Done! Drive 3 This is a System drive Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: D3967C50 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 233512960 Partition is bootable Partition file system is NTFS Partition 1 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 233515008 Numsec = 921600 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 120034123776 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768) File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768) File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\version.dll" is sparse (flags = 32768) File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768) File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768) File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768) File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768) File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768) File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768) File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768) File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768) File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768) File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768) File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768) File "C:\Windows\System32\smss.exe" is sparse (flags = 32768) File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768) File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768) File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768) File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768) File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768) File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768) File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768) File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768) File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768) File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768) File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768) File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768) File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\05ab415fda98063ea52877978eb1cb4f\System.Configuration.Install.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5802392cd3e3a6f3921aabc3241bb561\System.IdentityModel.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\6ba98b6eeadccf682c0cc876bcc548da\System.Net.Http.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\security.dll" is sparse (flags = 32768) File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768) File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768) File "C:\Windows\System32\webio.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\msi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dfscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768) File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768) File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768) File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768) File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768) File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768) File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768) File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768) File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768) File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768) File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768) File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768) File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7e37a4f7ac90e8a80cc2bfc7429dd2c1\System.Web.Services.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768) File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768) File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768) File "C:\Windows\System32\atmlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll" is sparse (flags = 32768) File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768) File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768) File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768) File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768) File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768) File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768) File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768) File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768) File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04c4f83e0b62ff553abff98943e45f42\System.Xaml.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\def8702c6e883330fb8cb8e3f5c5e665\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\6af063d01a7341bd43c8c4775e6a7144\PresentationFramework-SystemCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\720259e39ef1331fa96a3242ad50f25a\System.Data.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768) File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll" is sparse (flags = 32768) File "C:\Windows\System32\wisp.dll" is sparse (flags = 32768) File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bc02b10ad9ab83121bc8d4efdfdbddd6\PresentationFramework-SystemXml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\32e8814a6a6fb0730134a52c7343244f\PresentationFramework-SystemData.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\fab25566b63fba80db7f6456f7730d70\PresentationFramework-SystemXmlLinq.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768) File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768) File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768) File "C:\Windows\System32\hid.dll" is sparse (flags = 32768) File "C:\Windows\System32\credui.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768) File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768) File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768) File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768) File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768) File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768) File "C:\Windows\System32\mf.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768) File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768) File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768) File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768) File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768) File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL" is sparse (flags = 32768) File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768) File "C:\Windows\System32\msident.dll" is sparse (flags = 32768) File "C:\Windows\System32\pstorec.dll" is sparse (flags = 32768) File "C:\Windows\System32\msoeacct.dll" is sparse (flags = 32768) File "C:\Windows\System32\msoert2.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768) File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768) File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768) File "C:\Windows\System32\ACCTRES.dll" is sparse (flags = 32768) File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COMPATTELRUNNER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\COMPATTELRUNNER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768) File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768) File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\rstrui.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768) File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768) File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768) File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768) File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768) File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768) File "C:\Windows\System32\alg.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768) File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768) File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768) File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768) File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768) File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768) File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768) File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\vds.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768) File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768) File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768) File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768) File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768) File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netman.dll" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768) File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\browser.dll" is sparse (flags = 32768) File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\das.dll" is sparse (flags = 32768) File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\dps.dll" is sparse (flags = 32768) File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\es.dll" is sparse (flags = 32768) File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768) File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768) File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768) File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768) File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768) File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pla.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768) File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768) File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768) File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768) File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768) File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768) File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768) File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768) File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768) File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768) File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768) File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768) File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768) File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768) File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768) File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768) File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) Infected: C:\Program Files\CCleaner\cr-piriform.exe --> [RiskWare.Agent.Keygen] File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) ------------ Kernel report ------------ 03/16/2017 08:04:33 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\pciide.sys \SystemRoot\System32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\atapi.sys \SystemRoot\System32\drivers\ataport.SYS \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\DRIVERS\file_tracker.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\system32\DRIVERS\FLGuard.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\system32\DRIVERS\hotcore3.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\NNSNAHSL.sys \SystemRoot\system32\DRIVERS\eve.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \??\C:\WINDOWS\System32\drivers\zamguard64.sys \??\C:\WINDOWS\System32\drivers\zam64.sys \SystemRoot\System32\drivers\veracrypt.sys \SystemRoot\System32\drivers\uim_im.sys \SystemRoot\System32\drivers\UimFIO.SYS \SystemRoot\System32\drivers\uim_devim.sys \SystemRoot\System32\drivers\UimBus.sys \??\C:\WINDOWS\Sleen1964.sys \SystemRoot\system32\DRIVERS\PSINKNC.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\system32\DRIVERS\NNSTLSC.sys \SystemRoot\system32\DRIVERS\NNSSTRM.sys \SystemRoot\system32\DRIVERS\NNSSMTP.sys \SystemRoot\system32\DRIVERS\NNSPRV.sys \SystemRoot\system32\DRIVERS\NNSPROT.sys \SystemRoot\system32\DRIVERS\NNSPOP3.sys \SystemRoot\system32\DRIVERS\NNSPIHSW.sys \SystemRoot\system32\DRIVERS\NNSPICC.sys \SystemRoot\system32\DRIVERS\NNSIDS.sys \SystemRoot\system32\DRIVERS\NNSHTTPS.sys \SystemRoot\system32\DRIVERS\NNSHTTP.sys \SystemRoot\system32\DRIVERS\NNSALPC.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\gpuenergydrv.sys \??\C:\Windows\system32\Drivers\eusk2par-amd64.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\Windows\system32\drivers\AntiLog64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\P17.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\fdc.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\PTSimBus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\drivers\usbprint.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\Spyder3.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\wachidrouter.sys \SystemRoot\System32\drivers\hidkmdf.sys \SystemRoot\System32\drivers\wacomrouterfilter.sys \SystemRoot\system32\DRIVERS\lvuvc64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\lvrs64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\DRIVERS\file_protector.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\DRIVERS\PSINFile.sys \SystemRoot\system32\DRIVERS\PSINProc.sys \SystemRoot\system32\DRIVERS\PSINReg.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\system32\DRIVERS\virtual_file.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\system32\drivers\mslldp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \??\C:\Windows\system32\drivers\acedrv11.sys \SystemRoot\system32\drivers\hvservice.sys \SystemRoot\system32\drivers\winhvr.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\drivers\mqac.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys \SystemRoot\system32\DRIVERS\PSINAflt.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\drivers\npf.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\system32\DRIVERS\PSINProt.sys \??\C:\Windows\system32\Drivers\SSPORT.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \??\C:\WINDOWS\system32\drivers\mwac.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ----------- End ----------- |
16.03.2017, 05:08 | #11 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Hier Teil 2 Code:
ATTFilter File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.83" is compressed (flags = 1) Scan finished Creating System Restore point... Cleaning up... Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1024002048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1203664896-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1956603904-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-1-233515008-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.09.3.1001 (c) Malwarebytes Corporation 2011-2012 OS version: 10.0.9200 Windows 10 x64 Account is Administrative Internet Explorer version: 11.576.14393.0 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Z:\ DRIVE_FIXED CPU speed: 3.093000 GHz Memory total: 8571777024, free: 5638066176 Initializing... ====================== ------------ Kernel report ------------ 03/16/2017 09:48:23 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\pciide.sys \SystemRoot\System32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\atapi.sys \SystemRoot\System32\drivers\ataport.SYS \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\DRIVERS\file_tracker.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\system32\DRIVERS\FLGuard.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\system32\DRIVERS\hotcore3.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\SysWOW64\WinFLAdrv.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\NNSNAHSL.sys \SystemRoot\system32\DRIVERS\eve.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \??\C:\WINDOWS\System32\drivers\zamguard64.sys \??\C:\WINDOWS\System32\drivers\zam64.sys \SystemRoot\System32\drivers\veracrypt.sys \SystemRoot\System32\drivers\uim_im.sys \SystemRoot\System32\drivers\UimFIO.SYS \SystemRoot\System32\drivers\uim_devim.sys \SystemRoot\System32\drivers\UimBus.sys \??\C:\WINDOWS\Sleen1964.sys \SystemRoot\system32\DRIVERS\PSINKNC.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\system32\DRIVERS\NNSTLSC.sys \SystemRoot\system32\DRIVERS\NNSSTRM.sys \SystemRoot\system32\DRIVERS\NNSSMTP.sys \SystemRoot\system32\DRIVERS\NNSPRV.sys \SystemRoot\system32\DRIVERS\NNSPROT.sys \SystemRoot\system32\DRIVERS\NNSPOP3.sys \SystemRoot\system32\DRIVERS\NNSPIHSW.sys \SystemRoot\system32\DRIVERS\NNSPICC.sys \SystemRoot\system32\DRIVERS\NNSIDS.sys \SystemRoot\system32\DRIVERS\NNSHTTPS.sys \SystemRoot\system32\DRIVERS\NNSHTTP.sys \SystemRoot\system32\DRIVERS\NNSALPC.sys \SystemRoot\System32\drivers\mssmbios.sys \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS \SystemRoot\System32\drivers\gpuenergydrv.sys \??\C:\Windows\system32\Drivers\eusk2par-amd64.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\Windows\system32\drivers\AntiLog64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\P17.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\fdc.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\PTSimBus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\drivers\usbprint.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\Spyder3.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\wachidrouter.sys \SystemRoot\System32\drivers\hidkmdf.sys \SystemRoot\System32\drivers\wacomrouterfilter.sys \SystemRoot\system32\DRIVERS\lvuvc64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\lvrs64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\file_protector.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\DRIVERS\PSINProc.sys \SystemRoot\system32\DRIVERS\PSINFile.sys \SystemRoot\system32\DRIVERS\PSINReg.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\system32\DRIVERS\virtual_file.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\mslldp.sys \??\D:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\drivers\mpsdrv.sys \??\C:\Windows\system32\drivers\acedrv11.sys \SystemRoot\system32\drivers\hvservice.sys \SystemRoot\system32\drivers\winhvr.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\system32\drivers\npf.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\system32\DRIVERS\PSINAflt.sys \SystemRoot\system32\DRIVERS\PSINProt.sys \SystemRoot\system32\drivers\mqac.sys \??\C:\Windows\system32\Drivers\SSPORT.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \??\C:\Windows\SysWow64\WinVDEdrv.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\WINDOWS\system32\drivers\mwac.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys ----------- End ----------- Done! Scan started Database versions: main: v2017.03.15.08 rootkit: v2017.03.11.01 <<<2>>> Physical Sector Size: 512 Drive: 3, DevicePointer: 0xffff9f88a823a610, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9f88a823b040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9f88a823a610, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ DevicePointer: 0xffff9f88a73939b0, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9f88a7da2060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... Done! Physical Sector Size: 512 Drive: 0, DevicePointer: 0xffff9f88a8236470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9f88a8237040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9f88a8236470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xffff9f88a7d9cc40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9f88a73ff060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 331278BE Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1024000000 Partition is not bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 1024002048 Numsec = 179662848 Partition is not bootable Partition file system is NTFS Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1203664896 Numsec = 2703360000 Partition is not bootable Partition file system is NTFS Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xffff9f88a8238060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9f88a8238ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9f88a8238060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ DevicePointer: 0xffff9f88a7d97550, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9f88a7da6060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: F612D630 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1956599808 Partition is not bootable Partition file system is NTFS Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 1956603904 Numsec = 1950420992 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 2000398934016 bytes Sector size: 512 bytes Done! Physical Sector Size: 512 Drive: 2, DevicePointer: 0xffff9f88a8239060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xffff9f88a8239ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xffff9f88a8239060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ DevicePointer: 0xffff9f88a7389e40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xffff9f88a7da0060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-8\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 2 Scanning MBR on drive 2... Inspecting partition table: MBR Signature: 55AA Disk Signature: AA2FCA67 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 63 Numsec = 2930272002 Partition is not bootable Partition file system is NTFS Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 1500301910016 bytes Sector size: 512 bytes Done! Drive 3 This is a System drive Scanning MBR on drive 3... Inspecting partition table: MBR Signature: 55AA Disk Signature: D3967C50 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 233512960 Partition is bootable Partition file system is NTFS Partition 1 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 233515008 Numsec = 921600 Partition is not bootable Partition file system is NTFS Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition is not bootable Disk Size: 120034123776 bytes Sector size: 512 bytes Done! File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\user32.dll" is sparse (flags = 32768) File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768) File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768) File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768) File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768) File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\combase.dll" is sparse (flags = 32768) File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768) File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\version.dll" is sparse (flags = 32768) File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768) File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768) File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768) File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768) File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768) File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768) File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768) File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768) File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768) File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768) File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768) File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768) File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768) File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768) File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\smss.exe" is sparse (flags = 32768) File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768) File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\services.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768) File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768) File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768) File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768) File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768) File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768) File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768) File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768) File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768) File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768) File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768) File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768) File "C:\Windows\System32\msi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dfscli.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768) File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\05ab415fda98063ea52877978eb1cb4f\System.Configuration.Install.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5802392cd3e3a6f3921aabc3241bb561\System.IdentityModel.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\6ba98b6eeadccf682c0cc876bcc548da\System.Net.Http.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\security.dll" is sparse (flags = 32768) File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768) File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768) File "C:\Windows\System32\webio.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768) File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768) File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768) File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768) File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768) File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768) File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768) File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768) File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768) File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768) File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\wermgr.exe" is sparse (flags = 32768) File "C:\Windows\System32\wermgr.exe" is sparse (flags = 32768) File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768) File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768) File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768) File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\explorer.exe" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7e37a4f7ac90e8a80cc2bfc7429dd2c1\System.Web.Services.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768) File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768) File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768) File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768) File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768) File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768) File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768) File "C:\Windows\System32\atmlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll" is sparse (flags = 32768) File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\DIASYMREADER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768) File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768) File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768) File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768) File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768) File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768) File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768) File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768) File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768) File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04c4f83e0b62ff553abff98943e45f42\System.Xaml.ni.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\def8702c6e883330fb8cb8e3f5c5e665\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\6af063d01a7341bd43c8c4775e6a7144\PresentationFramework-SystemCore.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\720259e39ef1331fa96a3242ad50f25a\System.Data.ni.dll" is sparse (flags = 32768) File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768) File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll" is sparse (flags = 32768) File "C:\Windows\System32\wisp.dll" is sparse (flags = 32768) File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768) File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bc02b10ad9ab83121bc8d4efdfdbddd6\PresentationFramework-SystemXml.ni.dll" is sparse (flags = 32768) File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\32e8814a6a6fb0730134a52c7343244f\PresentationFramework-SystemData.ni.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768) File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768) File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768) File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768) File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768) File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768) File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768) File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll" is sparse (flags = 32768) File "C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL" is sparse (flags = 32768) File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768) File "C:\Windows\System32\msident.dll" is sparse (flags = 32768) File "C:\Windows\System32\pstorec.dll" is sparse (flags = 32768) File "C:\Windows\System32\msoeacct.dll" is sparse (flags = 32768) File "C:\Windows\System32\msoert2.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768) File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768) File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768) File "C:\Windows\System32\ACCTRES.dll" is sparse (flags = 32768) File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768) File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768) File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768) File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768) File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768) File "C:\Windows\System32\hid.dll" is sparse (flags = 32768) File "C:\Windows\System32\credui.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768) File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768) File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768) File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768) File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768) File "C:\Windows\System32\mf.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768) File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768) File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\rstrui.exe" is sparse (flags = 32768) File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768) File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768) File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768) File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768) File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768) File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768) File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768) File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768) File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768) File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768) File "C:\Windows\System32\alg.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768) File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768) File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768) File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768) File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768) File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768) File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768) File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768) File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768) File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768) File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768) File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768) File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768) File "C:\Windows\System32\vds.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768) File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768) File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768) File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768) File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768) File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768) File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768) File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768) File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netman.dll" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768) File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768) File "C:\Windows\System32\browser.dll" is sparse (flags = 32768) File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\das.dll" is sparse (flags = 32768) File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768) File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768) File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\dps.dll" is sparse (flags = 32768) File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768) File "C:\Windows\System32\es.dll" is sparse (flags = 32768) File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768) File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768) File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768) File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768) File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768) File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768) File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768) File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768) File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768) File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768) File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\pla.dll" is sparse (flags = 32768) File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768) File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768) File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768) File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768) File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768) File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768) File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768) File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768) File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768) File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768) File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768) File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768) File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768) File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768) File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768) File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768) File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768) File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768) File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768) File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768) File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768) File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768) File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768) File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768) File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768) File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768) File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768) File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768) File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768) File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768) File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768) ------------ Kernel report ------------ 03/16/2017 10:24:11 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\werkernel.sys \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\System32\drivers\FLTMGR.SYS \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\System32\drivers\ksecdd.sys \SystemRoot\System32\drivers\clipsp.sys \SystemRoot\System32\drivers\cmimcext.sys \SystemRoot\System32\drivers\ntosext.sys \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\cng.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\drivers\intelpep.sys \SystemRoot\system32\drivers\WindowsTrustedRT.sys \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\system32\drivers\CEA.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\pciide.sys \SystemRoot\System32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\atapi.sys \SystemRoot\System32\drivers\ataport.SYS \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Wof.sys \SystemRoot\system32\DRIVERS\file_tracker.sys \SystemRoot\system32\drivers\WdFilter.sys \SystemRoot\system32\DRIVERS\tib.sys \SystemRoot\System32\Drivers\PxHlpa64.sys \SystemRoot\system32\DRIVERS\fltsrv.sys \SystemRoot\system32\DRIVERS\FLGuard.sys \SystemRoot\System32\Drivers\NTFS.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\System32\drivers\wfplwfs.sys \SystemRoot\system32\DRIVERS\timntr.sys \SystemRoot\system32\DRIVERS\hotcore3.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volume.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\system32\DRIVERS\snapman.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\system32\drivers\iorate.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\system32\drivers\filecrypt.sys \SystemRoot\system32\drivers\tbs.sys \SystemRoot\SysWOW64\WinFLAdrv.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\NNSNAHSL.sys \SystemRoot\system32\DRIVERS\eve.sys \SystemRoot\System32\drivers\vwififlt.sys \SystemRoot\System32\drivers\pacer.sys \SystemRoot\system32\drivers\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\csc.sys \??\C:\WINDOWS\System32\drivers\zamguard64.sys \??\C:\WINDOWS\System32\drivers\zam64.sys \SystemRoot\System32\drivers\veracrypt.sys \SystemRoot\System32\drivers\uim_im.sys \SystemRoot\System32\drivers\UimFIO.SYS \SystemRoot\System32\drivers\uim_devim.sys \SystemRoot\System32\drivers\UimBus.sys \??\C:\WINDOWS\Sleen1964.sys \SystemRoot\system32\DRIVERS\PSINKNC.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\system32\DRIVERS\NNSTLSC.sys \SystemRoot\system32\DRIVERS\NNSSTRM.sys \SystemRoot\system32\DRIVERS\NNSSMTP.sys \SystemRoot\system32\DRIVERS\NNSPRV.sys \SystemRoot\system32\DRIVERS\NNSPROT.sys \SystemRoot\system32\DRIVERS\NNSPOP3.sys \SystemRoot\system32\DRIVERS\NNSPIHSW.sys \SystemRoot\system32\DRIVERS\NNSPICC.sys \SystemRoot\system32\DRIVERS\NNSIDS.sys \SystemRoot\system32\DRIVERS\NNSHTTPS.sys \SystemRoot\system32\DRIVERS\NNSHTTP.sys \SystemRoot\system32\DRIVERS\NNSALPC.sys \SystemRoot\System32\drivers\mssmbios.sys \??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS \SystemRoot\System32\drivers\gpuenergydrv.sys \??\C:\Windows\system32\Drivers\eusk2par-amd64.sys \SystemRoot\System32\Drivers\dfsc.sys \??\C:\Windows\system32\drivers\AntiLog64.sys \SystemRoot\system32\DRIVERS\ahcache.sys \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys \SystemRoot\System32\drivers\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\system32\drivers\ucx01000.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\P17.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\System32\drivers\fdc.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\System32\drivers\serial.sys \SystemRoot\System32\drivers\serenum.sys \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\system32\drivers\nvvad64v.sys \SystemRoot\System32\drivers\NdisVirtualBus.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\PTSimBus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\usbscan.sys \SystemRoot\System32\drivers\usbprint.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\win32kfull.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\win32kbase.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\dxgmms2.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\drivers\Spyder3.sys \SystemRoot\System32\drivers\hidusb.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\ATMFD.DLL \SystemRoot\System32\drivers\kbdhid.sys \SystemRoot\System32\drivers\mouhid.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\wachidrouter.sys \SystemRoot\System32\drivers\hidkmdf.sys \SystemRoot\System32\drivers\wacomrouterfilter.sys \SystemRoot\system32\DRIVERS\lvuvc64.sys \SystemRoot\system32\drivers\usbaudio.sys \SystemRoot\system32\DRIVERS\lvrs64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\drivers\wcifs.sys \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\file_protector.sys \SystemRoot\system32\drivers\storqosflt.sys \SystemRoot\system32\DRIVERS\PSINProc.sys \SystemRoot\system32\DRIVERS\PSINFile.sys \SystemRoot\system32\DRIVERS\PSINReg.sys \SystemRoot\system32\drivers\wcnfs.sys \SystemRoot\system32\DRIVERS\tifsfilt.sys \SystemRoot\system32\DRIVERS\virtual_file.sys \SystemRoot\System32\drivers\registry.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\system32\drivers\mmcss.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\drivers\mslldp.sys \??\D:\Program Files\Sandboxie\SbieDrv.sys \SystemRoot\system32\drivers\lltdio.sys \SystemRoot\System32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\rspndr.sys \SystemRoot\system32\drivers\ndisuio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\drivers\mpsdrv.sys \??\C:\Windows\system32\drivers\acedrv11.sys \SystemRoot\system32\drivers\hvservice.sys \SystemRoot\system32\drivers\winhvr.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \??\C:\WINDOWS\system32\drivers\mbam.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\DRIVERS\idmwfp.sys \SystemRoot\system32\drivers\npf.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\system32\DRIVERS\PSINAflt.sys \SystemRoot\system32\DRIVERS\PSINProt.sys \SystemRoot\system32\drivers\mqac.sys \??\C:\Windows\system32\Drivers\SSPORT.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\tib_mounter.sys \??\C:\Windows\SysWow64\WinVDEdrv.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\LVPr2M64.sys \SystemRoot\System32\drivers\condrv.sys \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl \SystemRoot\system32\Drivers\WdNisDrv.sys \??\C:\WINDOWS\system32\drivers\mwac.sys \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys \??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys \??\C:\WINDOWS\system32\drivers\mbamchameleon.sys \??\D:\Program Files\OSFMount\OSFMount.sys \SystemRoot\system32\DRIVERS\cdfs.sys ----------- End ----------- File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.79" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.7C" is compressed (flags = 1) File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.83" is compressed (flags = 1) Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1024002048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1203664896-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1956603904-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-1-233515008-i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam... Removal finished |
16.03.2017, 10:48 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden - Anleitung richtig lesen - richtiges Log posten - beachten was zu tun ist wenn MBAR fündig wurde
__________________ Logfiles bitte immer in CODE-Tags posten |
16.03.2017, 13:22 | #13 |
| Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden Oh, Eentschuldigung! Hier das 1. Log: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.15.08 rootkit: v2017.03.11.01 Windows 10 x64 NTFS Internet Explorer 11.576.14393.0 Rudi :: RUDI-PC [administrator] 16.03.2017 07:23:28 mbar-log-2017-03-16 (07-23-28).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 575992 Time elapsed: 1 hour(s), 4 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Program Files\CCleaner\cr-piriform.exe (RiskWare.Agent.Keygen) -> Delete on reboot. [f75d2e9c2b7d86b0bf11fba456aa768a] Physical Sectors Detected: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.9.3.1001 www.malwarebytes.org Database version: main: v2017.03.15.08 rootkit: v2017.03.11.01 Windows 10 x64 NTFS Internet Explorer 11.576.14393.0 Rudi :: RUDI-PC [administrator] 16.03.2017 09:48:37 mbar-log-2017-03-16 (09-48-37).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 576067 Time elapsed: 1 hour(s), 10 minute(s), 18 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) |
16.03.2017, 13:58 | #14 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werdenZitat:
Lesestoff: Illegale Software: Cracks, Keygens und Co Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden |
aktivieren, antivirus, beim starten, deaktiviert, ebenfalls, eingeblendet, firewall, forum, herunterfahren, hinweis, klicke, klicken, lösung, malwarebytes, maus, meldung, neu, nichts, panda, probleme, scan, starten, viren, windows, windows firewall |