Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Unregelmäßige Abstürze auf dem Laptop (Windows 10) (https://www.trojaner-board.de/181704-unregelmaessige-abstuerze-laptop-windows-10-a.html)

Jemand 11.09.2016 22:40

Unregelmäßige Abstürze auf dem Laptop (Windows 10)
 
Guten Abend TB-Team,
erstmal danke an Denjenigen der versuchen wird mir zu helfen. Seit mehreren Wochen friert mein Laptop scheinbar grundlos ein, soweit ich das beurteilen kann ist es egal was ich mache, es funktioniert gar nichts mehr und das Gerät lässt sich ausschließlich(!), durch langes Gedrückt halten des Power-Buttons runter fahren. Der Laptop ist nicht mehr der Jüngste, aber andere Ereignisse wie, plötzliche extreme Auslastung von Datenträger, Arbeitsspeicher etc. oder lange Wartezeiten in der Anwendung an sich könnte man auch Malware zurückführen.

Klingt kommisch aber ich hoffe fast auf Malware, das heisst dann der Laptop hat noch paar Jahre vor sich. :)

Habe leider nur die Logs von Farbar Recovery Scan Tool.
FRST.TXT
Code:

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
durchgeführt von ****** (Administrator) auf LAP-OLI-PB (11-09-2016 23:28:01)
Gestartet von C:\Users\******\Desktop
Geladene Profile: ****** (Verfügbare Profile: ******)
Platform: Windows 10 Home Version 1607 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Paramount Software UK Ltd) C:\Program Files\Recovery\Macrium\ReflectService.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242696 2015-10-10] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040792 2016-01-12] (Realtek Semiconductor)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-08-10] (COMODO)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [112512 2015-08-17] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4926664 2016-02-26] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-24] (Valve Corporation)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Spotify Web Helper] => C:\Users\******\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1529456 2016-09-09] (Spotify Ltd)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Spotify] => C:\Users\******\AppData\Roaming\Spotify\Spotify.exe [6810224 2016-09-09] (Spotify Ltd)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-13] (Piriform Ltd)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [797328 2016-05-16] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\RunOnce: [Uninstall C:\Users\******\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\******\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX64.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\******\AppData\Local\MEGAsync\ShellExtX32.dll Keine Datei

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 80.69.96.12 81.210.129.4
Tcpip\..\Interfaces\{0f498ac4-a476-4e33-a194-99de110adfbf}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{77191118-40d6-490a-9730-6d19131c5d3d}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{e2180892-4d8c-462e-a018-ba019af41351}: [DhcpNameServer] 80.69.96.12 81.210.129.4

Internet Explorer:
==================
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2011-02-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-05-12] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-12] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-12] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1569932172-3107048923-2697670340-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\******\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-11-15] (Unity Technologies ApS)
FF Extension: (Fast Dial) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\extensions\fastdial@telega.phpnet.us [2016-05-29]
FF Extension: (Element Hiding Helper for Adblock Plus) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\elemhidehelper@adblockplus.org.xpi [2016-08-04]
FF Extension: (Firefox Hotfix) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-08]
FF Extension: (MEGA) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\firefox@mega.co.nz.xpi [2016-09-09]
FF Extension: (ProxTube) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\ich@maltegoetz.de.xpi [2016-08-24]
FF Extension: (Video Blocker) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\jid1-3OQ5HY7YsLBV7Q@jetpack.xpi [2016-08-27]
FF Extension: (Youtube Unblock VPN) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\vpn@youtube-unblock.org.xpi [2016-08-15]
FF Extension: (Adblock Plus) - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\gom9v00m.default-1459355360412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-08-10] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-08-10] (COMODO)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144072 2015-10-10] (ELAN Microelectronics Corp.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21744 2015-08-30] (Microsoft Corporation)
R2 ReflectService.exe; C:\Program Files\Recovery\Macrium\ReflectService.exe [3446224 2015-08-17] (Paramount Software UK Ltd)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [187024 2016-05-16] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [134656 2015-08-30] (Microsoft Corporation) [Datei ist nicht signiert]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [872432 2016-07-02] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [32224 2016-07-10] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [851864 2016-07-10] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [45600 2016-07-10] (COMODO)
S3 Hamachi; C:\Windows\System32\drivers\Hamdrv.sys [45680 2016-07-02] (LogMeIn Inc.)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [138568 2016-07-10] (COMODO)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2016-03-14] (Realsil Semiconductor Corporation)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-02-26] (Sandboxie Holdings, LLC)
R3 ScpVBus; C:\Windows\System32\drivers\ScpVBus.sys [39168 2015-11-20] (Scarlet.Crush Productions)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-03-14] (Synaptics Incorporated)
R3 tap0901t; C:\Windows\System32\drivers\tap0901t.sys [48824 2016-07-02] (Tunngle.net GmbH)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 xhunter1; C:\WINDOWS\xhunter1.sys [35880 2015-09-27] (Wellbia.com Co., Ltd.)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-11 23:28 - 2016-09-11 23:28 - 00013969 _____ C:\Users\******\Desktop\FRST.txt
2016-09-11 23:27 - 2016-09-11 23:28 - 00000000 ____D C:\FRST
2016-09-11 23:15 - 2016-09-11 23:27 - 02397696 _____ (Farbar) C:\Users\******\Desktop\FRST64.exe
2016-09-11 22:38 - 2016-09-11 22:38 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-11 22:31 - 2016-09-11 22:31 - 00000000 ____D C:\Users\******\Documents\Nexus Mod Manager
2016-09-11 22:01 - 2016-09-11 22:01 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-09-11 22:01 - 2016-09-11 22:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-09-11 21:47 - 2016-09-11 21:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-09-07 20:23 - 2016-09-07 20:23 - 00001255 _____ C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings.lnk
2016-09-07 20:22 - 2016-09-07 20:22 - 00000000 ____D C:\ProgramData\ATI
2016-09-07 20:15 - 2016-09-07 20:15 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-09-07 20:14 - 2016-09-07 20:14 - 00000000 ____D C:\Users\******\AppData\Roaming\library_dir
2016-09-07 20:14 - 2016-09-07 20:14 - 00000000 ____D C:\Users\******\AppData\Local\AMD
2016-09-07 20:14 - 2016-09-07 20:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-09-07 20:13 - 2016-09-07 20:13 - 00000000 ____D C:\Program Files (x86)\AMD
2016-09-07 20:10 - 2016-09-07 20:11 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-09-07 20:08 - 2016-09-07 20:08 - 00000000 ____D C:\Program Files (x86)\Crimson Radeon AMD DRIVER
2016-09-06 22:32 - 2016-09-06 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
2016-09-05 20:01 - 2016-09-05 20:01 - 00000000 ____D C:\Users\******\Documents\Diablo III
2016-09-05 13:04 - 2016-09-07 20:54 - 00000000 ____D C:\Users\******\AppData\Local\Battle.net
2016-09-05 13:04 - 2016-09-05 13:04 - 00000000 ____D C:\Users\******\AppData\Local\Blizzard Entertainment
2016-09-05 13:04 - 2016-09-05 13:04 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-09-05 13:03 - 2016-09-05 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-09-05 13:02 - 2016-09-05 13:05 - 00000000 ____D C:\Users\******\AppData\Roaming\Battle.net
2016-09-05 13:02 - 2016-09-05 13:02 - 00000000 ____D C:\ProgramData\Battle.net
2016-08-31 22:26 - 2016-08-31 22:26 - 00000719 _____ C:\Users\******\AppData\Local\recently-used.xbel
2016-08-31 21:58 - 2016-08-31 21:58 - 23682560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 22571008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 07814488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 07624192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 05722312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04612096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02680832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02257248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01906176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01875456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01430200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 01360464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-08-31 21:58 - 2016-08-31 21:58 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01279328 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01099608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-08-31 21:58 - 2016-08-31 21:58 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00987992 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00942424 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-08-31 21:58 - 2016-08-31 21:58 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00885832 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00852824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00846552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00681312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00658776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-08-31 21:58 - 2016-08-31 21:58 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-31 21:58 - 2016-08-31 21:58 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL
2016-08-31 21:58 - 2016-08-31 21:58 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL
2016-08-31 21:58 - 2016-08-20 07:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-31 21:58 - 2016-08-20 07:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-31 21:58 - 2016-08-19 03:33 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS
2016-08-24 11:07 - 2016-08-24 11:07 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-08-24 11:07 - 2016-08-24 11:07 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe
2016-08-24 11:07 - 2016-08-24 11:07 - 00450400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-08-24 11:07 - 2016-08-24 11:07 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-08-24 11:07 - 2016-08-24 11:07 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-08-24 11:07 - 2016-08-24 11:07 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 17187328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 13433856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 13080576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 03116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02422784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-24 11:06 - 2016-08-24 11:06 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-24 11:06 - 2016-08-24 11:06 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01694200 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01066096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01062400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00955008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00584032 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00509784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00381760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-08-24 11:06 - 2016-08-24 11:06 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe
2016-08-24 11:06 - 2016-08-24 11:06 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2016-08-24 11:06 - 2016-08-24 11:06 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe
2016-08-24 11:05 - 2016-08-24 11:05 - 12345344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-08-24 11:05 - 2016-08-24 11:05 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-08-24 11:05 - 2016-08-24 11:05 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00321280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-24 11:05 - 2016-08-24 11:05 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-24 11:05 - 2016-08-24 11:05 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-08-24 11:05 - 2016-08-24 11:05 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-08-24 11:05 - 2016-08-24 11:05 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-08-24 11:05 - 2016-08-24 11:05 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-08-14 17:35 - 2016-08-22 21:17 - 00000000 ____D C:\Users\******\AppData\Roaming\Dwarfs
2016-08-14 14:05 - 2016-08-14 14:05 - 00000718 _____ C:\Users\******\Desktop\YGOPro DevPro Launcher.lnk
2016-08-14 14:02 - 2016-08-14 14:05 - 00000000 ____D C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YGOPro DevPro Launcher
2016-08-14 13:57 - 2016-08-14 13:57 - 00000000 ____D C:\Users\******\AppData\Roaming\DevPro, LLC
2016-08-14 13:48 - 2016-08-14 13:48 - 00000000 ____D C:\Users\******\AppData\Local\ElevatedDiagnostics

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2016-09-11 23:26 - 2015-08-16 22:12 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2016-09-11 23:08 - 2016-08-07 18:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-11 23:06 - 2016-07-16 08:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI
2016-09-11 23:06 - 2016-01-28 12:38 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-09-11 23:05 - 2016-08-07 17:37 - 00000000 ____D C:\Users\******
2016-09-11 22:43 - 2015-08-29 23:33 - 00000000 ____D C:\Users\******\AppData\Roaming\Notepad++
2016-09-11 22:39 - 2016-01-11 22:27 - 00000000 ____D C:\Users\******\Desktop\Papiere
2016-09-11 22:37 - 2015-12-25 21:43 - 00000000 ____D C:\Users\******\AppData\Local\Black_Tree_Gaming
2016-09-11 22:25 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-09-11 22:13 - 2016-05-23 22:16 - 00000000 ____D C:\Users\******\Documents\BioWare
2016-09-11 22:01 - 2016-01-28 12:39 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-09-11 21:56 - 2016-03-25 01:13 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-11 21:55 - 2016-03-24 19:07 - 00000000 ____D C:\Users\******\Documents\PCSX2
2016-09-11 21:55 - 2016-03-24 18:55 - 00000000 ____D C:\Program Files (x86)\PCSX2 1.4.0
2016-09-11 21:48 - 2016-01-12 16:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-09-11 21:47 - 2016-08-04 19:44 - 00000000 ____D C:\ProgramData\Ubisoft
2016-09-11 14:05 - 2016-08-07 17:27 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-09-10 21:09 - 2015-08-16 22:03 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-10 20:46 - 2015-08-16 22:45 - 00000000 ____D C:\Users\******\AppData\Local\Spotify
2016-09-10 19:17 - 2015-08-16 22:41 - 00000000 ____D C:\Users\******\AppData\Roaming\Spotify
2016-09-10 18:03 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-09 16:52 - 2016-07-16 13:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 22:20 - 2015-08-16 21:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-07 20:34 - 2015-08-16 17:58 - 00000000 ____D C:\AMD
2016-09-07 20:13 - 2016-08-07 17:32 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-09-07 20:13 - 2016-08-07 17:31 - 00000000 ____D C:\Program Files\AMD
2016-09-07 20:10 - 2016-07-16 13:45 - 00000000 ____D C:\WINDOWS\INF
2016-09-06 22:09 - 2016-07-16 08:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-09-04 18:28 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\rescache
2016-09-03 21:45 - 2016-08-07 17:36 - 02372738 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-03 21:45 - 2016-07-17 00:51 - 01369346 _____ C:\WINDOWS\system32\perfh007.dat
2016-09-03 21:45 - 2016-07-17 00:51 - 00380096 _____ C:\WINDOWS\system32\perfc007.dat
2016-09-03 20:12 - 2016-02-10 18:18 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-09-03 20:07 - 2016-08-07 17:27 - 00425800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-09-03 20:05 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-09-02 14:35 - 2016-07-16 13:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-02 14:35 - 2016-07-16 13:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-02 14:35 - 2016-07-16 13:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-31 21:48 - 2016-07-16 13:43 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-31 21:48 - 2016-07-16 13:43 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-31 21:48 - 2016-07-16 13:43 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-31 21:48 - 2016-07-16 13:43 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-31 21:48 - 2016-07-16 13:42 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-31 21:48 - 2016-07-16 13:42 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-31 21:48 - 2016-07-16 13:42 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-31 21:48 - 2016-07-16 13:42 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00079544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-31 21:48 - 2016-07-16 13:42 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-26 17:16 - 2016-07-16 13:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-24 11:00 - 2016-07-16 13:43 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-23 23:30 - 2016-08-07 12:11 - 00000000 ____D C:\Program Files (x86)\Bethesda.net Launcher
2016-08-23 15:33 - 2016-03-06 19:00 - 00000000 ____D C:\Users\******\AppData\Roaming\Tunngle
2016-08-23 15:26 - 2016-07-02 22:22 - 00000000 ____D C:\ProgramData\Tunngle
2016-08-20 12:17 - 2014-12-14 11:15 - 00387066 __RSH C:\bootmgr
2016-08-19 14:16 - 2016-08-07 18:22 - 00000000 ____D C:\Windows.old
2016-08-17 13:06 - 2015-09-25 13:14 - 00000000 ____D C:\Program Files\JDownloader

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-12-03 23:34 - 2015-12-05 11:11 - 0000009 _____ () C:\Users\******\AppData\Roaming\.sunvox_pateditor
2015-12-03 23:34 - 2015-12-05 11:11 - 0000002 _____ () C:\Users\******\AppData\Roaming\.sunvox_soundnet
2015-12-03 23:34 - 2015-12-05 11:11 - 0000001 _____ () C:\Users\******\AppData\Roaming\.sunvox_timeline
2015-12-03 23:34 - 2015-12-03 23:34 - 0000016 _____ () C:\Users\******\AppData\Roaming\sunvox_config.ini
2016-08-31 22:26 - 2016-08-31 22:26 - 0000719 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2015-09-19 18:50 - 2015-09-19 18:50 - 0000017 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2016-08-07 17:30 - 2016-08-07 17:30 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\WINDOWS\system32\winlogon.exe => Datei ist digital signiert
C:\WINDOWS\system32\wininit.exe => Datei ist digital signiert
C:\WINDOWS\explorer.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\explorer.exe => Datei ist digital signiert
C:\WINDOWS\system32\svchost.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\svchost.exe => Datei ist digital signiert
C:\WINDOWS\system32\services.exe => Datei ist digital signiert
C:\WINDOWS\system32\User32.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\User32.dll => Datei ist digital signiert
C:\WINDOWS\system32\userinit.exe => Datei ist digital signiert
C:\WINDOWS\SysWOW64\userinit.exe => Datei ist digital signiert
C:\WINDOWS\system32\rpcss.dll => Datei ist digital signiert
C:\WINDOWS\system32\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\WINDOWS\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2016-09-03 18:02

==================== Ende von FRST.txt ============================


Jemand 11.09.2016 22:41

Hier noch die zweite Datei.
ADDITION.TXT
Code:

Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 31-08-2016
durchgeführt von **** (11-09-2016 23:29:24)
Gestartet von C:\Users\****\Desktop
Windows 10 Home Version 1607 (X64) (2016-08-07 16:08:19)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-1569932172-3107048923-2697670340-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1569932172-3107048923-2697670340-503 - Limited - Disabled)
Gast (S-1-5-21-1569932172-3107048923-2697670340-501 - Limited - Disabled)
**** (S-1-5-21-1569932172-3107048923-2697670340-1002 - Administrator - Enabled) => C:\Users\****

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: COMODO Antivirus (Enabled - Up to date) {D0CC7563-ABD2-DEBE-138E-FDD553335AF2}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Comodo Defense+ (Enabled - Up to date) {6BAD9487-8DE8-D130-293E-C6A728B4104F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Enabled) {E8F7F446-E1BD-DFE6-38D1-54E0ADE01D89}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Acrobat Reader DC - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Any Audio Converter 5.8.8 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Application Insights Tools for Visual Studio 2015 (x32 Version: 3.3.1 - Microsoft Corporation) Hidden
Audacity 2.1.0 (HKLM-x32\...\Audacity_is1) (Version: 2.1.0 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Bethesda.net Launcher (HKLM-x32\...\{3448917E-E4FE-4E30-9502-9FD52EABB6F5}_is1) (Version: 1.0 - Bethesda Softworks)
BitLord 2.4 (HKLM-x32\...\BitLord) (Version: 2.4.4-308 - House of Life)
Bloons TD5 (HKLM\...\Steam App 306020) (Version:  - Ninja Kiwi)
Build Tools for Windows 10 (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Buildtools für Windows 10 - DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Catalyst Control Center Next Localization BR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0226.1531.27895 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CodedUITestUAP (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
COMODO Internet Security Premium (HKLM\...\{367D1EA4-24FD-402F-AFF0-08A678D2EE28}) (Version: 8.2.0.4674 - COMODO Security Solutions Inc.)
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version:  - FromSoftware)
Defraggler (HKLM\...\Defraggler) (Version: 2.21 - Piriform)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dungeon Hearts (HKLM\...\Steam App 229520) (Version:  - Cube Roots)
Dwarfs F2P (HKLM\...\Steam App 213650) (Version:  - Power of 2)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
ELAN Touchpad 11.15.0.18_X64 (HKLM\...\Elantech) (Version: 11.15.0.18 - ELAN Microelectronic Corp.)
Erforderliche Komponenten für SSDT  (HKLM-x32\...\{2466E484-9D86-416B-9C88-AA533F15AF1C}) (Version: 12.0.2000.8 - Microsoft Corporation)
FINAL FANTASY XIII (HKLM-x32\...\Steam App 292120) (Version:  - SQUARE ENIX)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Hearts of Iron III (HKLM\...\Steam App 25890) (Version:  - Paradox Development Studio)
IDE Tools for Windows 10 (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
IDE-Tools für Windows 10 - DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
IIS 10.0 Express (HKLM\...\{5984D8DA-C1AF-4284-9C88-D7150425B315}) (Version: 10.0.1734 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{08274920-8908-45c2-9258-8ad67ff77b09}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{ad846bae-d44b-4722-abad-f7420e08bcd9}.sdb) (Version:  - )
Intellisense Lang Pack Mobile Extension SDK 10.0.10240.0 (x32 Version: 10.0.10240.0 - Microsoft Corporation) Hidden
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java SE Development Kit 8 Update 65 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180650}) (Version: 8.0.650.17 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kits Configuration Installer (x32 Version: 10.0.26624 - Microsoft) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.0 - Paramount Software (UK) Ltd.)
Macrium Reflect Free Edition (Version: 6.0.753 - Paramount Software (UK) Ltd.) Hidden
Mass Effect 2 (HKLM\...\Steam App 24980) (Version:  - BioWare)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (Deutsch) (HKLM-x32\...\{EE8BD24B-75E1-4BBF-86B9-91FE16ADE71C}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Help Viewer 2.2 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.2 Sprachpaket - DEU) (Version: 2.2.23107 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Might & Magic: Heroes VI (HKLM-x32\...\Steam App 48220) (Version:  - Blackhole)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Mozilla Firefox 48.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 de)) (Version: 48.0.2 - Mozilla)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
osu! (HKLM-x32\...\{9eadd332-79cc-42e6-9efe-cc44fe3d55ec}) (Version: latest - ppy Pty Ltd)
paint.net (HKLM\...\{DD393E4D-76FA-4CCD-84F3-CD9D75C14862}) (Version: 4.0.10 - dotPDN LLC)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version:  - Grinding Gear Games)
PAYDAY 2 (HKLM\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
Projekt- und Elementvorlagen für Visual Studio Express 2015 für Windows 10 – DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Projekt- und Elementvorlagen für Visual Studio Professional 2015 – DEU (x32 Version: 14.0.23121 - Microsoft Corporation) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
Sandboxie 5.10 (64-bit) (HKLM\...\Sandboxie) (Version: 5.10 - Sandboxie Holdings, LLC)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
SpellForce: Platinum Edition (HKLM-x32\...\Steam App 39540) (Version:  - Phenomic)
Spelunky (HKLM-x32\...\Steam App 239350) (Version:  - )
Spotify (HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\Spotify) (Version: 1.0.37.150.gad02a02e - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Team Fortress 2 (HKLM\...\Steam App 440) (Version:  - Valve)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.17 - TeamSpeak Systems GmbH)
Terraria (HKLM-x32\...\Steam App 105600) (Version:  - Re-Logic)
The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - Edmund McMillen and Florian Himsl)
The Elder Scrolls Legends (HKLM-x32\...\The Elder Scrolls Legends) (Version:  - Bethesda Softworks)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
The Wolf Among Us (HKLM-x32\...\Steam App 250320) (Version:  - Telltale Games)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.8.7 - Tunngle.net GmbH)
TWIN PS TO PC CONVERTER (HKLM-x32\...\{1BBDD6C0-ED6F-43C3-8A9C-84E3249A5615}) (Version: 2007.01.01 - )
Unity (HKLM-x32\...\Unity) (Version: 5.2.3f1 - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\UnityWebPlayer) (Version: 5.2.3f1 - Unity Technologies ApS)
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Uplay (HKLM-x32\...\Uplay) (Version: 7.4 - Ubisoft)
USB Dual Vibration Joystick - Twin (HKLM-x32\...\{21A6E85C-0310-4623-BE61-35DFE2F9AA88}) (Version: 2005.10.24 - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinAppDeploy (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Windows Software Development Kit - Windows 10.0.26624 (HKLM-x32\...\{e7a0c8b6-b0e9-41e2-8a0a-a6784f88d1d4}) (Version: 10.0.26624 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
WinRT Intellisense Desktop - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - en-us (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
WinRT Intellisense Xbox Live Extension SDK - Other Languages (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Worms Clan Wars (HKLM-x32\...\Steam App 233840) (Version:  - Team17 Digital Ltd)
YGOPro DevPro Launcher (HKLM-x32\...\{1692A049-9333-4C7B-A5A8-EC8E1864BA53}) (Version: 4.0.0 - DevPro, LLC)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\****\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {015D6CB4-9F78-4E05-9B61-EB0A08B021CE} - System32\Tasks\{31DDBD37-5DB7-4030-8064-10B0CAA806C3} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-08-10] (COMODO)
Task: {03674BD4-A4A5-4433-BB4B-2EE6EA1693F7} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {1239A6C3-B0CE-4D98-9DC3-F7561D2AB360} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-02-26] (Advanced Micro Devices, Inc.)
Task: {1BAB93E9-EB45-4470-98CC-D04D00BA2BA4} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {3E8836AF-D299-4443-9A10-4B71F9B58E9C} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-08-10] (COMODO)
Task: {5F2BA883-3584-4012-B8DA-972D77B34815} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {64629857-7990-4B1F-BDDD-D816B855F2E3} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-10] (COMODO)
Task: {75BEE7BA-9E52-4312-B0A3-EBD5A369E569} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {794C9EB2-6ACB-4AE4-9F4F-457C64E90E3E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-07-13] (Adobe Systems Incorporated)
Task: {D2BB3FD3-ECBA-4D78-8B03-7B3F8E2C4203} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-12] (Adobe Systems Incorporated)
Task: {DAAF1676-FA98-46E1-998F-191DCFC59DF7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-06-13] (Piriform Ltd)
Task: {DF3290C5-35C7-42C3-8F16-CDB7194589DE} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> Keine Datei <==== ACHTUNG

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DTRXY.job => C:\Users\Oli\AppData\Roaming\DTRXY.exe <==== ACHTUNG

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2016-07-16 13:42 - 2016-07-16 13:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-01-08 23:02 - 2016-03-16 12:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2016-07-16 13:42 - 2016-07-16 13:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-07 18:29 - 2016-08-07 18:29 - 00959168 _____ () C:\Users\****\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2011-03-17 00:07 - 2011-03-17 00:07 - 04297568 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-07-16 13:42 - 2016-07-16 13:42 - 00130048 _____ () C:\WINDOWS\SYSTEM32\CHARTV.dll
2016-07-16 13:42 - 2016-07-16 13:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-07-16 13:43 - 2016-08-24 11:00 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-07-16 13:43 - 2016-08-31 21:48 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-16 13:43 - 2016-08-31 21:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-31 21:58 - 2016-08-31 21:58 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-06-25 16:34 - 2015-06-25 16:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 16:37 - 2015-06-25 16:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 16:35 - 2015-06-25 16:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 16:38 - 2015-06-25 16:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 15:53 - 2015-06-25 15:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 15:51 - 2015-06-25 15:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-08-30 15:30 - 2016-08-30 15:30 - 00071168 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-08-30 15:30 - 2016-08-30 15:30 - 00178176 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-08-30 15:30 - 2016-08-30 15:30 - 35288064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkyWrap.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\WINDOWS\RtlExUpd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AcpiServiceVnA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAC64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AERTAR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_as64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\amdocl_ld64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\appverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXApplicabilityBlob.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AppXDeploymentServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audioLibVc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CastLaunch.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdd.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\cdpreference.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ClipUp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\clusapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\coinst_15.20.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ConsoleLogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\CX64APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3d12SDKLayers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_35.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_40.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_33.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_39.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_24.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_25.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_26.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_27.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_28.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_29.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_30.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_37.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_39.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dafpos.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\das.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dasHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DataSenseHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPA64F3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPD64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPO64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DDPP64AF3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DeviceCensus.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\difx64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOProp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv201.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DolbyDAX2APOv211.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\domgmt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dosvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DscCoreConfProv.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSBoostDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSGFXAPONS64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLFXAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSLimiterDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSNeoPCDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSSymmetryDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PGFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PLFX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\DTSU2PREC64.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ETDCoInstaller01000.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\facecredentialprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FMAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FrameServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\fveapibase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GenValObj.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\GfxUI.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\HiFiDAX2API.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hkcmd.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hpbcoinsx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvax64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvix64.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\hvloader.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ICEsoundAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ie4uinit.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxext.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxpers.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxsrvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\igfxtray.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\IntelSSTAPO.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\IntelSstCApoPropPage.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\KAAPORT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\kdhvcom.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\KnobsCsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LicenseManagerSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO20.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO5064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO6064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPO7064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioAPOShell64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioEQ64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxAudioRealtek64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxSpeechAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO2064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO3064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVoiceAPO4064.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MaxxVolumeSDAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\microsoft.windows.softwarelogo.showdesktop.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MISS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msctf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\msdxm.ocx:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusNotification.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\MusUpdateHandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICAPOlfx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NahimicAPONSControl.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NAHIMICV2apo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NetworkMobileSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\NFCProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\OpenAL32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provdatastore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provengine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provhandlers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provisioningcsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provops.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ProvPluginEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\provtool.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\qmgr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEA64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\R4EEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RCoInstII64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\reseteng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\ResetEngine.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RltkAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DAA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RP3DHT64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\rpcrt4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\RTCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtCRX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtDataProc64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEED64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEG64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEL64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTEEP64A.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkApi64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCfg64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtkCoLDR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtlCPAPI64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RtPgEx64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\RTSnMg64.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\samsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SECOMN64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SEHDRA64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_nt.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFNHK64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SFSS_APO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\shutdownux.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sl3apo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slcnt64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\slprp64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sltech64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\sppsvc.exe:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRAPO64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\SRCOM64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRRPTR64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSHP64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSH64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSTSX64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SRSWOW64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorageUsage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\StorSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\SysResetErr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\systemreset.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tadefxapo264.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tepeqapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosade.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tosasfapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\toseaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaeapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tossaemaxapo64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\usocore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\w32time.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WavesGUILib64.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WdfCoInstaller01011.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WiFiConfigSP.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wifiprofilessettinghandler.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinBioDataModelOOBE.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wincorlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Search.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winmde.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\winresume.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlanmsm.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansec.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wlansvcpal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wmploc.DLL:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\WpAXHolder.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wpninprc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wrap_oal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wuuhext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwanprotdim.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\x3daudio1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_10.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_5.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_6.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_7.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_8.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine2_9.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_0.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\XblAuthManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_1.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_2.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\xinput1_3.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\YamahaAE2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\aclui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_as32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\amdocl_ld32.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\appverif.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\bcastdvr.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\BcastDVRHelper.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakra.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakradiag.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Chakrathunk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ClipboardServer.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudBackupSettings.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\clusapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\combase.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\container.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\CredProvDataModel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_G18030.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\c_GSM7.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\C_IS2022.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3D12.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dcsx_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx10_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx11_43.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_24.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_25.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_26.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_27.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_28.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_29.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_30.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_33.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_34.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_35.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\d3dx9_36.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_37.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_38.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_40.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_41.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\D3DX9_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dancemat.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\delegatorprovider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\deviceassociation.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\DscCoreConfProv.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\encapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\FSClient.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GamePanel.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\GdiPlus.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iedkcs32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iernonce.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\iesetup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\indexeddbserver.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\inetcpl.cpl:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgent.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LicenseManager.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\LockAppHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MCRecvSrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfksproxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfnetsrc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsensorgroup.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsrcsnk.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mfsvr.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mispace.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\MSAJApi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msctf.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\msfeeds.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\mstsc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\netiougc.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinelsa.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\offlinesam.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\OpenAL32.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\pidgenx.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RltkAPO.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\RsCRIcon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\samlib.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SECOMN32.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncCore.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SFCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\slcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\smphost.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppc.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\sppcext.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\SRCOM.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\storagewmi_passthru.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\StoreAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tcpipcfg.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\tsmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\twinui.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\updatepolicy.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\uReFS.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\urlmon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\vsjitdebugger.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wfdprov.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\win32kfull.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wincorlib.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\windows.storage.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\winmde.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WinTypes.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wlanhlp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wrap_oal.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_fs.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\wsp_health.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\WWAHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\x3daudio1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\X3DAudio1_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_10.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_8.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine2_9.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_4.dll:$CmdTcID [130]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xactengine3_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_4.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_6.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_1.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xinput1_3.dll:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\xliveinstallhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ClipSp.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgkrnl.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms1.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\dxgmms2.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ETD.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Hamdrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidclass.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidparse.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hidusb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\hvservice.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\partmgr.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\pdc.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\rdbss.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RTKVHD64.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\RtsUer.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\ScpVBus.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\stornvme.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tap0901t.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\usbvideo.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\wof.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\system32\Drivers\xinputhid.sys:$CmdTcID [64]
AlternateDataStreams: C:\WINDOWS\SysWOW64\Drivers\hid8101.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\****\Desktop\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\****\Desktop\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\****\Desktop\SpeedAutoClicker.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\****\Desktop\SpeedAutoClicker.exe:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\123simsen.com -> www.123simsen.com

Da befinden sich 7902 mehr Seiten.


==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2015-07-10 13:04 - 2016-06-13 18:54 - 00452618 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        www.007guard.com
127.0.0.1        007guard.com
127.0.0.1        008i.com
127.0.0.1        www.008k.com
127.0.0.1        008k.com
127.0.0.1        www.00hq.com
127.0.0.1        00hq.com
127.0.0.1        010402.com
127.0.0.1        www.032439.com
127.0.0.1        032439.com
127.0.0.1        www.0scan.com
127.0.0.1        0scan.com
127.0.0.1        1000gratisproben.com
127.0.0.1        www.1000gratisproben.com
127.0.0.1        1001namen.com
127.0.0.1        www.1001namen.com
127.0.0.1        100888290cs.com
127.0.0.1        www.100888290cs.com
127.0.0.1        www.100sexlinks.com
127.0.0.1        100sexlinks.com
127.0.0.1        10sek.com
127.0.0.1        www.10sek.com
127.0.0.1        www.1-2005-search.com
127.0.0.1        1-2005-search.com
127.0.0.1        123fporn.info
127.0.0.1        www.123fporn.info
127.0.0.1        123haustiereundmehr.com
127.0.0.1        www.123haustiereundmehr.com
127.0.0.1        123moviedownload.com
127.0.0.1        www.123moviedownload.com

Da befinden sich 15529 zusätzliche Einträge.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 80.69.96.12 - 81.210.129.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\Services: WdiServiceHost => 3
MSCONFIG\Services: WdiSystemHost => 3
HKLM\...\StartupApproved\Run: => "BCSSync"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "SDTray"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-1569932172-3107048923-2697670340-1002\...\StartupApproved\Run: => "SandboxieControl"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{48995F9D-ED02-4663-9144-93AC15A74D3F}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [TCP Query User{70BE5F83-B4E6-4D46-9030-335AC964A5D6}C:\program files (x86)\bitlord\bitlord.exe] => (Allow) C:\program files (x86)\bitlord\bitlord.exe
FirewallRules: [UDP Query User{41135D4E-812D-4281-855C-813533A53186}D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [TCP Query User{DB354F64-92D2-4671-9FBD-194EE60CB987}D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\terraria\terrariaserver.exe
FirewallRules: [{C3450841-E759-4A0C-85A8-43E71C6AEC5A}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{5869E20D-C1D7-447F-9CBD-F6F100EE0897}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{2A467F24-B89D-44A0-BC0F-AF3CC0C882F9}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{284ACB0A-4808-40B4-935A-4872E102F339}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [UDP Query User{61F6F739-2980-48CF-A6AB-B0C035F650C9}D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe
FirewallRules: [TCP Query User{FCF15AD6-38DB-400C-8F57-049EE393E688}D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe] => (Allow) D:\spiele\steamlibrary\steamapps\common\hearts of iron 3\hoi3game.exe
FirewallRules: [{2D70869F-08C6-4696-AE16-EA94180DB16A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{B4F88666-A525-4109-844F-7D01A424A711}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\BloonsTD5\BTD5-Win.exe
FirewallRules: [{63BBA00A-4EC6-437C-B2F1-FC8F78943EF8}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{BB5D8612-A4AA-4684-ABF6-FA3801331B75}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hearts of Iron 3\hoi3.exe
FirewallRules: [{D655D067-4905-49DB-A9CB-96367C4DE603}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{ABCEB4F8-CE7D-4C02-B1BA-BF16D406D979}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Team Fortress 2\hl2.exe
FirewallRules: [{46D6953E-D0FB-4001-BD28-86C640EE6E59}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dungeon Hearts\DungeonHearts.exe
FirewallRules: [{66CF4572-C844-4456-94F1-B78B5270AE11}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dungeon Hearts\DungeonHearts.exe
FirewallRules: [{66AED8F3-8150-4951-88BD-72EA8C52EB8D}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{50D80CBE-E2D8-468C-8784-C10B4110BC9E}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{CEC70388-DAD2-4246-B185-0B1C798E9DC6}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{602A4A9A-24E3-4BA5-B094-77027B4B4C67}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\MassEffect2Launcher.exe
FirewallRules: [{799D7E3B-2999-4639-B58C-B686322F4E9A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{34D5F8F4-5F3A-4A42-9947-269753BA1385}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Mass Effect 2\Binaries\MassEffect2.exe
FirewallRules: [{C77632A9-7018-425B-A512-71E151BD0A9E}] => (Block) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{0BF3C07F-5197-4A67-941A-082077AC523F}] => (Block) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [UDP Query User{4A51D5B8-5158-42BC-B638-F3B1F43F0F66}D:\spiele\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [TCP Query User{508725AC-C404-43AB-833B-D23B09668902}D:\spiele\mass effect 3\binaries\win32\masseffect3.exe] => (Allow) D:\spiele\mass effect 3\binaries\win32\masseffect3.exe
FirewallRules: [{BB8AFD41-D797-4234-8911-C23F86A1777A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CA778D11-0055-45E3-B070-42E6EB6FC38F}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{783B3295-A1D8-47F3-98E3-BC86204D11CA}] => (Block) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [{76A93D52-6512-4003-8DB6-8203529BD357}] => (Block) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [{DE221435-667B-420E-90F2-4A401333A269}] => (Block) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [{A0712465-EEF5-40FF-AF1E-46F2E80141B1}] => (Block) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{0B5A9FD5-EC7E-4BA3-833A-6931BE7236D9}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [TCP Query User{424E45D1-CBA0-4892-9ABA-E4E4905B389D}C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe] => (Allow) C:\program files (x86)\greenfoot\jdk\jre\bin\java.exe
FirewallRules: [UDP Query User{456F7E64-36B6-4B44-8664-A47294F54996}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [TCP Query User{BA6DD9B3-82A7-4CE1-AE47-5F2234806C24}C:\program files (x86)\greenfoot\greenfoot.exe] => (Allow) C:\program files (x86)\greenfoot\greenfoot.exe
FirewallRules: [{A8E2C4A2-E8B9-42DB-9DA0-EA7F100C14D2}] => (Block) C:\program files (x86)\emule\emule.exe
FirewallRules: [{A730966F-5AC0-440E-9A4C-C59C6B7E6C44}] => (Block) C:\program files (x86)\emule\emule.exe
FirewallRules: [UDP Query User{96D4C42F-AE72-460E-BF2C-5C460B70D3B0}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [TCP Query User{1BA9E8F0-CF05-46D8-B91A-D7EDE8B5739F}C:\program files (x86)\emule\emule.exe] => (Allow) C:\program files (x86)\emule\emule.exe
FirewallRules: [{B33796D1-9091-4E6C-B61C-1ECCF2A310A3}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{65E99DA2-B57C-4010-9FC2-DDFD8E07C19D}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Path of Exile\PathOfExileSteam.exe
FirewallRules: [{21444110-8D33-433B-AC36-727828F5A0AA}] => (Allow) D:\Spiele\Der Herr der Ringe\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{4FDA16CE-2505-40ED-9678-33E6A722D34D}] => (Allow) D:\Spiele\Der Herr der Ringe\Aufstieg des Hexenkönigs\game.dat
FirewallRules: [{01228E9C-AD6D-4A5F-B83E-10BCAB13E7C8}] => (Block) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [{ABCA3E1C-7128-448A-8626-0952634E8703}] => (Block) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [UDP Query User{AF98012A-B07D-490B-8418-8E48722380E4}D:\spiele\die siedler\bin\settlershok.exe] => (Allow) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [TCP Query User{963F9CEA-BDEB-4FC1-B921-3AC5C18B6734}D:\spiele\die siedler\bin\settlershok.exe] => (Allow) D:\spiele\die siedler\bin\settlershok.exe
FirewallRules: [{252C92BE-013D-43D0-83C4-C1C0BFB91CAA}] => (Allow) D:\Spiele\Der Herr der Ringe\Die Schlacht um Mittelerde 2\game.dat
FirewallRules: [{EE02361A-F2E5-4A09-A98C-385A5BB41B95}] => (Allow) D:\Spiele\Der Herr der Ringe\Die Schlacht um Mittelerde 2\game.dat
FirewallRules: [{43B55578-6BDB-4F06-A87C-8780C9FFD5F6}] => (Block) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{2B6F886F-5009-4DC1-A346-C6F92954183E}] => (Block) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{6AFDD3F3-890F-4FAE-9103-DC6DE309039D}D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{54E08482-FF3C-4D2F-BB7B-F68C722DF177}D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) D:\spiele\mine\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{DD8B88E5-9198-4007-A4D1-D1DF558874F4}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5DFC4B84-2BF5-43C1-90AF-3A84AB503ECF}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{F967A77B-483F-41CD-9892-6E8FB9BA4B94}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [{224A6B75-0FBB-44D9-9172-21F0887D1542}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\FINAL FANTASY XIII\FFXiiiLauncher.exe
FirewallRules: [UDP Query User{2BD6D70F-C0A7-4A6F-BB7F-F80C5307EDAB}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [TCP Query User{D2D08C83-EF86-4F08-A06F-D5D86AADE1DE}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Block) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{F8FC1E9F-7242-4568-A9E9-9EAA5AAF09B3}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{F97EC449-EEE0-4B82-A543-2BF510B49E37}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{35C342DF-F5C2-4B91-A191-0D68CB449B04}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [{16DC3BE2-51AE-41A2-8C89-81859905B40D}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Skyrim\SkyrimLauncher.exe
FirewallRules: [UDP Query User{7B86B5C1-7AA8-48AE-8856-24FD45C35118}C:\users\****\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\****\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [TCP Query User{ED10F665-2C18-4831-A863-7390E08F4803}C:\users\****\appdata\local\mycomgames\mycomgames.exe] => (Allow) C:\users\****\appdata\local\mycomgames\mycomgames.exe
FirewallRules: [{0416C2AD-DC2E-471B-A83B-B9E3389A76D5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{99299E44-FA11-4165-9B25-5CA60293CBF9}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{886489E4-6B8A-4055-80CE-1BA50EF589EA}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B5C9A031-30C2-4CBC-9AF3-87AB0E0DD365}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{37FC875E-8630-45EE-97A7-9571E2D1BF65}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{54F3CA4F-D8B6-41D7-BAFA-317C3D3E1342}C:\users\****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\****\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7AD99014-5865-47CC-BE43-DF79F08FDE2A}C:\users\****\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\****\appdata\roaming\spotify\spotify.exe
FirewallRules: [{4221A666-03F5-4427-98B6-8C38FEEA49BC}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{DA870BA2-9EBC-4764-B3ED-A090F5C00ADB}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F9FE07D3-C77D-4787-A01B-E0C244474662}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{B85B0AF5-DB82-4EFA-8DD6-62901CF6AACE}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Binding Of Isaac\Isaac.exe
FirewallRules: [{F49D0D8B-831E-457B-8DA2-ABA74C736ECF}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{BAE2B0C4-62B4-43E1-9C95-DB6F35CF8403}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{1F27AC58-C2DA-46AA-B3A3-AB8D702531F0}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{B86B6AF0-D163-40DD-9FC9-AE85BBD81838}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Hammerwatch\editor\HammerEditor.exe
FirewallRules: [{C811A82F-ADAE-434C-A95E-F61875CC94D4}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{FB42C8D9-E183-4FA5-8E0C-7E45B0540D32}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\GarrysMod\hl2.exe
FirewallRules: [{4F62A6B7-C7B3-42D0-B8E9-7010AB7D9A63}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{743F628B-F4E7-4BD3-9962-50FD0FB561CE}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spelunky\Spelunky.exe
FirewallRules: [{68B273B1-0B0A-4639-A2B7-F1838F7B117B}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spellforce Platinum Edition\SpellForce.exe
FirewallRules: [{8DDE4948-891D-408A-9FC4-12E38CF380A6}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Spellforce Platinum Edition\SpellForce.exe
FirewallRules: [{60BA14F7-246F-4B31-8FC8-F29B030B44BD}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{098AE387-B780-4FFC-BFF6-45924FE2470A}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Might and Magic Heroes VI\Might & Magic Heroes VI.exe
FirewallRules: [{2009438C-9D04-4A02-B92A-67A827DAEF0A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7B66C41F-51BD-4C82-8558-DBD8C7D0771F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{A1BFDC89-2E93-427B-8807-57E603AECAEB}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{467DDB3C-4DC4-4332-9577-3B3F7DFBEB23}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\The Wolf Among Us\TheWolfAmongUs.exe
FirewallRules: [{04534171-8901-40D0-AF0C-AF7C46DC63D9}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{A281FCF4-0B34-4D92-AE72-0525A88867A5}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Worms Clan Wars\WormsClanWars.exe
FirewallRules: [{825CCF75-A32A-4CB8-9BDB-944C009FFEBD}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{D2004C31-161B-4802-AA8F-C44A7E805CBA}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{BCBC91F1-2D2F-44B9-B4E9-2A8D91179BE0}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\EYE\EYE.exe
FirewallRules: [{F7AE4D4F-3776-430C-86CD-200EB5315C47}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\EYE\EYE.exe
FirewallRules: [TCP Query User{4B05177D-C763-47F3-A640-0A4731AC790A}C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe] => (Allow) C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe
FirewallRules: [UDP Query User{20FF2E8E-2C80-4E1B-BF05-945651BFAFFF}C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe] => (Allow) C:\program files\unity\editor\data\playbackengines\webglsupport\buildtools\emscripten_win\node\node.exe
FirewallRules: [TCP Query User{05CB7A23-3EAB-41EB-9DC9-0BE7B5D51204}D:\spiele\devpro\ygopro_devpro.exe] => (Allow) D:\spiele\devpro\ygopro_devpro.exe
FirewallRules: [UDP Query User{FC1B05F6-B299-4B9A-8577-FB3999779C18}D:\spiele\devpro\ygopro_devpro.exe] => (Allow) D:\spiele\devpro\ygopro_devpro.exe
FirewallRules: [{D7800AEB-FC0D-4A56-B2DF-7225BDAAF224}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dwarfs - F2P\Dwarfs.exe
FirewallRules: [{0E99DC6D-A784-4DFB-A41B-B4CE89D882ED}] => (Allow) D:\Spiele\SteamLibrary\steamapps\common\Dwarfs - F2P\Dwarfs.exe
FirewallRules: [TCP Query User{0380B152-32D4-4330-9C35-2588AA7817E2}D:\spiele\battle.net\diablo iii\diablo iii.exe] => (Allow) D:\spiele\battle.net\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{5DDA787F-E14C-494E-B4E7-4CB2459FC9CD}D:\spiele\battle.net\diablo iii\diablo iii.exe] => (Allow) D:\spiele\battle.net\diablo iii\diablo iii.exe
FirewallRules: [{599A5A10-3CD5-4EB0-A3D3-232B3B866F1E}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{34ADEA33-DAC8-402F-B745-115B6C8158CE}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr.exe
FirewallRules: [{764115B7-B498-4BA9-BE6A-A35512965A57}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{0D06C7CD-3E6F-4C5C-9017-7CD9C5C17A38}] => (Allow) C:\Program Files (x86)\Raptr Inc\Raptr\raptr_im.exe
FirewallRules: [{7A06E664-7164-4ECC-8D3D-185FCE63C598}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{7E4D8387-C64A-4FB9-AD10-1C74A1826E2F}] => (Allow) C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv.exe

==================== Wiederherstellungspunkte =========================

01-09-2016 16:50:15 Windows Update
09-09-2016 19:41:11 Geplanter Prüfpunkt
11-09-2016 22:31:17 Removed Greenfoot

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/11/2016 10:37:10 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm NexusClient.exe, Version 0.61.23.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Systemsteuerung "Sicherheit und Wartung", um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 1acc

Startzeit: 01d20c6b6a948a1e

Beendigungszeit: 4294967295

Anwendungspfad: C:\Program Files\Nexus Mod Manager\NexusClient.exe

Berichts-ID: 805e3114-785f-11e6-9c6a-3859f96b9301

Vollständiger Name des fehlerhaften Pakets:

Auf das fehlerhafte Paket bezogene Anwendungs-ID:

Error: (09/11/2016 10:31:18 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/11/2016 10:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NexusClient.exe, Version: 0.61.23.0, Zeitstempel: 0x57335ff7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 10.0.14393.0, Zeitstempel: 0x57899809
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000000000017788
ID des fehlerhaften Prozesses: 0xa64
Startzeit der fehlerhaften Anwendung: 0x01d20c65afa964f5
Pfad der fehlerhaften Anwendung: C:\Program Files\Nexus Mod Manager\NexusClient.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\System32\KERNELBASE.dll
Berichtskennung: 556be27b-36db-412a-9a4f-cce32406916a
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/11/2016 10:26:57 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: NexusClient.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: Nexus.Transactions.RollbackException
  bei Nexus.Transactions.Transaction.Rollback()
  bei Nexus.Transactions.TransactionScope.Dispose()
  bei Nexus.Client.ModManagement.ModUninstaller.RunTasks()
  bei Nexus.Client.Util.Threading.TrackedThread.RunThread()
  bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
  bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
  bei System.Threading.ThreadHelper.ThreadStart()

Error: (09/11/2016 09:48:54 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "QueryFullProcessImageNameW" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070006, Das Handle ist ungültig.
.


Vorgang:
  Asynchroner Vorgang wird ausgeführt

Kontext:
  Aktueller Status: DoSnapshotSet

Error: (09/11/2016 09:48:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/10/2016 04:11:49 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: Die Open-Prozedur für den Dienst "BITS" in der DLL "C:\Windows\System32\bitsperf.dll" war nicht erfolgreich. Die Leistungsdaten für diesen Dienst sind nicht verfügbar. Die ersten vier Bytes (DWORD) des Datenbereichs enthalten den Fehlercode.

Error: (09/09/2016 07:41:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (09/07/2016 10:13:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Diablo III.exe, Version: 2.4.2.39192, Zeitstempel: 0x57b4ed81
Name des fehlerhaften Moduls: ntdll.dll, Version: 10.0.14393.103, Zeitstempel: 0x57b7e09e
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003f793
ID des fehlerhaften Prozesses: 0x1818
Startzeit der fehlerhaften Anwendung: 0x01d2093689f45a02
Pfad der fehlerhaften Anwendung: D:\Spiele\Battle.net\Diablo III\Diablo III.exe
Pfad des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\ntdll.dll
Berichtskennung: de3c3f45-286d-4d07-ac5a-28676377d457
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:

Error: (09/07/2016 08:34:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: cnext.exe, Version: 10.1.1.1522, Zeitstempel: 0x56d0b595
Name des fehlerhaften Moduls: Qt5Core.dll, Version: 5.5.0.0, Zeitstempel: 0x558c6b3a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000083250
ID des fehlerhaften Prozesses: 0x7cc
Startzeit der fehlerhaften Anwendung: 0x01d2093471848c32
Pfad der fehlerhaften Anwendung: C:\Program Files\AMD\CNext\CNext\cnext.exe
Pfad des fehlerhaften Moduls: C:\Program Files\AMD\CNext\CNext\Qt5Core.dll
Berichtskennung: e5220d43-0f92-4323-8a08-8d4f6a10a61c
Vollständiger Name des fehlerhaften Pakets:
Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


Systemfehler:
=============
Error: (09/11/2016 11:10:18 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler

Error: (09/11/2016 11:08:26 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/11/2016 11:08:16 PM) (Source: SbieSvc) (EventID: 9234) (User: )
Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823

Error: (09/11/2016 11:08:11 PM) (Source: SbieDrv) (EventID: 1103) (User: )
Description: SBIE1103 Sandboxie-Treiber (SbieDrv) version 5.10 konnte nicht gestartet werden

Error: (09/11/2016 11:08:11 PM) (Source: SbieDrv) (EventID: 1113) (User: )
Description: SBIE1113 Kann Nt System Service nicht finden, Grund AcceptConnectPort

Error: (09/11/2016 11:08:11 PM) (Source: SbieDrv) (EventID: 1113) (User: )
Description: SBIE1113 Kann Nt System Service nicht finden, Grund MASTER TABLE

Error: (09/11/2016 02:09:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Plattformdienst für verbundene Geräte" wurde mit folgendem Fehler beendet:
Unbekannter Fehler

Error: (09/11/2016 02:07:53 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen für "Anwendungsspezifisch" wird dem Benutzer "NT-AUTORITÄT\SYSTEM" (SID: S-1-5-18) unter der Adresse "LocalHost (unter Verwendung von LRPC)" keine Berechtigung vom Typ "Lokal Aktivierung" für die COM-Serveranwendung mit der CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 und der APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 im Anwendungscontainer "Nicht verfügbar" (SID: Nicht verfügbar) gewährt. Die Sicherheitsberechtigung kann mit dem Verwaltungstool für Komponentendienste geändert werden.

Error: (09/11/2016 02:07:03 PM) (Source: SbieSvc) (EventID: 9234) (User: )
Description: SBIE9234 Service startup error level 9153 status=C0000001 error=-1073741823

Error: (09/11/2016 02:06:58 PM) (Source: SbieDrv) (EventID: 1103) (User: )
Description: SBIE1103 Sandboxie-Treiber (SbieDrv) version 5.10 konnte nicht gestartet werden


CodeIntegrity:
===================================
  Date: 2016-09-11 23:07:10.358
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-11 14:05:56.924
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-10 18:26:26.545
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-07 20:17:35.951
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 22:10:26.133
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 22:10:02.348
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 22:09:40.208
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 22:09:39.419
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-06 21:54:39.547
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2016-09-03 21:38:50.390
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-2430M CPU @ 2.40GHz
Prozentuale Nutzung des RAM: 36%
Installierter physikalischer RAM: 5995.86 MB
Verfügbarer physikalischer RAM: 3812.86 MB
Summe virtueller Speicher: 12139.86 MB
Verfügbarer virtueller Speicher: 9851.99 MB

==================== Laufwerke ================================

Drive c: (Win7Home) (Fixed) (Total:194.55 GB) (Free:117.47 GB) NTFS ==>[Laufwerk mit Startkomponenten (eingeholt von BCD)]
Drive d: (Data) (Fixed) (Total:405.56 GB) (Free:65.01 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 09B2C708)
Partition 1: (Not Active) - (Size=100 MB) - (Type=17)
Partition 2: (Active) - (Size=194.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=783 MB) - (Type=27)
Partition 4: (Not Active) - (Size=503.2 GB) - (Type=OF Extended)

==================== Ende von Addition.txt ============================


Ich hoffe ist alles richtig so und wünsche noch nen angenehmen Start in die Woche!

deeprybka 25.09.2016 15:32

:hallo:

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
  • Führe bitte nur Scans durch, zu denen Du von mir aufgefordert wurdest.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
  • Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig
  • Poste die Logfiles direkt in Deinen Thread in Code-Tags.
  • Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 24 Stunden nichts von mir liest, dann schreibe mir bitte eine PM.

Hinweis:
Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden.
Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert.
Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst.


Los geht's:

Schritt 1
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Jemand 26.09.2016 08:59

Hallo,
hier der Report:
Code:

09:46:33.0328 0x05c8  TDSS rootkit removing tool 3.1.0.11 Aug  5 2016 12:13:31
09:47:00.0339 0x05c8  ============================================================
09:47:00.0340 0x05c8  Current date / time: 2016/09/26 09:47:00.0339
09:47:00.0340 0x05c8  SystemInfo:
09:47:00.0363 0x05c8 
09:47:00.0363 0x05c8  OS Version: 10.0.14393 ServicePack: 0.0
09:47:00.0363 0x05c8  Product type: Workstation
09:47:00.0363 0x05c8  ComputerName: LAP-OLI-PB
09:47:00.0363 0x05c8  UserName: Oliver
09:47:00.0363 0x05c8  Windows directory: C:\WINDOWS
09:47:00.0363 0x05c8  System windows directory: C:\WINDOWS
09:47:00.0363 0x05c8  Running under WOW64
09:47:00.0363 0x05c8  Processor architecture: Intel x64
09:47:00.0363 0x05c8  Number of processors: 4
09:47:00.0364 0x05c8  Page size: 0x1000
09:47:00.0364 0x05c8  Boot type: Normal boot
09:47:00.0364 0x05c8  CodeIntegrityOptions = 0x00000001
09:47:00.0364 0x05c8  ============================================================
09:47:00.0903 0x05c8  KLMD registered as C:\WINDOWS\system32\drivers\76015526.sys
09:47:00.0903 0x05c8  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 14393.187, osProperties = 0x19
09:47:01.0351 0x05c8  System UUID: {35BCC849-4E9C-4941-C05A-CF36D75B4AE6}
09:47:02.0395 0x05c8  Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 ( 698.64 Gb ), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
09:47:02.0400 0x05c8  ============================================================
09:47:02.0400 0x05c8  \Device\Harddisk0\DR0:
09:47:02.0404 0x05c8  MBR partitions:
09:47:02.0404 0x05c8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1851BC77
09:47:02.0426 0x05c8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x186D932C, BlocksNum 0x32B1CD09
09:47:02.0459 0x05c8  ============================================================
09:47:03.0467 0x05c8  C: <-> \Device\Harddisk0\DR0\Partition1
09:47:03.0584 0x05c8  D: <-> \Device\Harddisk0\DR0\Partition2
09:47:03.0584 0x05c8  ============================================================
09:47:03.0584 0x05c8  Initialize success
09:47:03.0584 0x05c8  ============================================================
09:47:32.0968 0x1dfc  ============================================================
09:47:32.0968 0x1dfc  Scan started
09:47:32.0968 0x1dfc  Mode: Manual; SigCheck; TDLFS;
09:47:32.0968 0x1dfc  ============================================================
09:47:32.0968 0x1dfc  KSN ping started
09:47:33.0113 0x1dfc  KSN ping finished: true
09:47:36.0701 0x1dfc  ================ Scan system memory ========================
09:47:36.0701 0x1dfc  System memory - ok
09:47:36.0703 0x1dfc  ================ Scan services =============================
09:47:39.0053 0x1dfc  1394ohci - ok
09:47:39.0057 0x1dfc  3ware - ok
09:47:39.0078 0x1dfc  ACPI - ok
09:47:39.0082 0x1dfc  AcpiDev - ok
09:47:39.0087 0x1dfc  acpiex - ok
09:47:39.0111 0x1dfc  acpipagr - ok
09:47:39.0178 0x1dfc  AcpiPmi - ok
09:47:39.0194 0x1dfc  acpitime - ok
09:47:39.0399 0x1dfc  [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:47:39.0458 0x1dfc  AdobeARMservice - ok
09:47:40.0447 0x1dfc  [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:47:40.0479 0x1dfc  AdobeFlashPlayerUpdateSvc - ok
09:47:40.0553 0x1dfc  ADP80XX - ok
09:47:40.0559 0x1dfc  AFD - ok
09:47:40.0991 0x1dfc  [ E20C1118524DF19945BCD83A3843E8CF, 90C87096E9E2595DAA503CFD9C24D7D8F9CB2D567ACAB06FBF5527C8A6059409 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
09:47:41.0139 0x1dfc  AGSService - ok
09:47:41.0168 0x1dfc  ahcache - ok
09:47:41.0191 0x1dfc  AJRouter - ok
09:47:41.0222 0x1dfc  ALG - ok
09:47:41.0288 0x1dfc  [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
09:47:41.0652 0x1dfc  AMD External Events Utility - ok
09:47:41.0665 0x1dfc  AmdK8 - ok
09:47:41.0684 0x1dfc  amdkmdag - ok
09:47:41.0812 0x1dfc  [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
09:47:41.0916 0x1dfc  amdkmdap - ok
09:47:41.0965 0x1dfc  AmdPPM - ok
09:47:41.0973 0x1dfc  amdsata - ok
09:47:41.0989 0x1dfc  amdsbs - ok
09:47:41.0993 0x1dfc  amdxata - ok
09:47:41.0998 0x1dfc  AppID - ok
09:47:42.0013 0x1dfc  AppIDSvc - ok
09:47:42.0022 0x1dfc  Appinfo - ok
09:47:42.0048 0x1dfc  applockerfltr - ok
09:47:42.0072 0x1dfc  AppReadiness - ok
09:47:42.0119 0x1dfc  AppXSvc - ok
09:47:42.0142 0x1dfc  arcsas - ok
09:47:42.0458 0x1dfc  aspnet_state - ok
09:47:42.0463 0x1dfc  AsyncMac - ok
09:47:42.0487 0x1dfc  atapi - ok
09:47:42.0566 0x1dfc  athr - ok
09:47:42.0629 0x1dfc  AudioEndpointBuilder - ok
09:47:42.0662 0x1dfc  Audiosrv - ok
09:47:42.0678 0x1dfc  AxInstSV - ok
09:47:42.0697 0x1dfc  b06bdrv - ok
09:47:42.0720 0x1dfc  BasicDisplay - ok
09:47:42.0743 0x1dfc  BasicRender - ok
09:47:42.0758 0x1dfc  bcmfn - ok
09:47:42.0772 0x1dfc  bcmfn2 - ok
09:47:42.0787 0x1dfc  BDESVC - ok
09:47:42.0809 0x1dfc  Beep - ok
09:47:42.0832 0x1dfc  BFE - ok
09:47:42.0884 0x1dfc  BITS - ok
09:47:42.0891 0x1dfc  bowser - ok
09:47:42.0926 0x1dfc  BrokerInfrastructure - ok
09:47:42.0930 0x1dfc  Browser - ok
09:47:42.0960 0x1dfc  BthAvrcpTg - ok
09:47:42.0974 0x1dfc  BthHFEnum - ok
09:47:42.0986 0x1dfc  bthhfhid - ok
09:47:43.0020 0x1dfc  BthHFSrv - ok
09:47:43.0030 0x1dfc  BTHMODEM - ok
09:47:43.0044 0x1dfc  bthserv - ok
09:47:43.0087 0x1dfc  buttonconverter - ok
09:47:43.0096 0x1dfc  CapImg - ok
09:47:43.0100 0x1dfc  cdfs - ok
09:47:43.0115 0x1dfc  CDPSvc - ok
09:47:43.0141 0x1dfc  CDPUserSvc - ok
09:47:43.0185 0x1dfc  cdrom - ok
09:47:43.0193 0x1dfc  CertPropSvc - ok
09:47:43.0208 0x1dfc  cht4iscsi - ok
09:47:43.0212 0x1dfc  cht4vbd - ok
09:47:43.0249 0x1dfc  circlass - ok
09:47:43.0253 0x1dfc  CLFS - ok
09:47:43.0262 0x1dfc  ClipSVC - ok
09:47:43.0270 0x1dfc  clreg - ok
09:47:43.0289 0x1dfc  CmBatt - ok
09:47:43.0904 0x1dfc  [ 7DFC16B25788C97F3E9C42B1FCAC0A67, D729D138CAAE8295B750A48F8A9806F4C54224BEF4A5260EDDB5B1D959FC9CFF ] CmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:47:44.0156 0x1dfc  CmdAgent - ok
09:47:44.0215 0x1dfc  [ EAE2829CFBE8A84E3CC2A1451966E74F, 621AEA870D79A99FBA1339AA8C105A65ED3194E082DFFC33EA7513C0E5C453B5 ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
09:47:44.0226 0x1dfc  cmderd - ok
09:47:44.0317 0x1dfc  [ 08400F4E1D6F586EE7C4136C4CB4B1D8, 629FED82F975BC18FCAA9E6B19C5A3CA42DAF2C2F9B383590987A62747707D74 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:47:44.0374 0x1dfc  cmdGuard - ok
09:47:44.0394 0x1dfc  [ 752041CFBE3C0EEA5BC4E9F0E98F7929, A88C70610E242B0F3E459A0926A44D6F2CB179C741313D9B4602A48559E313ED ] cmdhlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:47:44.0405 0x1dfc  cmdhlp - ok
09:47:44.0799 0x1dfc  [ 084A29576C98C45E836CC977C1D311FD, BE01F6A181AB43590C15271E09BEC9B2CF14A011E7A8EE226CA1A2E6C874B39B ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
09:47:44.0879 0x1dfc  cmdvirth - ok
09:47:44.0931 0x1dfc  CNG - ok
09:47:44.0935 0x1dfc  cnghwassist - ok
09:47:45.0149 0x1dfc  CompositeBus - ok
09:47:45.0153 0x1dfc  COMSysApp - ok
09:47:45.0175 0x1dfc  condrv - ok
09:47:45.0226 0x1dfc  CoreMessagingRegistrar - ok
09:47:45.0715 0x1dfc  [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
09:47:46.0947 0x1dfc  cphs - ok
09:47:46.0967 0x1dfc  CryptSvc - ok
09:47:46.0996 0x1dfc  dam - ok
09:47:47.0019 0x1dfc  DcomLaunch - ok
09:47:47.0044 0x1dfc  DcpSvc - ok
09:47:47.0063 0x1dfc  defragsvc - ok
09:47:47.0097 0x1dfc  DeviceAssociationService - ok
09:47:47.0110 0x1dfc  DeviceInstall - ok
09:47:47.0140 0x1dfc  DevQueryBroker - ok
09:47:47.0165 0x1dfc  Dfsc - ok
09:47:47.0179 0x1dfc  Dhcp - ok
09:47:47.0258 0x1dfc  diagnosticshub.standardcollector.service - ok
09:47:47.0274 0x1dfc  DiagTrack - ok
09:47:47.0298 0x1dfc  disk - ok
09:47:47.0333 0x1dfc  DmEnrollmentSvc - ok
09:47:47.0341 0x1dfc  dmvsc - ok
09:47:47.0398 0x1dfc  dmwappushservice - ok
09:47:47.0410 0x1dfc  Dnscache - ok
09:47:47.0422 0x1dfc  dot3svc - ok
09:47:47.0436 0x1dfc  DPS - ok
09:47:47.0459 0x1dfc  drmkaud - ok
09:47:47.0495 0x1dfc  DsmSvc - ok
09:47:47.0503 0x1dfc  DsSvc - ok
09:47:47.0530 0x1dfc  DXGKrnl - ok
09:47:47.0558 0x1dfc  EapHost - ok
09:47:47.0575 0x1dfc  ebdrv - ok
09:47:47.0607 0x1dfc  EFS - ok
09:47:47.0632 0x1dfc  EhStorClass - ok
09:47:47.0680 0x1dfc  EhStorTcgDrv - ok
09:47:47.0714 0x1dfc  embeddedmode - ok
09:47:47.0722 0x1dfc  EntAppSvc - ok
09:47:47.0730 0x1dfc  ErrDev - ok
09:47:47.0823 0x1dfc  [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD            C:\WINDOWS\system32\DRIVERS\ETD.sys
09:47:47.0846 0x1dfc  ETD - ok
09:47:47.0944 0x1dfc  [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService      C:\Program Files\Elantech\ETDService.exe
09:47:47.0958 0x1dfc  ETDService - ok
09:47:47.0985 0x1dfc  EventSystem - ok
09:47:47.0989 0x1dfc  exfat - ok
09:47:48.0008 0x1dfc  fastfat - ok
09:47:48.0019 0x1dfc  Fax - ok
09:47:48.0043 0x1dfc  fdc - ok
09:47:48.0052 0x1dfc  fdPHost - ok
09:47:48.0061 0x1dfc  FDResPub - ok
09:47:48.0079 0x1dfc  fhsvc - ok
09:47:48.0138 0x1dfc  FileCrypt - ok
09:47:48.0142 0x1dfc  FileInfo - ok
09:47:48.0156 0x1dfc  Filetrace - ok
09:47:48.0160 0x1dfc  flpydisk - ok
09:47:48.0171 0x1dfc  FltMgr - ok
09:47:48.0185 0x1dfc  FontCache - ok
09:47:48.0330 0x1dfc  FontCache3.0.0.0 - ok
09:47:48.0367 0x1dfc  FrameServer - ok
09:47:48.0383 0x1dfc  FsDepends - ok
09:47:48.0389 0x1dfc  Fs_Rec - ok
09:47:48.0394 0x1dfc  fvevol - ok
09:47:48.0435 0x1dfc  gencounter - ok
09:47:48.0465 0x1dfc  genericusbfn - ok
09:47:48.0474 0x1dfc  GPIOClx0101 - ok
09:47:48.0494 0x1dfc  gpsvc - ok
09:47:48.0527 0x1dfc  GpuEnergyDrv - ok
09:47:48.0558 0x1dfc  [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi        C:\WINDOWS\System32\drivers\Hamdrv.sys
09:47:48.0582 0x1dfc  Hamachi - ok
09:47:48.0600 0x1dfc  HdAudAddService - ok
09:47:48.0610 0x1dfc  HDAudBus - ok
09:47:48.0615 0x1dfc  HidBatt - ok
09:47:48.0622 0x1dfc  HidBth - ok
09:47:48.0641 0x1dfc  hidi2c - ok
09:47:48.0661 0x1dfc  hidinterrupt - ok
09:47:48.0696 0x1dfc  HidIr - ok
09:47:48.0728 0x1dfc  hidserv - ok
09:47:48.0767 0x1dfc  HidUsb - ok
09:47:48.0789 0x1dfc  HomeGroupListener - ok
09:47:48.0817 0x1dfc  HomeGroupProvider - ok
09:47:48.0829 0x1dfc  HpSAMD - ok
09:47:48.0834 0x1dfc  HTTP - ok
09:47:48.0867 0x1dfc  HvHost - ok
09:47:48.0910 0x1dfc  hvservice - ok
09:47:48.0914 0x1dfc  hwpolicy - ok
09:47:48.0920 0x1dfc  hyperkbd - ok
09:47:48.0926 0x1dfc  i8042prt - ok
09:47:48.0932 0x1dfc  iagpio - ok
09:47:48.0942 0x1dfc  iai2c - ok
09:47:48.0947 0x1dfc  iaLPSS2i_GPIO2 - ok
09:47:48.0954 0x1dfc  iaLPSS2i_I2C - ok
09:47:48.0959 0x1dfc  iaLPSSi_GPIO - ok
09:47:48.0970 0x1dfc  iaLPSSi_I2C - ok
09:47:48.0975 0x1dfc  iaStorAV - ok
09:47:48.0980 0x1dfc  iaStorV - ok
09:47:48.0994 0x1dfc  ibbus - ok
09:47:49.0026 0x1dfc  icssvc - ok
09:47:49.0470 0x1dfc  [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
09:47:49.0653 0x1dfc  igfx - ok
09:47:49.0684 0x1dfc  IKEEXT - ok
09:47:49.0749 0x1dfc  IndirectKmd - ok
09:47:49.0818 0x1dfc  [ 55BB2E54302416B9F7D2489FC16F7333, FD697F033D56DE76718A83514A468267235BE3AE1ECD2B5E7B8BCA1520699E7F ] inspect        C:\WINDOWS\system32\DRIVERS\inspect.sys
09:47:49.0831 0x1dfc  inspect - ok
09:47:50.0414 0x1dfc  [ D172E06EFE08DF148155A59DB716C1B6, F059B0B37C5E944D70626E9F029BC6311029E0A9D778C9C75DDDDC59A5AF1605 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
09:47:50.0746 0x1dfc  IntcAzAudAddService - ok
09:47:50.0775 0x1dfc  intelide - ok
09:47:50.0780 0x1dfc  intelpep - ok
09:47:50.0784 0x1dfc  intelppm - ok
09:47:50.0789 0x1dfc  iorate - ok
09:47:50.0795 0x1dfc  IpFilterDriver - ok
09:47:50.0838 0x1dfc  iphlpsvc - ok
09:47:50.0877 0x1dfc  IPMIDRV - ok
09:47:50.0909 0x1dfc  IPNAT - ok
09:47:51.0368 0x1dfc  [ B76542085ABAD1AD4E5684F761DFC2EF, C6699B788D6E81E73519433F12BFD3B12C71A5EE2A12810697FE9C4350A179B3 ] IpOverUsbSvc    C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
09:47:51.0382 0x1dfc  IpOverUsbSvc - ok
09:47:51.0386 0x1dfc  irda - ok
09:47:51.0390 0x1dfc  IRENUM - ok
09:47:51.0400 0x1dfc  irmon - ok
09:47:51.0413 0x1dfc  isapnp - ok
09:47:51.0444 0x1dfc  iScsiPrt - ok
09:47:51.0476 0x1dfc  kbdclass - ok
09:47:51.0480 0x1dfc  kbdhid - ok
09:47:51.0528 0x1dfc  kdnic - ok
09:47:51.0534 0x1dfc  KeyIso - ok
09:47:51.0612 0x1dfc  KSecDD - ok
09:47:51.0631 0x1dfc  KSecPkg - ok
09:47:51.0718 0x1dfc  ksthunk - ok
09:47:51.0765 0x1dfc  KtmRm - ok
09:47:51.0800 0x1dfc  L1C - ok
09:47:51.0832 0x1dfc  LanmanServer - ok
09:47:51.0868 0x1dfc  LanmanWorkstation - ok
09:47:51.0900 0x1dfc  lfsvc - ok
09:47:51.0988 0x1dfc  LicenseManager - ok
09:47:52.0020 0x1dfc  lltdio - ok
09:47:52.0041 0x1dfc  lltdsvc - ok
09:47:52.0083 0x1dfc  lmhosts - ok
09:47:52.0122 0x1dfc  LSI_SAS - ok
09:47:52.0130 0x1dfc  LSI_SAS2i - ok
09:47:52.0142 0x1dfc  LSI_SAS3i - ok
09:47:52.0151 0x1dfc  LSI_SSS - ok
09:47:52.0162 0x1dfc  LSM - ok
09:47:52.0171 0x1dfc  luafv - ok
09:47:52.0244 0x1dfc  MapsBroker - ok
09:47:52.0264 0x1dfc  megasas - ok
09:47:52.0287 0x1dfc  megasr - ok
09:47:52.0347 0x1dfc  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
09:47:52.0357 0x1dfc  MEIx64 - ok
09:47:52.0403 0x1dfc  MessagingService - ok
09:47:52.0772 0x1dfc  Microsoft SharePoint Workspace Audit Service - ok
09:47:52.0833 0x1dfc  mlx4_bus - ok
09:47:52.0864 0x1dfc  MMCSS - ok
09:47:52.0869 0x1dfc  Modem - ok
09:47:52.0900 0x1dfc  monitor - ok
09:47:52.0914 0x1dfc  mouclass - ok
09:47:52.0926 0x1dfc  mouhid - ok
09:47:52.0932 0x1dfc  mountmgr - ok
09:47:52.0938 0x1dfc  mpsdrv - ok
09:47:52.0961 0x1dfc  MpsSvc - ok
09:47:52.0992 0x1dfc  MRxDAV - ok
09:47:53.0004 0x1dfc  mrxsmb - ok
09:47:53.0046 0x1dfc  mrxsmb10 - ok
09:47:53.0088 0x1dfc  mrxsmb20 - ok
09:47:53.0119 0x1dfc  MsBridge - ok
09:47:53.0156 0x1dfc  MSDTC - ok
09:47:53.0190 0x1dfc  Msfs - ok
09:47:53.0208 0x1dfc  msgpiowin32 - ok
09:47:53.0212 0x1dfc  mshidkmdf - ok
09:47:53.0222 0x1dfc  mshidumdf - ok
09:47:53.0226 0x1dfc  msisadrv - ok
09:47:53.0261 0x1dfc  MSiSCSI - ok
09:47:53.0267 0x1dfc  msiserver - ok
09:47:53.0281 0x1dfc  MSKSSRV - ok
09:47:53.0292 0x1dfc  MsLldp - ok
09:47:53.0296 0x1dfc  MSPCLOCK - ok
09:47:53.0301 0x1dfc  MSPQM - ok
09:47:53.0305 0x1dfc  MsRPC - ok
09:47:53.0355 0x1dfc  mssmbios - ok
09:47:53.0360 0x1dfc  MSTEE - ok
09:47:53.0377 0x1dfc  MTConfig - ok
09:47:53.0390 0x1dfc  Mup - ok
09:47:53.0395 0x1dfc  mvumis - ok
09:47:53.0417 0x1dfc  NativeWifiP - ok
09:47:53.0449 0x1dfc  NcaSvc - ok
09:47:53.0502 0x1dfc  NcbService - ok
09:47:53.0523 0x1dfc  NcdAutoSetup - ok
09:47:53.0543 0x1dfc  ndfltr - ok
09:47:53.0550 0x1dfc  NDIS - ok
09:47:53.0555 0x1dfc  NdisCap - ok
09:47:53.0573 0x1dfc  NdisImPlatform - ok
09:47:53.0576 0x1dfc  NdisTapi - ok
09:47:53.0582 0x1dfc  Ndisuio - ok
09:47:53.0602 0x1dfc  NdisVirtualBus - ok
09:47:53.0620 0x1dfc  NdisWan - ok
09:47:53.0625 0x1dfc  ndiswanlegacy - ok
09:47:53.0628 0x1dfc  ndproxy - ok
09:47:53.0636 0x1dfc  Ndu - ok
09:47:53.0643 0x1dfc  NetAdapterCx - ok
09:47:53.0650 0x1dfc  NetBIOS - ok
09:47:53.0659 0x1dfc  NetBT - ok
09:47:53.0667 0x1dfc  Netlogon - ok
09:47:53.0695 0x1dfc  Netman - ok
09:47:53.0744 0x1dfc  netprofm - ok
09:47:53.0776 0x1dfc  NetSetupSvc - ok
09:47:54.0270 0x1dfc  NetTcpPortSharing - ok
09:47:54.0360 0x1dfc  NgcCtnrSvc - ok
09:47:54.0397 0x1dfc  NgcSvc - ok
09:47:54.0440 0x1dfc  NlaSvc - ok
09:47:54.0498 0x1dfc  Npfs - ok
09:47:54.0545 0x1dfc  npsvctrig - ok
09:47:54.0556 0x1dfc  nsi - ok
09:47:54.0571 0x1dfc  nsiproxy - ok
09:47:54.0608 0x1dfc  NTFS - ok
09:47:54.0633 0x1dfc  Null - ok
09:47:54.0667 0x1dfc  nvraid - ok
09:47:54.0715 0x1dfc  nvstor - ok
09:47:54.0759 0x1dfc  OneSyncSvc - ok
09:47:54.0855 0x1dfc  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:47:54.0901 0x1dfc  ose64 - ok
09:47:56.0031 0x1dfc  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:47:56.0252 0x1dfc  osppsvc - ok
09:47:56.0303 0x1dfc  p2pimsvc - ok
09:47:56.0334 0x1dfc  p2psvc - ok
09:47:56.0338 0x1dfc  Parport - ok
09:47:56.0399 0x1dfc  partmgr - ok
09:47:56.0409 0x1dfc  PcaSvc - ok
09:47:56.0433 0x1dfc  pci - ok
09:47:56.0437 0x1dfc  pciide - ok
09:47:56.0451 0x1dfc  pcmcia - ok
09:47:56.0472 0x1dfc  pcw - ok
09:47:56.0502 0x1dfc  pdc - ok
09:47:56.0554 0x1dfc  PEAUTH - ok
09:47:56.0580 0x1dfc  percsas2i - ok
09:47:56.0585 0x1dfc  percsas3i - ok
09:47:57.0146 0x1dfc  PerfHost - ok
09:47:57.0263 0x1dfc  PhoneSvc - ok
09:47:57.0331 0x1dfc  PimIndexMaintenanceSvc - ok
09:47:57.0393 0x1dfc  pla - ok
09:47:57.0411 0x1dfc  PlugPlay - ok
09:47:57.0432 0x1dfc  PNRPAutoReg - ok
09:47:57.0437 0x1dfc  PNRPsvc - ok
09:47:57.0473 0x1dfc  PolicyAgent - ok
09:47:57.0480 0x1dfc  Power - ok
09:47:57.0509 0x1dfc  PptpMiniport - ok
09:47:58.0425 0x1dfc  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
09:47:58.0865 0x1dfc  PrintNotify - ok
09:47:58.0898 0x1dfc  Processor - ok
09:47:58.0940 0x1dfc  ProfSvc - ok
09:47:58.0947 0x1dfc  Psched - ok
09:47:58.0995 0x1dfc  QWAVE - ok
09:47:59.0031 0x1dfc  QWAVEdrv - ok
09:47:59.0049 0x1dfc  RasAcd - ok
09:47:59.0085 0x1dfc  RasAgileVpn - ok
09:47:59.0113 0x1dfc  RasAuto - ok
09:47:59.0118 0x1dfc  Rasl2tp - ok
09:47:59.0138 0x1dfc  RasMan - ok
09:47:59.0143 0x1dfc  RasPppoe - ok
09:47:59.0148 0x1dfc  RasSstp - ok
09:47:59.0183 0x1dfc  rdbss - ok
09:47:59.0235 0x1dfc  rdpbus - ok
09:47:59.0239 0x1dfc  RDPDR - ok
09:47:59.0288 0x1dfc  RdpVideoMiniport - ok
09:47:59.0305 0x1dfc  rdyboost - ok
09:48:00.0151 0x1dfc  [ F1D9E7B84A123F8861F63A2AE1E9F144, 7A56188DE148525B23617F8DA4AD49A88FA1BFC48641ED5065896C4408DA44ED ] ReflectService.exe C:\Program Files\Recovery\Macrium\ReflectService.exe
09:48:00.0310 0x1dfc  ReflectService.exe - ok
09:48:00.0318 0x1dfc  ReFSv1 - ok
09:48:00.0349 0x1dfc  RemoteAccess - ok
09:48:00.0407 0x1dfc  RemoteRegistry - ok
09:48:00.0482 0x1dfc  RetailDemo - ok
09:48:00.0498 0x1dfc  RmSvc - ok
09:48:00.0552 0x1dfc  RpcEptMapper - ok
09:48:00.0577 0x1dfc  RpcLocator - ok
09:48:00.0616 0x1dfc  RpcSs - ok
09:48:00.0642 0x1dfc  rspndr - ok
09:48:00.0754 0x1dfc  [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
09:48:00.0772 0x1dfc  RTSUER - ok
09:48:00.0812 0x1dfc  s3cap - ok
09:48:01.0018 0x1dfc  SamSs - ok
09:48:01.0125 0x1dfc  [ D95D61869CE6A7F916E53F82E4C7917D, 423BCDFBCD5C670D13F1C390DF6CA83C91137C8FCBD2A07BE03DDD823E8CAB4F ] SbieDrv        C:\Program Files\Sandboxie\SbieDrv.sys
09:48:01.0141 0x1dfc  SbieDrv - ok
09:48:01.0214 0x1dfc  [ 8F237507759186A689450BD9B8CAB7AC, C08A26CE02872281E8C186A0824552DB9A3286D041ADAFBF3F977BBE0EBC266B ] SbieSvc        C:\Program Files\Sandboxie\SbieSvc.exe
09:48:01.0229 0x1dfc  SbieSvc - ok
09:48:01.0300 0x1dfc  sbp2port - ok
09:48:01.0366 0x1dfc  SCardSvr - ok
09:48:01.0407 0x1dfc  ScDeviceEnum - ok
09:48:01.0454 0x1dfc  scfilter - ok
09:48:01.0468 0x1dfc  Schedule - ok
09:48:01.0473 0x1dfc  scmbus - ok
09:48:01.0488 0x1dfc  scmdisk0101 - ok
09:48:01.0516 0x1dfc  SCPolicySvc - ok
09:48:01.0578 0x1dfc  [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus        C:\WINDOWS\System32\drivers\ScpVBus.sys
09:48:01.0587 0x1dfc  ScpVBus - ok
09:48:01.0657 0x1dfc  sdbus - ok
09:48:01.0699 0x1dfc  SDRSVC - ok
09:48:01.0715 0x1dfc  sdstor - ok
09:48:01.0728 0x1dfc  seclogon - ok
09:48:01.0746 0x1dfc  SENS - ok
09:48:01.0848 0x1dfc  SensorDataService - ok
09:48:01.0908 0x1dfc  SensorService - ok
09:48:01.0935 0x1dfc  SensrSvc - ok
09:48:01.0939 0x1dfc  SerCx - ok
09:48:01.0987 0x1dfc  SerCx2 - ok
09:48:02.0022 0x1dfc  Serenum - ok
09:48:02.0027 0x1dfc  Serial - ok
09:48:02.0033 0x1dfc  sermouse - ok
09:48:02.0073 0x1dfc  SessionEnv - ok
09:48:02.0095 0x1dfc  sfloppy - ok
09:48:02.0160 0x1dfc  SharedAccess - ok
09:48:02.0173 0x1dfc  ShellHWDetection - ok
09:48:02.0201 0x1dfc  shpamsvc - ok
09:48:02.0225 0x1dfc  SiSRaid2 - ok
09:48:02.0230 0x1dfc  SiSRaid4 - ok
09:48:02.0414 0x1dfc  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
09:48:02.0434 0x1dfc  SkypeUpdate - ok
09:48:02.0528 0x1dfc  [ AF9CA3A881483E6999CB2764BDAD3414, 95D6F7DA34DAD2CC1E4BC0B0867FA7E90293FB082EE0372DF5FE663E2AFD7AA4 ] SmbDrvI        C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
09:48:02.0542 0x1dfc  SmbDrvI - ok
09:48:02.0599 0x1dfc  smphost - ok
09:48:02.0732 0x1dfc  SmsRouter - ok
09:48:02.0807 0x1dfc  SNMPTRAP - ok
09:48:02.0934 0x1dfc  spaceport - ok
09:48:02.0938 0x1dfc  SpbCx - ok
09:48:02.0952 0x1dfc  Spooler - ok
09:48:03.0058 0x1dfc  sppsvc - ok
09:48:03.0116 0x1dfc  srv - ok
09:48:03.0157 0x1dfc  srv2 - ok
09:48:03.0201 0x1dfc  srvnet - ok
09:48:03.0237 0x1dfc  SSDPSRV - ok
09:48:03.0299 0x1dfc  SstpSvc - ok
09:48:03.0401 0x1dfc  StateRepository - ok
09:48:03.0984 0x1dfc  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:48:04.0109 0x1dfc  Steam Client Service - ok
09:48:04.0168 0x1dfc  stexstor - ok
09:48:04.0210 0x1dfc  stisvc - ok
09:48:04.0216 0x1dfc  storahci - ok
09:48:04.0232 0x1dfc  storflt - ok
09:48:04.0275 0x1dfc  stornvme - ok
09:48:04.0305 0x1dfc  storqosflt - ok
09:48:04.0383 0x1dfc  StorSvc - ok
09:48:04.0389 0x1dfc  storufs - ok
09:48:04.0395 0x1dfc  storvsc - ok
09:48:04.0410 0x1dfc  svsvc - ok
09:48:04.0423 0x1dfc  swenum - ok
09:48:04.0427 0x1dfc  swprv - ok
09:48:04.0489 0x1dfc  Synth3dVsc - ok
09:48:04.0526 0x1dfc  SysMain - ok
09:48:04.0600 0x1dfc  SystemEventsBroker - ok
09:48:04.0637 0x1dfc  TabletInputService - ok
09:48:04.0696 0x1dfc  [ 876F4A55F3F5319132E3AC8DC7E75EF8, 2A347F168D406700E83F8BE39BB74E656ADD487018A73F0F4316348CD03C9F36 ] tap0901t        C:\WINDOWS\System32\drivers\tap0901t.sys
09:48:04.0711 0x1dfc  tap0901t - ok
09:48:04.0731 0x1dfc  TapiSrv - ok
09:48:04.0766 0x1dfc  Tcpip - ok
09:48:04.0771 0x1dfc  Tcpip6 - ok
09:48:04.0779 0x1dfc  tcpipreg - ok
09:48:04.0821 0x1dfc  tdx - ok
09:48:05.0080 0x1dfc  [ 1A4B1847BD8C7079C3A6C873342CC84A, E49E60896C6726EB8F8EE3A443B839AA6A6E802919C7D102DD820AD7C3DDA32C ] Te.Service      C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
09:48:05.0171 0x1dfc  Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
09:48:05.0253 0x1dfc  Detect skipped due to KSN trusted
09:48:05.0253 0x1dfc  Te.Service - ok
09:48:05.0298 0x1dfc  terminpt - ok
09:48:05.0337 0x1dfc  TermService - ok
09:48:05.0381 0x1dfc  Themes - ok
09:48:05.0416 0x1dfc  TieringEngineService - ok
09:48:05.0448 0x1dfc  tiledatamodelsvc - ok
09:48:05.0474 0x1dfc  TimeBrokerSvc - ok
09:48:05.0513 0x1dfc  TPM - ok
09:48:05.0546 0x1dfc  TrkWks - ok
09:48:05.0650 0x1dfc  TrustedInstaller - ok
09:48:05.0656 0x1dfc  tsusbflt - ok
09:48:05.0678 0x1dfc  TsUsbGD - ok
09:48:05.0732 0x1dfc  tunnel - ok
09:48:05.0928 0x1dfc  [ E775DAF583CFF96F81306A4A93E501FE, C6F54D6D524CA3D3872C7BD53904A203F55C99EF93E08077183192587BE32D86 ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
09:48:05.0962 0x1dfc  TunngleService - ok
09:48:06.0318 0x1dfc  tzautoupdate - ok
09:48:06.0322 0x1dfc  UASPStor - ok
09:48:06.0328 0x1dfc  UcmCx0101 - ok
09:48:06.0445 0x1dfc  UcmTcpciCx0101 - ok
09:48:06.0453 0x1dfc  UcmUcsi - ok
09:48:06.0476 0x1dfc  Ucx01000 - ok
09:48:06.0482 0x1dfc  UdeCx - ok
09:48:06.0487 0x1dfc  udfs - ok
09:48:06.0513 0x1dfc  UEFI - ok
09:48:06.0568 0x1dfc  Ufx01000 - ok
09:48:06.0587 0x1dfc  UfxChipidea - ok
09:48:06.0592 0x1dfc  ufxsynopsys - ok
09:48:06.0683 0x1dfc  UI0Detect - ok
09:48:06.0702 0x1dfc  umbus - ok
09:48:06.0724 0x1dfc  UmPass - ok
09:48:06.0761 0x1dfc  UmRdpService - ok
09:48:06.0803 0x1dfc  UnistoreSvc - ok
09:48:06.0835 0x1dfc  upnphost - ok
09:48:06.0839 0x1dfc  UrsChipidea - ok
09:48:06.0880 0x1dfc  UrsCx01000 - ok
09:48:06.0887 0x1dfc  UrsSynopsys - ok
09:48:06.0893 0x1dfc  usbccgp - ok
09:48:06.0921 0x1dfc  usbcir - ok
09:48:06.0934 0x1dfc  usbehci - ok
09:48:06.0938 0x1dfc  usbhub - ok
09:48:06.0992 0x1dfc  USBHUB3 - ok
09:48:06.0997 0x1dfc  usbohci - ok
09:48:07.0003 0x1dfc  usbprint - ok
09:48:07.0018 0x1dfc  usbser - ok
09:48:07.0030 0x1dfc  USBSTOR - ok
09:48:07.0037 0x1dfc  usbuhci - ok
09:48:07.0082 0x1dfc  usbvideo - ok
09:48:07.0125 0x1dfc  USBXHCI - ok
09:48:07.0183 0x1dfc  UserDataSvc - ok
09:48:07.0288 0x1dfc  UserManager - ok
09:48:07.0333 0x1dfc  UsoSvc - ok
09:48:07.0338 0x1dfc  VaultSvc - ok
09:48:07.0369 0x1dfc  vdrvroot - ok
09:48:07.0405 0x1dfc  vds - ok
09:48:07.0410 0x1dfc  VerifierExt - ok
09:48:07.0436 0x1dfc  vhdmp - ok
09:48:07.0441 0x1dfc  vhf - ok
09:48:07.0462 0x1dfc  vmbus - ok
09:48:07.0468 0x1dfc  VMBusHID - ok
09:48:07.0499 0x1dfc  vmgid - ok
09:48:07.0534 0x1dfc  vmicguestinterface - ok
09:48:07.0539 0x1dfc  vmicheartbeat - ok
09:48:07.0546 0x1dfc  vmickvpexchange - ok
09:48:07.0558 0x1dfc  vmicrdv - ok
09:48:07.0566 0x1dfc  vmicshutdown - ok
09:48:07.0577 0x1dfc  vmictimesync - ok
09:48:07.0586 0x1dfc  vmicvmsession - ok
09:48:07.0593 0x1dfc  vmicvss - ok
09:48:07.0617 0x1dfc  volmgr - ok
09:48:07.0623 0x1dfc  volmgrx - ok
09:48:07.0639 0x1dfc  volsnap - ok
09:48:07.0655 0x1dfc  volume - ok
09:48:07.0712 0x1dfc  vpci - ok
09:48:07.0717 0x1dfc  vsmraid - ok
09:48:07.0750 0x1dfc  VSS - ok
09:48:07.0770 0x1dfc  VSTXRAID - ok
09:48:07.0793 0x1dfc  vwifibus - ok
09:48:07.0799 0x1dfc  vwififlt - ok
09:48:07.0809 0x1dfc  vwifimp - ok
09:48:07.0894 0x1dfc  W32Time - ok
09:48:07.0932 0x1dfc  WacomPen - ok
09:48:08.0041 0x1dfc  WalletService - ok
09:48:08.0053 0x1dfc  wanarp - ok
09:48:08.0059 0x1dfc  wanarpv6 - ok
09:48:08.0094 0x1dfc  wbengine - ok
09:48:08.0116 0x1dfc  WbioSrvc - ok
09:48:08.0187 0x1dfc  wcifs - ok
09:48:08.0209 0x1dfc  Wcmsvc - ok
09:48:08.0223 0x1dfc  wcncsvc - ok
09:48:08.0228 0x1dfc  wcnfs - ok
09:48:08.0235 0x1dfc  WdBoot - ok
09:48:08.0241 0x1dfc  Wdf01000 - ok
09:48:08.0255 0x1dfc  WdFilter - ok
09:48:08.0276 0x1dfc  WdiServiceHost - ok
09:48:08.0281 0x1dfc  WdiSystemHost - ok
09:48:08.0289 0x1dfc  wdiwifi - ok
09:48:08.0295 0x1dfc  WdNisDrv - ok
09:48:08.0361 0x1dfc  WdNisSvc - ok
09:48:08.0389 0x1dfc  WebClient - ok
09:48:08.0433 0x1dfc  Wecsvc - ok
09:48:08.0463 0x1dfc  WEPHOSTSVC - ok
09:48:08.0501 0x1dfc  wercplsupport - ok
09:48:08.0519 0x1dfc  WerSvc - ok
09:48:08.0528 0x1dfc  WFPLWFS - ok
09:48:08.0536 0x1dfc  WiaRpc - ok
09:48:08.0565 0x1dfc  WIMMount - ok
09:48:08.0570 0x1dfc  WinDefend - ok
09:48:08.0623 0x1dfc  WindowsTrustedRT - ok
09:48:08.0627 0x1dfc  WindowsTrustedRTProxy - ok
09:48:08.0689 0x1dfc  WinHttpAutoProxySvc - ok
09:48:08.0758 0x1dfc  WinMad - ok
09:48:08.0790 0x1dfc  Winmgmt - ok
09:48:08.0803 0x1dfc  WinRM - ok
09:48:08.0829 0x1dfc  WINUSB - ok
09:48:08.0844 0x1dfc  WinVerbs - ok
09:48:08.0930 0x1dfc  wisvc - ok
09:48:08.0998 0x1dfc  WlanSvc - ok
09:48:09.0054 0x1dfc  wlidsvc - ok
09:48:09.0059 0x1dfc  WmiAcpi - ok
09:48:09.0094 0x1dfc  wmiApSrv - ok
09:48:09.0125 0x1dfc  WMPNetworkSvc - ok
09:48:09.0138 0x1dfc  Wof - ok
09:48:09.0155 0x1dfc  workfolderssvc - ok
09:48:09.0168 0x1dfc  WPDBusEnum - ok
09:48:09.0212 0x1dfc  WpdUpFltr - ok
09:48:09.0236 0x1dfc  WpnService - ok
09:48:09.0243 0x1dfc  WpnUserService - ok
09:48:09.0276 0x1dfc  ws2ifsl - ok
09:48:09.0297 0x1dfc  wscsvc - ok
09:48:09.0329 0x1dfc  WSDPrintDevice - ok
09:48:09.0404 0x1dfc  WSDScan - ok
09:48:09.0411 0x1dfc  WSearch - ok
09:48:09.0471 0x1dfc  wuauserv - ok
09:48:09.0476 0x1dfc  WudfPf - ok
09:48:09.0482 0x1dfc  WUDFRd - ok
09:48:09.0517 0x1dfc  wudfsvc - ok
09:48:09.0526 0x1dfc  WUDFWpdFs - ok
09:48:09.0604 0x1dfc  WwanSvc - ok
09:48:09.0644 0x1dfc  XblAuthManager - ok
09:48:09.0680 0x1dfc  XblGameSave - ok
09:48:09.0712 0x1dfc  xboxgip - ok
09:48:09.0765 0x1dfc  XboxNetApiSvc - ok
09:48:09.0845 0x1dfc  [ 65343781331B6AE59E01C4C337682DE4, 738D00277B9137BF3D7C427E41B7835AF41388CF6C04D494CA4525F96CF7F0CC ] xhunter1        C:\WINDOWS\xhunter1.sys
09:48:09.0907 0x1dfc  xhunter1 - ok
09:48:09.0922 0x1dfc  xinputhid - ok
09:48:09.0931 0x1dfc  ================ Scan global ===============================
09:48:10.0075 0x1dfc  [ Global ] - ok
09:48:10.0075 0x1dfc  ================ Scan MBR ==================================
09:48:10.0137 0x1dfc  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:48:24.0021 0x1dfc  \Device\Harddisk0\DR0 - ok
09:48:24.0022 0x1dfc  ================ Scan VBR ==================================
09:48:24.0034 0x1dfc  [ D8393C0DAD999B3D1B1E6EB915DF2D89 ] \Device\Harddisk0\DR0\Partition1
09:48:24.0049 0x1dfc  \Device\Harddisk0\DR0\Partition1 - ok
09:48:24.0061 0x1dfc  [ 05B046D7D4313F6540B14AAA0C888290 ] \Device\Harddisk0\DR0\Partition2
09:48:24.0100 0x1dfc  \Device\Harddisk0\DR0\Partition2 - ok
09:48:24.0101 0x1dfc  ================ Scan generic autorun ======================
09:48:24.0129 0x1dfc  ETDCtrl - ok
09:48:24.0957 0x1dfc  [ BF225BCD0EC2D85719C382019B5B4250, 7FE5A85209BD930FC1622600AB74E59854488986AA052A0D03D5FC7B361F247D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:48:25.0347 0x1dfc  RTHDVCPL - ok
09:48:25.0437 0x1dfc  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
09:48:27.0275 0x1dfc  IgfxTray - ok
09:48:27.0320 0x1dfc  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
09:48:27.0344 0x1dfc  HotKeysCmds - ok
09:48:27.0392 0x1dfc  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
09:48:27.0420 0x1dfc  Persistence - ok
09:48:27.0613 0x1dfc  [ 0FCF03482EA4AAA23E663E047CA48D41, 728156EEDAA37F41C11F141571F1136AD1599E151E9E11462568B3A7759DF984 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
09:48:27.0674 0x1dfc  COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - ok
09:48:27.0808 0x1dfc  [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:48:27.0826 0x1dfc  BCSSync - ok
09:48:28.0196 0x1dfc  [ 739D7E0025F5CE97309695D3081E3823, 46A4B51123992B2FA3DF51F80C3E9E7118C6CCB6A68B6EDA3585BF87208B7DFC ] C:\Program Files\AMD\CNext\CNext\cnext.exe
09:48:28.0337 0x1dfc  StartCN - ok
09:48:28.0436 0x1dfc  [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:48:28.0468 0x1dfc  SunJavaUpdateSched - ok
09:48:28.0722 0x1dfc  OneDriveSetup - ok
09:48:28.0725 0x1dfc  OneDriveSetup - ok
09:48:28.0966 0x1dfc  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\OneDrive.exe
09:48:28.0992 0x1dfc  OneDrive - ok
09:48:29.0237 0x1dfc  [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
09:48:29.0350 0x1dfc  Steam - ok
09:48:29.0572 0x1dfc  [ 330049982A6CF1A2A0500E8E620889D3, 81A804621F9FAD520CB47FC084F6BD4EF2697E1FB8AF30596303089597FE7C2C ] C:\Users\Oliver\AppData\Roaming\Spotify\SpotifyWebHelper.exe
09:48:29.0625 0x1dfc  Spotify Web Helper - ok
09:48:29.0704 0x1dfc  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
09:48:29.0852 0x1dfc  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
09:48:29.0976 0x1dfc  Detect skipped due to KSN trusted
09:48:29.0976 0x1dfc  SpybotPostWindows10UpgradeReInstall - ok
09:48:30.0655 0x1dfc  [ 8A793A1618B8C37FC70E85DC03E9567D, 568156DB22BB9E3411923BD3417C1E8BAFC641FB82C298FCFAAD8708BE8E7DF3 ] C:\Users\Oliver\AppData\Roaming\Spotify\Spotify.exe
09:48:30.0952 0x1dfc  Spotify - ok
09:48:31.0017 0x1dfc  Skype - ok
09:48:31.0995 0x1dfc  [ 63405C389EB81881D68AEEB0E05F3F7D, BBE8D64C600A6FCA4BF4B89EF39B551DEB8ED826C33FD6FB2C7E2F7D773AB0E2 ] C:\Program Files\CCleaner\CCleaner64.exe
09:48:32.0353 0x1dfc  CCleaner Monitoring - ok
09:48:32.0512 0x1dfc  [ 1D37F21A8295466B831E446F3C3082B8, 680B2D309DB4318AD1619537233C70869B3C878FF161999838DDC37801BCC77D ] C:\Program Files\Sandboxie\SbieCtrl.exe
09:48:32.0543 0x1dfc  SandboxieControl - ok
09:48:35.0647 0x1dfc  Uninstall C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 - ok
09:48:35.0726 0x1dfc  AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled : outofdate )
09:48:35.0726 0x1dfc  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
09:48:35.0728 0x1dfc  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled )
09:48:35.0845 0x1dfc  ============================================================
09:48:35.0845 0x1dfc  Scan finished
09:48:35.0845 0x1dfc  ============================================================
09:48:35.0856 0x0fd4  Detected object count: 0
09:48:35.0856 0x0fd4  Actual detected object count: 0
09:48:43.0536 0x1978  ============================================================
09:48:43.0536 0x1978  Scan started
09:48:43.0536 0x1978  Mode: Manual; SigCheck; TDLFS;
09:48:43.0536 0x1978  ============================================================
09:48:43.0536 0x1978  KSN ping started
09:48:43.0603 0x1978  KSN ping finished: true
09:48:45.0354 0x1978  ================ Scan system memory ========================
09:48:45.0355 0x1978  System memory - ok
09:48:45.0355 0x1978  ================ Scan services =============================
09:48:48.0551 0x1978  1394ohci - ok
09:48:48.0556 0x1978  3ware - ok
09:48:48.0587 0x1978  ACPI - ok
09:48:48.0592 0x1978  AcpiDev - ok
09:48:48.0596 0x1978  acpiex - ok
09:48:48.0607 0x1978  acpipagr - ok
09:48:48.0644 0x1978  AcpiPmi - ok
09:48:48.0659 0x1978  acpitime - ok
09:48:48.0841 0x1978  [ A0CAC4F3F998173A8DC1E67E7E0345EF, D0C2F504A5059691EDBBA917D0C6260450A554A365C12E7747E48EE1668C51A5 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
09:48:48.0855 0x1978  AdobeARMservice - ok
09:48:49.0912 0x1978  [ 8FC33A20D54FB5CC7FBBA814B4E42A22, 707F61F0CEB9467D9BD1782868403BD53DB46EAB0342772661F370E5174AAD8C ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
09:48:49.0937 0x1978  AdobeFlashPlayerUpdateSvc - ok
09:48:49.0973 0x1978  ADP80XX - ok
09:48:49.0981 0x1978  AFD - ok
09:48:50.0211 0x1978  [ E20C1118524DF19945BCD83A3843E8CF, 90C87096E9E2595DAA503CFD9C24D7D8F9CB2D567ACAB06FBF5527C8A6059409 ] AGSService      C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
09:48:50.0274 0x1978  AGSService - ok
09:48:50.0296 0x1978  ahcache - ok
09:48:50.0322 0x1978  AJRouter - ok
09:48:50.0353 0x1978  ALG - ok
09:48:50.0397 0x1978  [ D7A72B9BA6AB996DADB37BFCB0363D63, A223684978928B59D39DFB49F6658E0CF04ADD15AD8ACFCEC384DBD4D8C8CBCA ] AMD External Events Utility C:\WINDOWS\system32\atiesrxx.exe
09:48:50.0423 0x1978  AMD External Events Utility - ok
09:48:50.0440 0x1978  AmdK8 - ok
09:48:50.0451 0x1978  amdkmdag - ok
09:48:50.0556 0x1978  [ C14D7E5F24381BC8F333C4EB77892400, 8B8EF49D2398AF39E36EFFE6D1E0489727D5612DEFA43C71E3C7E4C0650010A5 ] amdkmdap        C:\WINDOWS\system32\DRIVERS\atikmpag.sys
09:48:50.0596 0x1978  amdkmdap - ok
09:48:50.0624 0x1978  AmdPPM - ok
09:48:50.0628 0x1978  amdsata - ok
09:48:50.0641 0x1978  amdsbs - ok
09:48:50.0646 0x1978  amdxata - ok
09:48:50.0649 0x1978  AppID - ok
09:48:50.0667 0x1978  AppIDSvc - ok
09:48:50.0683 0x1978  Appinfo - ok
09:48:50.0702 0x1978  applockerfltr - ok
09:48:50.0737 0x1978  AppReadiness - ok
09:48:50.0772 0x1978  AppXSvc - ok
09:48:50.0818 0x1978  arcsas - ok
09:48:51.0056 0x1978  aspnet_state - ok
09:48:51.0060 0x1978  AsyncMac - ok
09:48:51.0084 0x1978  atapi - ok
09:48:51.0131 0x1978  athr - ok
09:48:51.0193 0x1978  AudioEndpointBuilder - ok
09:48:51.0227 0x1978  Audiosrv - ok
09:48:51.0233 0x1978  AxInstSV - ok
09:48:51.0250 0x1978  b06bdrv - ok
09:48:51.0259 0x1978  BasicDisplay - ok
09:48:51.0265 0x1978  BasicRender - ok
09:48:51.0274 0x1978  bcmfn - ok
09:48:51.0279 0x1978  bcmfn2 - ok
09:48:51.0306 0x1978  BDESVC - ok
09:48:51.0318 0x1978  Beep - ok
09:48:51.0340 0x1978  BFE - ok
09:48:51.0393 0x1978  BITS - ok
09:48:51.0490 0x1978  bowser - ok
09:48:51.0524 0x1978  BrokerInfrastructure - ok
09:48:51.0537 0x1978  Browser - ok
09:48:51.0579 0x1978  BthAvrcpTg - ok
09:48:51.0604 0x1978  BthHFEnum - ok
09:48:51.0617 0x1978  bthhfhid - ok
09:48:51.0662 0x1978  BthHFSrv - ok
09:48:51.0671 0x1978  BTHMODEM - ok
09:48:51.0682 0x1978  bthserv - ok
09:48:51.0718 0x1978  buttonconverter - ok
09:48:51.0733 0x1978  CapImg - ok
09:48:51.0740 0x1978  cdfs - ok
09:48:51.0759 0x1978  CDPSvc - ok
09:48:51.0782 0x1978  CDPUserSvc - ok
09:48:51.0849 0x1978  cdrom - ok
09:48:51.0868 0x1978  CertPropSvc - ok
09:48:51.0907 0x1978  cht4iscsi - ok
09:48:51.0917 0x1978  cht4vbd - ok
09:48:51.0991 0x1978  circlass - ok
09:48:51.0996 0x1978  CLFS - ok
09:48:52.0003 0x1978  ClipSVC - ok
09:48:52.0008 0x1978  clreg - ok
09:48:52.0023 0x1978  CmBatt - ok
09:48:52.0691 0x1978  [ 7DFC16B25788C97F3E9C42B1FCAC0A67, D729D138CAAE8295B750A48F8A9806F4C54224BEF4A5260EDDB5B1D959FC9CFF ] CmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
09:48:52.0924 0x1978  CmdAgent - ok
09:48:53.0002 0x1978  [ EAE2829CFBE8A84E3CC2A1451966E74F, 621AEA870D79A99FBA1339AA8C105A65ED3194E082DFFC33EA7513C0E5C453B5 ] cmderd          C:\WINDOWS\system32\DRIVERS\cmderd.sys
09:48:53.0012 0x1978  cmderd - ok
09:48:53.0098 0x1978  [ 08400F4E1D6F586EE7C4136C4CB4B1D8, 629FED82F975BC18FCAA9E6B19C5A3CA42DAF2C2F9B383590987A62747707D74 ] cmdGuard        C:\WINDOWS\system32\DRIVERS\cmdguard.sys
09:48:53.0195 0x1978  cmdGuard - ok
09:48:53.0265 0x1978  [ 752041CFBE3C0EEA5BC4E9F0E98F7929, A88C70610E242B0F3E459A0926A44D6F2CB179C741313D9B4602A48559E313ED ] cmdhlp          C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
09:48:53.0284 0x1978  cmdhlp - ok
09:48:53.0650 0x1978  [ 084A29576C98C45E836CC977C1D311FD, BE01F6A181AB43590C15271E09BEC9B2CF14A011E7A8EE226CA1A2E6C874B39B ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
09:48:54.0908 0x1978  cmdvirth - ok
09:48:55.0095 0x1978  CNG - ok
09:48:55.0101 0x1978  cnghwassist - ok
09:48:55.0613 0x1978  CompositeBus - ok
09:48:55.0619 0x1978  COMSysApp - ok
09:48:55.0928 0x1978  condrv - ok
09:48:55.0990 0x1978  CoreMessagingRegistrar - ok
09:48:56.0724 0x1978  [ B18D590BC5220FDB4A747BC16D78ABC7, D46F8B43BAC22E55DE9AFC19CF371B1C4E8D3707163598B2F9884BB31D730C09 ] cphs            C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
09:48:56.0750 0x1978  cphs - ok
09:48:56.0768 0x1978  CryptSvc - ok
09:48:56.0782 0x1978  dam - ok
09:48:56.0817 0x1978  DcomLaunch - ok
09:48:56.0853 0x1978  DcpSvc - ok
09:48:56.0871 0x1978  defragsvc - ok
09:48:56.0927 0x1978  DeviceAssociationService - ok
09:48:56.0942 0x1978  DeviceInstall - ok
09:48:56.0960 0x1978  DevQueryBroker - ok
09:48:56.0983 0x1978  Dfsc - ok
09:48:56.0988 0x1978  Dhcp - ok
09:48:57.0056 0x1978  diagnosticshub.standardcollector.service - ok
09:48:57.0084 0x1978  DiagTrack - ok
09:48:57.0107 0x1978  disk - ok
09:48:57.0142 0x1978  DmEnrollmentSvc - ok
09:48:57.0177 0x1978  dmvsc - ok
09:48:57.0207 0x1978  dmwappushservice - ok
09:48:57.0212 0x1978  Dnscache - ok
09:48:57.0224 0x1978  dot3svc - ok
09:48:57.0245 0x1978  DPS - ok
09:48:57.0268 0x1978  drmkaud - ok
09:48:57.0315 0x1978  DsmSvc - ok
09:48:57.0331 0x1978  DsSvc - ok
09:48:57.0350 0x1978  DXGKrnl - ok
09:48:57.0363 0x1978  EapHost - ok
09:48:57.0381 0x1978  ebdrv - ok
09:48:57.0416 0x1978  EFS - ok
09:48:57.0440 0x1978  EhStorClass - ok
09:48:57.0489 0x1978  EhStorTcgDrv - ok
09:48:57.0522 0x1978  embeddedmode - ok
09:48:57.0534 0x1978  EntAppSvc - ok
09:48:57.0544 0x1978  ErrDev - ok
09:48:57.0664 0x1978  [ 6BD85B39B7B23F03B24CF641ED29147B, 850F21750BB39E5239B1584E1117844CAAAF6A5C58E79366552309F917675CE5 ] ETD            C:\WINDOWS\system32\DRIVERS\ETD.sys
09:48:57.0700 0x1978  ETD - ok
09:48:57.0753 0x1978  [ 8916EACF1256E1C5A3AF81FD39C747E7, FF28FB95E9F9287C1005CF0D9EB84F7CA3D137689862860C9848398504E1EFFF ] ETDService      C:\Program Files\Elantech\ETDService.exe
09:48:57.0769 0x1978  ETDService - ok
09:48:57.0827 0x1978  EventSystem - ok
09:48:57.0832 0x1978  exfat - ok
09:48:57.0850 0x1978  fastfat - ok
09:48:57.0861 0x1978  Fax - ok
09:48:57.0885 0x1978  fdc - ok
09:48:57.0898 0x1978  fdPHost - ok
09:48:57.0909 0x1978  FDResPub - ok
09:48:57.0917 0x1978  fhsvc - ok
09:48:57.0980 0x1978  FileCrypt - ok
09:48:57.0984 0x1978  FileInfo - ok
09:48:57.0992 0x1978  Filetrace - ok
09:48:57.0995 0x1978  flpydisk - ok
09:48:57.0999 0x1978  FltMgr - ok
09:48:58.0016 0x1978  FontCache - ok
09:48:58.0170 0x1978  FontCache3.0.0.0 - ok
09:48:58.0209 0x1978  FrameServer - ok
09:48:58.0227 0x1978  FsDepends - ok
09:48:58.0231 0x1978  Fs_Rec - ok
09:48:58.0236 0x1978  fvevol - ok
09:48:58.0266 0x1978  gencounter - ok
09:48:58.0287 0x1978  genericusbfn - ok
09:48:58.0297 0x1978  GPIOClx0101 - ok
09:48:58.0325 0x1978  gpsvc - ok
09:48:58.0346 0x1978  GpuEnergyDrv - ok
09:48:58.0389 0x1978  [ 7F79205B4EFA98F0767309479C8C01C6, 4B576903A83F33A8CF31D3887144A3D51C56D1187115C83AC99C0E9F6B4BF128 ] Hamachi        C:\WINDOWS\System32\drivers\Hamdrv.sys
09:48:58.0418 0x1978  Hamachi - ok
09:48:58.0431 0x1978  HdAudAddService - ok
09:48:58.0463 0x1978  HDAudBus - ok
09:48:58.0467 0x1978  HidBatt - ok
09:48:58.0476 0x1978  HidBth - ok
09:48:58.0500 0x1978  hidi2c - ok
09:48:58.0517 0x1978  hidinterrupt - ok
09:48:58.0564 0x1978  HidIr - ok
09:48:58.0592 0x1978  hidserv - ok
09:48:58.0640 0x1978  HidUsb - ok
09:48:58.0676 0x1978  HomeGroupListener - ok
09:48:58.0703 0x1978  HomeGroupProvider - ok
09:48:58.0717 0x1978  HpSAMD - ok
09:48:58.0723 0x1978  HTTP - ok
09:48:58.0843 0x1978  HvHost - ok
09:48:58.0886 0x1978  hvservice - ok
09:48:58.0890 0x1978  hwpolicy - ok
09:48:58.0919 0x1978  hyperkbd - ok
09:48:58.0932 0x1978  i8042prt - ok
09:48:58.0936 0x1978  iagpio - ok
09:48:58.0942 0x1978  iai2c - ok
09:48:58.0947 0x1978  iaLPSS2i_GPIO2 - ok
09:48:58.0959 0x1978  iaLPSS2i_I2C - ok
09:48:58.0973 0x1978  iaLPSSi_GPIO - ok
09:48:58.0998 0x1978  iaLPSSi_I2C - ok
09:48:59.0016 0x1978  iaStorAV - ok
09:48:59.0020 0x1978  iaStorV - ok
09:48:59.0031 0x1978  ibbus - ok
09:48:59.0057 0x1978  icssvc - ok
09:48:59.0627 0x1978  [ 79AE3CC82CA1563A4B392207997ACE7C, A1E4A1DA95CA2FA197EF5975657822F0F813F6C33DA38E1FA5A840194034D071 ] igfx            C:\WINDOWS\system32\DRIVERS\igdkmd64.sys
09:48:59.0826 0x1978  igfx - ok
09:48:59.0859 0x1978  IKEEXT - ok
09:48:59.0902 0x1978  IndirectKmd - ok
09:48:59.0960 0x1978  [ 55BB2E54302416B9F7D2489FC16F7333, FD697F033D56DE76718A83514A468267235BE3AE1ECD2B5E7B8BCA1520699E7F ] inspect        C:\WINDOWS\system32\DRIVERS\inspect.sys
09:48:59.0980 0x1978  inspect - ok
09:49:00.0348 0x1978  [ D172E06EFE08DF148155A59DB716C1B6, F059B0B37C5E944D70626E9F029BC6311029E0A9D778C9C75DDDDC59A5AF1605 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RTKVHD64.sys
09:49:00.0475 0x1978  IntcAzAudAddService - ok
09:49:00.0506 0x1978  intelide - ok
09:49:00.0510 0x1978  intelpep - ok
09:49:00.0514 0x1978  intelppm - ok
09:49:00.0518 0x1978  iorate - ok
09:49:00.0526 0x1978  IpFilterDriver - ok
09:49:00.0558 0x1978  iphlpsvc - ok
09:49:00.0608 0x1978  IPMIDRV - ok
09:49:00.0629 0x1978  IPNAT - ok
09:49:00.0832 0x1978  [ B76542085ABAD1AD4E5684F761DFC2EF, C6699B788D6E81E73519433F12BFD3B12C71A5EE2A12810697FE9C4350A179B3 ] IpOverUsbSvc    C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
09:49:00.0849 0x1978  IpOverUsbSvc - ok
09:49:00.0853 0x1978  irda - ok
09:49:00.0857 0x1978  IRENUM - ok
09:49:00.0881 0x1978  irmon - ok
09:49:00.0919 0x1978  isapnp - ok
09:49:00.0933 0x1978  iScsiPrt - ok
09:49:00.0946 0x1978  kbdclass - ok
09:49:00.0951 0x1978  kbdhid - ok
09:49:00.0979 0x1978  kdnic - ok
09:49:00.0984 0x1978  KeyIso - ok
09:49:01.0009 0x1978  KSecDD - ok
09:49:01.0029 0x1978  KSecPkg - ok
09:49:01.0037 0x1978  ksthunk - ok
09:49:01.0062 0x1978  KtmRm - ok
09:49:01.0087 0x1978  L1C - ok
09:49:01.0107 0x1978  LanmanServer - ok
09:49:01.0128 0x1978  LanmanWorkstation - ok
09:49:01.0153 0x1978  lfsvc - ok
09:49:01.0219 0x1978  LicenseManager - ok
09:49:01.0240 0x1978  lltdio - ok
09:49:01.0267 0x1978  lltdsvc - ok
09:49:01.0291 0x1978  lmhosts - ok
09:49:01.0330 0x1978  LSI_SAS - ok
09:49:01.0334 0x1978  LSI_SAS2i - ok
09:49:01.0359 0x1978  LSI_SAS3i - ok
09:49:01.0371 0x1978  LSI_SSS - ok
09:49:01.0377 0x1978  LSM - ok
09:49:01.0382 0x1978  luafv - ok
09:49:01.0427 0x1978  MapsBroker - ok
09:49:01.0573 0x1978  megasas - ok
09:49:01.0592 0x1978  megasr - ok
09:49:01.0644 0x1978  [ A6518DCC42F7A6E999BB3BEA8FD87567, 8A9AE992F93F37E0723761EA271A7E1AA8172702C471041A17324474FC96B9BC ] MEIx64          C:\WINDOWS\System32\drivers\HECIx64.sys
09:49:01.0654 0x1978  MEIx64 - ok
09:49:01.0679 0x1978  MessagingService - ok
09:49:01.0804 0x1978  Microsoft SharePoint Workspace Audit Service - ok
09:49:01.0830 0x1978  mlx4_bus - ok
09:49:01.0853 0x1978  MMCSS - ok
09:49:01.0861 0x1978  Modem - ok
09:49:01.0898 0x1978  monitor - ok
09:49:01.0909 0x1978  mouclass - ok
09:49:01.0923 0x1978  mouhid - ok
09:49:01.0930 0x1978  mountmgr - ok
09:49:01.0936 0x1978  mpsdrv - ok
09:49:01.0947 0x1978  MpsSvc - ok
09:49:01.0969 0x1978  MRxDAV - ok
09:49:01.0978 0x1978  mrxsmb - ok
09:49:01.0999 0x1978  mrxsmb10 - ok
09:49:02.0019 0x1978  mrxsmb20 - ok
09:49:02.0040 0x1978  MsBridge - ok
09:49:02.0065 0x1978  MSDTC - ok
09:49:02.0095 0x1978  Msfs - ok
09:49:02.0108 0x1978  msgpiowin32 - ok
09:49:02.0112 0x1978  mshidkmdf - ok
09:49:02.0131 0x1978  mshidumdf - ok
09:49:02.0135 0x1978  msisadrv - ok
09:49:02.0159 0x1978  MSiSCSI - ok
09:49:02.0164 0x1978  msiserver - ok
09:49:02.0173 0x1978  MSKSSRV - ok
09:49:02.0191 0x1978  MsLldp - ok
09:49:02.0194 0x1978  MSPCLOCK - ok
09:49:02.0200 0x1978  MSPQM - ok
09:49:02.0209 0x1978  MsRPC - ok
09:49:02.0231 0x1978  mssmbios - ok
09:49:02.0235 0x1978  MSTEE - ok
09:49:02.0245 0x1978  MTConfig - ok
09:49:02.0256 0x1978  Mup - ok
09:49:02.0264 0x1978  mvumis - ok
09:49:02.0285 0x1978  NativeWifiP - ok
09:49:02.0313 0x1978  NcaSvc - ok
09:49:02.0345 0x1978  NcbService - ok
09:49:02.0353 0x1978  NcdAutoSetup - ok
09:49:02.0376 0x1978  ndfltr - ok
09:49:02.0406 0x1978  NDIS - ok
09:49:02.0415 0x1978  NdisCap - ok
09:49:02.0453 0x1978  NdisImPlatform - ok
09:49:02.0457 0x1978  NdisTapi - ok
09:49:02.0464 0x1978  Ndisuio - ok
09:49:02.0487 0x1978  NdisVirtualBus - ok
09:49:02.0497 0x1978  NdisWan - ok
09:49:02.0501 0x1978  ndiswanlegacy - ok
09:49:02.0506 0x1978  ndproxy - ok
09:49:02.0513 0x1978  Ndu - ok
09:49:02.0519 0x1978  NetAdapterCx - ok
09:49:02.0539 0x1978  NetBIOS - ok
09:49:02.0549 0x1978  NetBT - ok
09:49:02.0553 0x1978  Netlogon - ok
09:49:02.0570 0x1978  Netman - ok
09:49:02.0589 0x1978  netprofm - ok
09:49:02.0629 0x1978  NetSetupSvc - ok
09:49:02.0747 0x1978  NetTcpPortSharing - ok
09:49:02.0790 0x1978  NgcCtnrSvc - ok
09:49:02.0806 0x1978  NgcSvc - ok
09:49:02.0826 0x1978  NlaSvc - ok
09:49:02.0840 0x1978  Npfs - ok
09:49:02.0876 0x1978  npsvctrig - ok
09:49:02.0894 0x1978  nsi - ok
09:49:02.0902 0x1978  nsiproxy - ok
09:49:02.0929 0x1978  NTFS - ok
09:49:02.0941 0x1978  Null - ok
09:49:02.0976 0x1978  nvraid - ok
09:49:02.0990 0x1978  nvstor - ok
09:49:03.0023 0x1978  OneSyncSvc - ok
09:49:03.0107 0x1978  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64          C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:49:03.0121 0x1978  ose64 - ok
09:49:03.0478 0x1978  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
09:49:03.0619 0x1978  osppsvc - ok
09:49:03.0667 0x1978  p2pimsvc - ok
09:49:03.0709 0x1978  p2psvc - ok
09:49:03.0712 0x1978  Parport - ok
09:49:03.0730 0x1978  partmgr - ok
09:49:03.0737 0x1978  PcaSvc - ok
09:49:03.0820 0x1978  pci - ok
09:49:03.0824 0x1978  pciide - ok
09:49:03.0837 0x1978  pcmcia - ok
09:49:03.0851 0x1978  pcw - ok
09:49:03.0889 0x1978  pdc - ok
09:49:03.0918 0x1978  PEAUTH - ok
09:49:03.0964 0x1978  percsas2i - ok
09:49:03.0969 0x1978  percsas3i - ok
09:49:05.0523 0x1978  PerfHost - ok
09:49:05.0627 0x1978  PhoneSvc - ok
09:49:05.0684 0x1978  PimIndexMaintenanceSvc - ok
09:49:05.0710 0x1978  pla - ok
09:49:05.0730 0x1978  PlugPlay - ok
09:49:05.0768 0x1978  PNRPAutoReg - ok
09:49:05.0774 0x1978  PNRPsvc - ok
09:49:05.0792 0x1978  PolicyAgent - ok
09:49:05.0799 0x1978  Power - ok
09:49:05.0929 0x1978  PptpMiniport - ok
09:49:06.0750 0x1978  [ 7196D3C2E2E3129814C8DAB91F9A7D1E, 6763E4BF8E846B597E78778E520F5BADC95608BAA4EA0AC84971384B5D976DD7 ] PrintNotify    C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll
09:49:06.0937 0x1978  PrintNotify - ok
09:49:06.0975 0x1978  Processor - ok
09:49:07.0016 0x1978  ProfSvc - ok
09:49:07.0020 0x1978  Psched - ok
09:49:07.0037 0x1978  QWAVE - ok
09:49:07.0062 0x1978  QWAVEdrv - ok
09:49:07.0084 0x1978  RasAcd - ok
09:49:07.0116 0x1978  RasAgileVpn - ok
09:49:07.0130 0x1978  RasAuto - ok
09:49:07.0135 0x1978  Rasl2tp - ok
09:49:07.0146 0x1978  RasMan - ok
09:49:07.0152 0x1978  RasPppoe - ok
09:49:07.0157 0x1978  RasSstp - ok
09:49:07.0181 0x1978  rdbss - ok
09:49:07.0221 0x1978  rdpbus - ok
09:49:07.0226 0x1978  RDPDR - ok
09:49:07.0262 0x1978  RdpVideoMiniport - ok
09:49:07.0295 0x1978  rdyboost - ok
09:49:07.0831 0x1978  [ F1D9E7B84A123F8861F63A2AE1E9F144, 7A56188DE148525B23617F8DA4AD49A88FA1BFC48641ED5065896C4408DA44ED ] ReflectService.exe C:\Program Files\Recovery\Macrium\ReflectService.exe
09:49:07.0936 0x1978  ReflectService.exe - ok
09:49:07.0945 0x1978  ReFSv1 - ok
09:49:07.0970 0x1978  RemoteAccess - ok
09:49:08.0005 0x1978  RemoteRegistry - ok
09:49:08.0050 0x1978  RetailDemo - ok
09:49:08.0063 0x1978  RmSvc - ok
09:49:08.0105 0x1978  RpcEptMapper - ok
09:49:08.0153 0x1978  RpcLocator - ok
09:49:08.0159 0x1978  RpcSs - ok
09:49:08.0208 0x1978  rspndr - ok
09:49:08.0275 0x1978  [ AB959F26FBB851A9D31E2F229DB3FA1A, 35961B761C83B48DBB9960C6DEC89806F3BC9FA0F450E566333ABE3F22E42AA9 ] RTSUER          C:\WINDOWS\system32\Drivers\RtsUer.sys
09:49:08.0306 0x1978  RTSUER - ok
09:49:08.0354 0x1978  s3cap - ok
09:49:08.0393 0x1978  SamSs - ok
09:49:08.0515 0x1978  [ D95D61869CE6A7F916E53F82E4C7917D, 423BCDFBCD5C670D13F1C390DF6CA83C91137C8FCBD2A07BE03DDD823E8CAB4F ] SbieDrv        C:\Program Files\Sandboxie\SbieDrv.sys
09:49:08.0535 0x1978  SbieDrv - ok
09:49:08.0592 0x1978  [ 8F237507759186A689450BD9B8CAB7AC, C08A26CE02872281E8C186A0824552DB9A3286D041ADAFBF3F977BBE0EBC266B ] SbieSvc        C:\Program Files\Sandboxie\SbieSvc.exe
09:49:08.0609 0x1978  SbieSvc - ok
09:49:08.0653 0x1978  sbp2port - ok
09:49:08.0664 0x1978  SCardSvr - ok
09:49:08.0705 0x1978  ScDeviceEnum - ok
09:49:08.0729 0x1978  scfilter - ok
09:49:08.0744 0x1978  Schedule - ok
09:49:08.0773 0x1978  scmbus - ok
09:49:08.0809 0x1978  scmdisk0101 - ok
09:49:08.0836 0x1978  SCPolicySvc - ok
09:49:08.0887 0x1978  [ AD7189E85A0801DE0507C610963A3CD0, 0AA9F3C9D252624CC62EC95FD910C6911E136DD3E66159CEB9857BC7AB70FAA2 ] ScpVBus        C:\WINDOWS\System32\drivers\ScpVBus.sys
09:49:08.0899 0x1978  ScpVBus - ok
09:49:09.0366 0x1978  sdbus - ok
09:49:09.0386 0x1978  SDRSVC - ok
09:49:09.0431 0x1978  sdstor - ok
09:49:09.0441 0x1978  seclogon - ok
09:49:09.0459 0x1978  SENS - ok
09:49:09.0524 0x1978  SensorDataService - ok
09:49:09.0539 0x1978  SensorService - ok
09:49:09.0549 0x1978  SensrSvc - ok
09:49:09.0553 0x1978  SerCx - ok
09:49:09.0563 0x1978  SerCx2 - ok
09:49:09.0587 0x1978  Serenum - ok
09:49:09.0591 0x1978  Serial - ok
09:49:09.0596 0x1978  sermouse - ok
09:49:09.0614 0x1978  SessionEnv - ok
09:49:09.0654 0x1978  sfloppy - ok
09:49:09.0702 0x1978  SharedAccess - ok
09:49:09.0715 0x1978  ShellHWDetection - ok
09:49:09.0743 0x1978  shpamsvc - ok
09:49:09.0751 0x1978  SiSRaid2 - ok
09:49:09.0756 0x1978  SiSRaid4 - ok
09:49:09.0977 0x1978  [ 52F7E8603E888E3DB0A8B3D1804098E9, 4E23DC9442C0C14AAE7146DACBB0B39743F1FFAA463EE7069CCDF866AD27BD77 ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
09:49:09.0996 0x1978  SkypeUpdate - ok
09:49:10.0070 0x1978  [ AF9CA3A881483E6999CB2764BDAD3414, 95D6F7DA34DAD2CC1E4BC0B0867FA7E90293FB082EE0372DF5FE663E2AFD7AA4 ] SmbDrvI        C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys
09:49:10.0078 0x1978  SmbDrvI - ok
09:49:10.0141 0x1978  smphost - ok
09:49:10.0163 0x1978  SmsRouter - ok
09:49:10.0227 0x1978  SNMPTRAP - ok
09:49:10.0265 0x1978  spaceport - ok
09:49:10.0269 0x1978  SpbCx - ok
09:49:10.0307 0x1978  Spooler - ok
09:49:10.0345 0x1978  sppsvc - ok
09:49:10.0370 0x1978  srv - ok
09:49:10.0410 0x1978  srv2 - ok
09:49:10.0422 0x1978  srvnet - ok
09:49:10.0455 0x1978  SSDPSRV - ok
09:49:10.0474 0x1978  SstpSvc - ok
09:49:10.0554 0x1978  StateRepository - ok
09:49:10.0858 0x1978  [ E06AA279D85877268E34E9A9BC41F560, 6EFE7E3850CD19B919053293B6D8CB61CC638D3B1626BB62594C681625132689 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
09:49:10.0906 0x1978  Steam Client Service - ok
09:49:10.0944 0x1978  stexstor - ok
09:49:10.0965 0x1978  stisvc - ok
09:49:10.0972 0x1978  storahci - ok
09:49:11.0092 0x1978  storflt - ok
09:49:11.0117 0x1978  stornvme - ok
09:49:11.0124 0x1978  storqosflt - ok
09:49:11.0158 0x1978  StorSvc - ok
09:49:11.0165 0x1978  storufs - ok
09:49:11.0171 0x1978  storvsc - ok
09:49:11.0196 0x1978  svsvc - ok
09:49:11.0206 0x1978  swenum - ok
09:49:11.0212 0x1978  swprv - ok
09:49:11.0243 0x1978  Synth3dVsc - ok
09:49:11.0269 0x1978  SysMain - ok
09:49:11.0286 0x1978  SystemEventsBroker - ok
09:49:11.0312 0x1978  TabletInputService - ok
09:49:11.0360 0x1978  [ 876F4A55F3F5319132E3AC8DC7E75EF8, 2A347F168D406700E83F8BE39BB74E656ADD487018A73F0F4316348CD03C9F36 ] tap0901t        C:\WINDOWS\System32\drivers\tap0901t.sys
09:49:11.0375 0x1978  tap0901t - ok
09:49:11.0391 0x1978  TapiSrv - ok
09:49:11.0419 0x1978  Tcpip - ok
09:49:11.0424 0x1978  Tcpip6 - ok
09:49:11.0431 0x1978  tcpipreg - ok
09:49:11.0451 0x1978  tdx - ok
09:49:11.0604 0x1978  [ 1A4B1847BD8C7079C3A6C873342CC84A, E49E60896C6726EB8F8EE3A443B839AA6A6E802919C7D102DD820AD7C3DDA32C ] Te.Service      C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe
09:49:11.0615 0x1978  Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
09:49:11.0615 0x1978  Detect skipped due to KSN trusted
09:49:11.0615 0x1978  Te.Service - ok
09:49:11.0629 0x1978  terminpt - ok
09:49:11.0646 0x1978  TermService - ok
09:49:11.0667 0x1978  Themes - ok
09:49:11.0714 0x1978  TieringEngineService - ok
09:49:11.0727 0x1978  tiledatamodelsvc - ok
09:49:11.0739 0x1978  TimeBrokerSvc - ok
09:49:11.0766 0x1978  TPM - ok
09:49:11.0779 0x1978  TrkWks - ok
09:49:11.0869 0x1978  TrustedInstaller - ok
09:49:11.0876 0x1978  tsusbflt - ok
09:49:11.0898 0x1978  TsUsbGD - ok
09:49:11.0929 0x1978  tunnel - ok
09:49:12.0056 0x1978  [ E775DAF583CFF96F81306A4A93E501FE, C6F54D6D524CA3D3872C7BD53904A203F55C99EF93E08077183192587BE32D86 ] TunngleService  C:\Program Files (x86)\Tunngle\TnglCtrl.exe
09:49:12.0092 0x1978  TunngleService - ok
09:49:12.0149 0x1978  tzautoupdate - ok
09:49:12.0155 0x1978  UASPStor - ok
09:49:12.0161 0x1978  UcmCx0101 - ok
09:49:12.0187 0x1978  UcmTcpciCx0101 - ok
09:49:12.0207 0x1978  UcmUcsi - ok
09:49:12.0230 0x1978  Ucx01000 - ok
09:49:12.0235 0x1978  UdeCx - ok
09:49:12.0241 0x1978  udfs - ok
09:49:12.0266 0x1978  UEFI - ok
09:49:12.0296 0x1978  Ufx01000 - ok
09:49:12.0310 0x1978  UfxChipidea - ok
09:49:12.0318 0x1978  ufxsynopsys - ok
09:49:12.0381 0x1978  UI0Detect - ok
09:49:12.0388 0x1978  umbus - ok
09:49:12.0408 0x1978  UmPass - ok
09:49:12.0437 0x1978  UmRdpService - ok
09:49:12.0446 0x1978  UnistoreSvc - ok
09:49:12.0467 0x1978  upnphost - ok
09:49:12.0475 0x1978  UrsChipidea - ok
09:49:12.0498 0x1978  UrsCx01000 - ok
09:49:12.0502 0x1978  UrsSynopsys - ok
09:49:12.0529 0x1978  usbccgp - ok
09:49:12.0564 0x1978  usbcir - ok
09:49:12.0575 0x1978  usbehci - ok
09:49:12.0579 0x1978  usbhub - ok
09:49:12.0596 0x1978  USBHUB3 - ok
09:49:12.0609 0x1978  usbohci - ok
09:49:12.0614 0x1978  usbprint - ok
09:49:12.0622 0x1978  usbser - ok
09:49:12.0638 0x1978  USBSTOR - ok
09:49:12.0655 0x1978  usbuhci - ok
09:49:12.0679 0x1978  usbvideo - ok
09:49:12.0687 0x1978  USBXHCI - ok
09:49:12.0714 0x1978  UserDataSvc - ok
09:49:12.0752 0x1978  UserManager - ok
09:49:12.0787 0x1978  UsoSvc - ok
09:49:12.0795 0x1978  VaultSvc - ok
09:49:12.0818 0x1978  vdrvroot - ok
09:49:12.0848 0x1978  vds - ok
09:49:12.0855 0x1978  VerifierExt - ok
09:49:12.0878 0x1978  vhdmp - ok
09:49:12.0884 0x1978  vhf - ok
09:49:12.0891 0x1978  vmbus - ok
09:49:12.0897 0x1978  VMBusHID - ok
09:49:12.0918 0x1978  vmgid - ok
09:49:12.0942 0x1978  vmicguestinterface - ok
09:49:12.0948 0x1978  vmicheartbeat - ok
09:49:12.0963 0x1978  vmickvpexchange - ok
09:49:13.0005 0x1978  vmicrdv - ok
09:49:13.0014 0x1978  vmicshutdown - ok
09:49:13.0022 0x1978  vmictimesync - ok
09:49:13.0036 0x1978  vmicvmsession - ok
09:49:13.0049 0x1978  vmicvss - ok
09:49:13.0056 0x1978  volmgr - ok
09:49:13.0064 0x1978  volmgrx - ok
09:49:13.0076 0x1978  volsnap - ok
09:49:13.0094 0x1978  volume - ok
09:49:13.0121 0x1978  vpci - ok
09:49:13.0129 0x1978  vsmraid - ok
09:49:13.0147 0x1978  VSS - ok
09:49:13.0156 0x1978  VSTXRAID - ok
09:49:13.0185 0x1978  vwifibus - ok
09:49:13.0195 0x1978  vwififlt - ok
09:49:13.0209 0x1978  vwifimp - ok
09:49:13.0259 0x1978  W32Time - ok
09:49:13.0275 0x1978  WacomPen - ok
09:49:13.0316 0x1978  WalletService - ok
09:49:13.0328 0x1978  wanarp - ok
09:49:13.0335 0x1978  wanarpv6 - ok
09:49:13.0341 0x1978  wbengine - ok
09:49:13.0356 0x1978  WbioSrvc - ok
09:49:13.0364 0x1978  wcifs - ok
09:49:13.0383 0x1978  Wcmsvc - ok
09:49:13.0393 0x1978  wcncsvc - ok
09:49:13.0398 0x1978  wcnfs - ok
09:49:13.0404 0x1978  WdBoot - ok
09:49:13.0410 0x1978  Wdf01000 - ok
09:49:13.0420 0x1978  WdFilter - ok
09:49:13.0433 0x1978  WdiServiceHost - ok
09:49:13.0441 0x1978  WdiSystemHost - ok
09:49:13.0452 0x1978  wdiwifi - ok
09:49:13.0459 0x1978  WdNisDrv - ok
09:49:13.0492 0x1978  WdNisSvc - ok
09:49:13.0501 0x1978  WebClient - ok
09:49:13.0508 0x1978  Wecsvc - ok
09:49:13.0529 0x1978  WEPHOSTSVC - ok
09:49:13.0537 0x1978  wercplsupport - ok
09:49:13.0555 0x1978  WerSvc - ok
09:49:13.0564 0x1978  WFPLWFS - ok
09:49:13.0576 0x1978  WiaRpc - ok
09:49:13.0607 0x1978  WIMMount - ok
09:49:13.0611 0x1978  WinDefend - ok
09:49:13.0665 0x1978  WindowsTrustedRT - ok
09:49:13.0670 0x1978  WindowsTrustedRTProxy - ok
09:49:13.0698 0x1978  WinHttpAutoProxySvc - ok
09:49:13.0728 0x1978  WinMad - ok
09:49:14.0019 0x1978  Winmgmt - ok
09:49:14.0045 0x1978  WinRM - ok
09:49:14.0088 0x1978  WINUSB - ok
09:49:14.0104 0x1978  WinVerbs - ok
09:49:14.0150 0x1978  wisvc - ok
09:49:14.0206 0x1978  WlanSvc - ok
09:49:14.0229 0x1978  wlidsvc - ok
09:49:14.0235 0x1978  WmiAcpi - ok
09:49:14.0259 0x1978  wmiApSrv - ok
09:49:14.0289 0x1978  WMPNetworkSvc - ok
09:49:14.0313 0x1978  Wof - ok
09:49:14.0353 0x1978  workfolderssvc - ok
09:49:14.0364 0x1978  WPDBusEnum - ok
09:49:14.0399 0x1978  WpdUpFltr - ok
09:49:14.0434 0x1978  WpnService - ok
09:49:14.0442 0x1978  WpnUserService - ok
09:49:14.0474 0x1978  ws2ifsl - ok
09:49:14.0480 0x1978  wscsvc - ok
09:49:14.0492 0x1978  WSDPrintDevice - ok
09:49:14.0512 0x1978  WSDScan - ok
09:49:14.0517 0x1978  WSearch - ok
09:49:14.0558 0x1978  wuauserv - ok
09:49:14.0568 0x1978  WudfPf - ok
09:49:14.0572 0x1978  WUDFRd - ok
09:49:14.0589 0x1978  wudfsvc - ok
09:49:14.0597 0x1978  WUDFWpdFs - ok
09:49:14.0655 0x1978  WwanSvc - ok
09:49:14.0684 0x1978  XblAuthManager - ok
09:49:14.0700 0x1978  XblGameSave - ok
09:49:14.0721 0x1978  xboxgip - ok
09:49:14.0732 0x1978  XboxNetApiSvc - ok
09:49:14.0777 0x1978  [ 65343781331B6AE59E01C4C337682DE4, 738D00277B9137BF3D7C427E41B7835AF41388CF6C04D494CA4525F96CF7F0CC ] xhunter1        C:\WINDOWS\xhunter1.sys
09:49:14.0785 0x1978  xhunter1 - ok
09:49:14.0809 0x1978  xinputhid - ok
09:49:14.0811 0x1978  ================ Scan global ===============================
09:49:14.0924 0x1978  [ Global ] - ok
09:49:14.0925 0x1978  ================ Scan MBR ==================================
09:49:14.0946 0x1978  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:49:24.0111 0x1978  \Device\Harddisk0\DR0 - ok
09:49:24.0111 0x1978  ================ Scan VBR ==================================
09:49:24.0132 0x1978  [ D8393C0DAD999B3D1B1E6EB915DF2D89 ] \Device\Harddisk0\DR0\Partition1
09:49:24.0157 0x1978  \Device\Harddisk0\DR0\Partition1 - ok
09:49:24.0168 0x1978  [ 05B046D7D4313F6540B14AAA0C888290 ] \Device\Harddisk0\DR0\Partition2
09:49:24.0187 0x1978  \Device\Harddisk0\DR0\Partition2 - ok
09:49:24.0187 0x1978  ================ Scan generic autorun ======================
09:49:24.0233 0x1978  ETDCtrl - ok
09:49:25.0732 0x1978  [ BF225BCD0EC2D85719C382019B5B4250, 7FE5A85209BD930FC1622600AB74E59854488986AA052A0D03D5FC7B361F247D ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
09:49:26.0102 0x1978  RTHDVCPL - ok
09:49:26.0347 0x1978  [ 0C3154D0620F974AD5C4E8D87626C8CF, 4E6B751F9C0D5D4833A12166BC5142E0A7402E98D00F570926ED9CA0936A8007 ] C:\WINDOWS\system32\igfxtray.exe
09:49:26.0368 0x1978  IgfxTray - ok
09:49:26.0441 0x1978  [ E4AA3D28753EF9DB333FE40079993B09, ECC60BAA7D21EF97CDA17F45277FBFE52B2169155DDB157E34A7AE2EC1BEC185 ] C:\WINDOWS\system32\hkcmd.exe
09:49:26.0463 0x1978  HotKeysCmds - ok
09:49:26.0541 0x1978  [ CF40080765D6F66FA93318C0DB6C7D1F, 015EE5BE439DAC6D3F7C7471EEF554C11F28947492E3F7AA14BB72622C327DCD ] C:\WINDOWS\system32\igfxpers.exe
09:49:26.0568 0x1978  Persistence - ok
09:49:26.0841 0x1978  [ 0FCF03482EA4AAA23E663E047CA48D41, 728156EEDAA37F41C11F141571F1136AD1599E151E9E11462568B3A7759DF984 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
09:49:26.0891 0x1978  COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - ok
09:49:27.0017 0x1978  [ 1FAD6ACA65366E1AFF10EC6B02F47A84, 2DA16D06F553FC081E374F1699EC240D7FFFDD39D42774F044AE3DE09F2C8619 ] C:\Program Files\Microsoft Office\Office14\BCSSync.exe
09:49:27.0027 0x1978  BCSSync - ok
09:49:27.0637 0x1978  [ 739D7E0025F5CE97309695D3081E3823, 46A4B51123992B2FA3DF51F80C3E9E7118C6CCB6A68B6EDA3585BF87208B7DFC ] C:\Program Files\AMD\CNext\CNext\cnext.exe
09:49:27.0770 0x1978  StartCN - ok
09:49:27.0905 0x1978  [ 6513807FEE68E6C32E67437EE3FFB6C8, 2AB388BD68E984C38EAAF2D42DE918A64B42DA229627FC0B1A896A8AD60B5F91 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
09:49:27.0930 0x1978  SunJavaUpdateSched - ok
09:49:28.0353 0x1978  OneDriveSetup - ok
09:49:28.0355 0x1978  OneDriveSetup - ok
09:49:28.0653 0x1978  [ 8F2EA5EE0695CCE2285D92C44108375C, 2C96A8E7E41E87C27B6A3325526F99A03333357EF2682C17A4892BE4A58D157E ] C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\OneDrive.exe
09:49:28.0676 0x1978  OneDrive - ok
09:49:29.0355 0x1978  [ ADF6C78FC95716CA45A68FD3DA1C1A78, 8250D47AC8C25A3A2DB8AB2148350F7086141F91DB317D0431DA545430B843F5 ] C:\Program Files (x86)\Steam\steam.exe
09:49:29.0453 0x1978  Steam - ok
09:49:30.0081 0x1978  [ 330049982A6CF1A2A0500E8E620889D3, 81A804621F9FAD520CB47FC084F6BD4EF2697E1FB8AF30596303089597FE7C2C ] C:\Users\Oliver\AppData\Roaming\Spotify\SpotifyWebHelper.exe
09:49:30.0131 0x1978  Spotify Web Helper - ok
09:49:30.0375 0x1978  [ F51BB12D8977D26C1A4CDA348770D9F1, DDA35CD8F8A6591B83821B5180D457740E0B820CCE000BC7FB1B78FB4AEAD3BA ] C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe
09:49:30.0434 0x1978  SpybotPostWindows10UpgradeReInstall - detected UnsignedFile.Multi.Generic ( 1 )
09:49:30.0434 0x1978  Detect skipped due to KSN trusted
09:49:30.0434 0x1978  SpybotPostWindows10UpgradeReInstall - ok
09:49:31.0207 0x1978  [ 8A793A1618B8C37FC70E85DC03E9567D, 568156DB22BB9E3411923BD3417C1E8BAFC641FB82C298FCFAAD8708BE8E7DF3 ] C:\Users\Oliver\AppData\Roaming\Spotify\Spotify.exe
09:49:31.0386 0x1978  Spotify - ok
09:49:31.0459 0x1978  Skype - ok
09:49:33.0181 0x1978  [ 63405C389EB81881D68AEEB0E05F3F7D, BBE8D64C600A6FCA4BF4B89EF39B551DEB8ED826C33FD6FB2C7E2F7D773AB0E2 ] C:\Program Files\CCleaner\CCleaner64.exe
09:49:33.0456 0x1978  CCleaner Monitoring - ok
09:49:33.0690 0x1978  [ 1D37F21A8295466B831E446F3C3082B8, 680B2D309DB4318AD1619537233C70869B3C878FF161999838DDC37801BCC77D ] C:\Program Files\Sandboxie\SbieCtrl.exe
09:49:33.0718 0x1978  SandboxieControl - ok
09:49:34.0329 0x1978  Uninstall C:\Users\Oliver\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64 - ok
09:49:34.0341 0x1978  AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled : outofdate )
09:49:34.0341 0x1978  AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.10.14393.187 ), 0x60100 ( disabled : updated )
09:49:34.0343 0x1978  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled )
09:49:34.0457 0x1978  ============================================================
09:49:34.0457 0x1978  Scan finished
09:49:34.0457 0x1978  ============================================================
09:49:34.0466 0x0fbc  Detected object count: 0
09:49:34.0466 0x0fbc  Actual detected object count: 0

Grüsse!

deeprybka 26.09.2016 12:20

Schritt 1

Downloade Dir bitte http://deeprybka.trojaner-board.de/adwcleaner/adwc.pngAdwCleaner auf Deinen Desktop.
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Werkzeuge > Optionen und vergewissere Dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel
    • "Prefetch" Dateien
    • Proxy
    • Winsock
    • Internet Explorer Richtlinien
    • Chrome Richtlinien
  • Bestätige die Auswahl mit Ok.
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit Deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

http://deeprybka.trojaner-board.de/m...mbamlogo4a.pnghttp://deeprybka.trojaner-board.de/m...mbamlogo4b.png
  • Download und Anleitung
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Unter Einstellungen/ Erkennung und Schutz setze bitte einen Haken bei "Suche nach Rootkits".
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass Deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Jetzt bitte Suchscan durchführen:

Schritt 3

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Jemand 26.09.2016 16:12

Hallo,
vieleicht stelle ich mich blöd an, aber ich kriege bei mbam keinen scan bericht, nur sowas hier:
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org


Scan, 26.09.2016 17:06, SYSTEM, LAP-OLI-PB, Manual, Start: 26.09.2016 16:29, Dauer: 37 Min. 41 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen,

(end)

mach ich was falsch?
// ESET läuft noch und AdwCleaner hat normale logs ausgespuckt, die kommen zusammen.

deeprybka 26.09.2016 20:50

Wenn Du oben auf Verlauf klickst, Anwendungsprotokolle, Scan-Protokoll?

Jemand 27.09.2016 18:19

So, da bin ich wieder mit logs.

ESET:
Code:

# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=init
# utc_time=2016-09-26 02:30:45
# local_time=2016-09-26 04:30:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 30873
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=updated
# utc_time=2016-09-26 02:34:40
# local_time=2016-09-26 04:34:40 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=restart
# utc_time=2016-09-26 04:44:54
# local_time=2016-09-26 06:44:54 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3091 16777213 100 100 4064098 38566668 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 859210 6238910 0 0
# scanned=243500
# found=6
# cleaned=0
# scan_time=7814
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=init
# utc_time=2016-09-26 08:29:21
# local_time=2016-09-26 10:29:21 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 30877
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# end=updated
# utc_time=2016-09-26 08:58:51
# local_time=2016-09-26 10:58:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=27564c0b410d554b8346fddd1fd59441
# engine=30877
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2016-09-27 12:15:08
# local_time=2016-09-27 02:15:08 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='COMODO Antivirus'
# compatibility_mode=3091 16777213 100 100 4091112 38593682 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 886224 6265924 0 0
# scanned=600805
# found=6
# cleaned=0
# scan_time=11777
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}"
sh=34436B082CE08BCA3503BFFA83315328B161190E ft=1 fh=59fd38d31d0b8eed vn="Variante von Win32/ELEX.DF evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}"
sh=739884C1585DC8A59B3BC9005B358B0AA2141707 ft=1 fh=a52ebc49d9b1b457 vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}"

AdwCleaner:
Code:

# AdwCleaner v6.020 - Bericht erstellt am 26/09/2016 um 15:42:23
# Aktualisiert am 14/09/2016 von ToolsLib
# Datenbank : 2016-09-26.1 [Server]
# Betriebssystem : Windows 10 Home  (X64)
# Benutzername : Oliver - LAP-OLI-PB
# Gestartet von : C:\Users\Oliver\Desktop\AdwCleaner_6.020.exe
# Modus: Löschen
# Unterstützung : https://toolslib.net/forum



***** [ Dienste ] *****



***** [ Ordner ] *****

[-] Ordner gelöscht: C:\Users\Oliver\AppData\Local\slimware utilities inc
[-] Ordner gelöscht: C:\ProgramData\SlimWare Utilities, Inc
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picexa
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
[-] Ordner gelöscht: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlimDrivers
[-] Ordner gelöscht: C:\Program Files (x86)\SlimDrivers


***** [ Dateien ] *****

[-] Datei gelöscht: C:\WINDOWS\SysNative\log\iSafeKrnlCall.log


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Verknüpfungen ] *****

[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\soft Xpansion\Perfect PDF 6 Converter\Produktregistrierung.lnk
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PB - Security & Support\Contact.lnk
[-] Verknüpfung desinfiziert: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inet\Mozilla Firefox.lnk


***** [ Aufgabenplanung ] *****



***** [ Registrierungsdatenbank ] *****

[-] Schlüssel gelöscht: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Schlüssel gelöscht: HKLM\SOFTWARE\SlimWare Utilities Inc


***** [ Browser ] *****



*************************

:: "Tracing" Schlüssel gelöscht
:: Winsock Einstellungen zurückgesetzt
:: "Prefetch" Dateien gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1976 Bytes] - [26/09/2016 15:42:23]
C:\AdwCleaner\AdwCleaner[S0].txt - [2380 Bytes] - [26/09/2016 15:36:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [2122 Bytes] ##########

MBAM:
Es will net, unter Anwendungsprotokolle finde ich nur Schutzprotokolle und die sehen so aus:
Code:

Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 27.09.2016 18:29, SYSTEM, LAP-OLI-PB, Manual, Rootkit Database, 2016.9.26.1, 2016.9.26.2,
Update, 27.09.2016 18:29, SYSTEM, LAP-OLI-PB, Manual, Domain Database, 2016.9.23.3, 2016.9.27.4,
Update, 27.09.2016 18:30, SYSTEM, LAP-OLI-PB, Manual, Malware Database, 2016.9.26.6, 2016.9.27.10,
Protection, 27.09.2016 18:30, SYSTEM, LAP-OLI-PB, Protection, Refresh, Starting,
Protection, 27.09.2016 18:30, SYSTEM, LAP-OLI-PB, Protection, Refresh, Success,
Scan, 27.09.2016 18:59, SYSTEM, LAP-OLI-PB, Manual, Start: 27.09.2016 18:30, Dauer: 29 Min. 16 Sek., Bedrohungssuchlauf, Abgeschlossen, 0 Malware-Erkennung, 0 Nicht-Malware-Erkennungen,

(end)

//Falls es was zu sagen hat, es zeigt aber keine Bedrohungen an beim Scan.
http://fs5.directupload.net/images/160927/8fx7lkn6.png

deeprybka 28.09.2016 18:58

http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche?

Jemand 28.09.2016 21:28

Überraschender Weise läuft es normal so weit, doch die Abstürze waren ja ziemlich unregelmässig, vieleicht kommt da noch was.
Ich hab noch eine Frage, ESET hatte ja 6 Bedrohungen gefunden, jedoch nicht gelöscht, war das Fehlalarm? Sind die schon weg, oder wie?

deeprybka 28.09.2016 21:33

Zitat:

Zitat von Jemand (Beitrag 1612840)
Überraschender Weise läuft es normal so weit, doch die Abstürze waren ja ziemlich unregelmässig, vieleicht kommt da noch was.
Ich hab noch eine Frage, ESET hatte ja 6 Bedrohungen gefunden, jedoch nicht gelöscht, war das Fehlalarm? Sind die schon weg, oder wie?

Es sind eigentlich nur 3...;)

Code:

C:\ProgramData\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}
C:\ProgramData\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}
C:\ProgramData\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}
C:\Users\All Users\Comodo\Cis\Quarantine\data\{42EB5B48-4FDB-4CBE-B6D1-D15DF37BEBF4}
C:\Users\All Users\Comodo\Cis\Quarantine\data\{5772F542-A416-48E1-B19A-86AC84359FE9}
C:\Users\All Users\Comodo\Cis\Quarantine\data\{880D91F4-C037-4721-BD91-D0D36B83F0CF}

Und das Zeug ist in der Quarantäne Deines Antivirusprogramms.

Malware ist jedenfalls keine erkennbar auf dem PC.

Poste bitte letztmalig frische Logs:

Schritt 1

http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...e/frst/sn1.PNG

Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Untersuchen.
Bitte poste mir den Inhalt der beiden Logs die erstellt werden.


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:43 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131