Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: komische prozesse,bin ich infiziert?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.11.2015, 14:45   #1
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



hi,
bei meinem pc läuft alles gut,soweit so gut.
aber in meinem taskmanager ist der prozess "plugin-container.exe" 4 mal drinen.
wenn ich die alle beende passiert auch nix aber sie sind nach jedem windows neustart wieder.
und noch mehrere prozesse sind mir nicht geheuer...
einmal der prozess "nvstreamsvc.exe"
und dann noch der prozess "conhost.exe" und "nvvsvc.exe"
und "nvxdsync.exe"
und "FlashPlayerPlugin_19_0_0_245.exe" ist 2 mal drinen.
und "rundll32.exe" ist einmal drinen.

bei google habe ich gefunden das manche prozesse,wenn sie in bestimmten verzeichnissen
arbeiten "gefährlich" sein können.

ich hatte auch mal vor kurzer zeit nen virus bei mir auf der festplatte der hat alles infiziert was ich angeklickt hatte.
da war auch der prozess "csrss.exe" infiziert und den konnte ich auch nicht beenden so wie manche andere genannten prozesse.

hatte hier irgendwo nen ähnliches thema dazu und ich wurde für clean erklärt nach diversen
antimalware scannern und logfile auswertungen.

aber die prozesse sind immernoch da.
und früher waren nicht alle da und wenn dann war z.b. der "plugin-container.exe" nur einmal da und nicht 4 mal.

könnt ihr mir helfen?

hier schoNMAL EIN FRST logfile:


Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:16-11-2015
durchgeführt von admin (Administrator) auf PC (17-11-2015 15:19:41)
Gestartet von C:\Users\admin\Desktop
Geladene Profile: admin (Verfügbare Profile: admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41203\utorrentie.exe
(BitTorrent Inc.) C:\Users\admin\AppData\Roaming\BitTorrent\updates\7.9.5_41203\utorrentie.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_19_0_0_245.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-07-01] (VMware, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-21] (Oracle Corporation)
HKLM-x32\...\Run: [ConsoleApplication5] => C:\ProgramData\ConsoleApplication5\ConsoleApplication5\1.0.0.0\msdcsc.exe [0 2015-11-14] ()
HKLM-x32\...\Run: [Toolbase] => C:\ProgramData\Microsoft\Microsoft\1.1.1.1\dingdong.exe
HKLM-x32\...\RunOnce: [{f255478c-ebfa-426d-a975-4a8d1f9432a4}] => C:\ProgramData\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe [1016624 2015-08-15] (Microsoft Corporation)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2015-05-19] (Nero AG)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-11-02] (Piriform Ltd)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-11-02] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-09-13] (Disc Soft Ltd)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\MountPoints2: E - E:\vs_professional.exe
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\MountPoints2: {912d1ef3-7814-11e5-b6ac-005056c00008} - G:\AutoRunLauncher.exe
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\MountPoints2: {e0cb1ec8-5a55-11e5-a0fc-005056c00008} - E:\setup.exe
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\MountPoints2: {e0cb1ece-5a55-11e5-a0fc-005056c00008} - F:\AutoRunLauncher.exe
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Hosts: Es ist mehr als ein Eintrag in der Hosts Datei zu finden. Siehe Hosts-Bereich in Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92F26E54-F45F-436B-AB09-400A4B3518BA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-560193511-1957534509-1735208640-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-10-21] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-10-21] (Oracle Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default
FF SelectedSearchEngine: Bing®
FF Homepage: www.google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-10-21] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] [ist nicht signiert]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2015-07-21] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-09-13] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-17] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-17] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2015-05-19] (Nero AG)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [Datei ist nicht signiert]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2015-05-19] (Prolific Technology Inc.) [Datei ist nicht signiert]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-11-02] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12732608 2015-07-01] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2015-07-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-11-07] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-17] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-17] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-07-29] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-09-13] (Duplex Secure Ltd.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-05-31] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-17 15:19 - 2015-11-17 15:20 - 00020471 _____ C:\Users\admin\Desktop\FRST.txt
2015-11-17 15:19 - 2015-11-17 15:19 - 02008576 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-11-17 15:19 - 2015-11-17 15:19 - 00000000 ____D C:\Users\admin\Desktop\FRST-OlderVersion
2015-11-17 13:37 - 2015-11-17 13:37 - 00059616 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-17 13:35 - 2015-11-17 13:35 - 00270720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-17 13:35 - 2015-11-17 13:35 - 00000168 _____ C:\Windows\setupact.log
2015-11-17 13:35 - 2015-11-17 13:35 - 00000000 _____ C:\Windows\setuperr.log
2015-11-16 20:23 - 2015-11-17 13:44 - 00000000 ____D C:\Users\admin\AppData\LocalLow\BitTorrent
2015-11-16 19:59 - 2015-11-16 19:59 - 00002673 _____ C:\Users\admin\Desktop\BitTorrent.lnk
2015-11-16 19:59 - 2015-11-16 19:59 - 00002673 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-11-16 19:59 - 2015-11-16 19:59 - 00000000 ____D C:\Users\admin\AppData\Local\SearchProtect
2015-11-16 19:59 - 2015-11-16 19:59 - 00000000 ____D C:\Program Files (x86)\SearchProtect
2015-11-16 19:58 - 2015-11-17 15:16 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2015-11-14 22:23 - 2015-11-14 22:23 - 00000000 ____D C:\Users\admin\AppData\Local\SkinSoft
2015-11-13 22:44 - 2015-11-13 22:45 - 00000000 ____D C:\Program Files\TAP-Windows
2015-11-12 17:51 - 2015-11-12 17:51 - 00000000 ____D C:\ProgramData\ConsoleApplication5
2015-11-12 09:35 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-11 18:01 - 2015-11-11 18:01 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-11-11 14:36 - 2015-11-11 14:36 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-11-11 14:36 - 2015-11-11 14:36 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-11-11 13:50 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 13:50 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 13:50 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 13:50 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 13:50 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 13:50 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 13:50 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 13:50 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 13:50 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 13:50 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 13:50 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 13:50 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 13:50 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 13:50 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 13:50 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 13:50 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 13:50 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 13:50 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 13:50 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 13:50 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 13:50 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 13:50 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 13:50 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 13:50 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 13:50 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 13:50 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 13:50 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 13:50 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 13:50 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 13:50 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 13:50 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 13:50 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 13:50 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 13:50 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 13:50 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 13:50 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 13:50 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 13:50 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 13:50 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 13:50 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 13:50 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 13:49 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 13:49 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 13:49 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 13:49 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 13:49 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 13:49 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 13:49 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 13:49 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 13:49 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 13:49 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 13:49 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 13:49 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 13:49 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 13:49 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 13:49 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 13:49 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 13:49 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 13:49 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 13:49 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 13:49 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 13:49 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 13:49 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 13:49 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 13:49 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 13:49 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 13:49 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 13:49 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 13:49 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 13:49 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 13:49 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 13:49 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 13:49 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 13:49 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 13:49 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 13:49 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 13:49 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 13:49 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 13:49 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 13:49 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 13:49 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 13:49 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 13:49 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 13:49 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 13:49 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 13:49 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 13:49 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 13:49 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 13:49 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 13:49 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 13:49 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 13:49 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 13:49 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 13:49 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 13:49 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 13:49 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 13:49 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 13:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 13:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 13:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 13:49 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 13:49 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 13:49 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 13:42 - 2015-11-11 13:42 - 00000000 ____D C:\ProgramData\A
2015-11-11 13:33 - 2015-11-15 02:58 - 00000000 ____D C:\Users\admin\Documents\MSDCSC
2015-11-11 13:19 - 2015-11-11 13:15 - 00000999 _____ C:\Users\admin\Desktop\DUC.lnk
2015-11-11 13:15 - 2015-11-11 13:15 - 00000000 ____D C:\ProgramData\Vitalwerks
2015-11-10 18:12 - 2015-11-10 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-10 18:12 - 2015-10-13 20:00 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-10 18:12 - 2015-10-13 20:00 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-10 18:12 - 2015-10-13 20:00 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-10 18:12 - 2015-10-13 20:00 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-10 18:11 - 2015-10-13 16:26 - 00608048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-10 18:09 - 2015-10-13 20:00 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-10 18:09 - 2015-10-13 20:00 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-08 11:30 - 2015-11-08 11:43 - 00000000 ____D C:\EEK
2015-11-07 01:02 - 2015-11-07 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-11-07 01:02 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-11-07 01:01 - 2015-11-07 01:44 - 00831672 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-07 01:01 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-11-07 01:01 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-11-06 23:17 - 2015-11-06 23:44 - 00000105 _____ C:\ProgramData\vhzvLr.path
2015-11-06 23:17 - 2015-11-06 23:44 - 00000091 _____ C:\ProgramData\vhzvLr.folder
2015-11-06 23:17 - 2015-11-06 23:17 - 00000000 _____ C:\ProgramData\aUncijE4
2015-11-06 21:28 - 2015-11-07 01:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-11-06 21:21 - 2015-11-06 21:21 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-06 21:14 - 2015-11-17 13:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\Users\admin\Documents\My Games
2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\ProgramData\Steam
2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962}
2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA}
2015-11-06 16:53 - 2015-11-06 16:53 - 00000000 ____D C:\Program Files (x86)\Running With Scissors
2015-11-06 15:27 - 2015-11-06 15:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-11-06 14:36 - 2015-11-06 14:36 - 00000000 ____D C:\Program Files (x86)\Team 17
2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86
2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\Program Files (x86)\Dolphin x86
2015-11-02 22:59 - 2015-11-02 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-02 22:52 - 2015-11-15 02:03 - 00000000 ____D C:\AdwCleaner
2015-11-02 21:03 - 2015-11-02 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-11-02 12:28 - 2015-11-06 16:29 - 00007597 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-11-02 12:05 - 2015-11-02 12:05 - 00000000 ____H C:\Users\admin\Documents\Default.rdp
2015-11-02 10:57 - 2015-11-02 10:57 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2015-11-02 10:57 - 2015-11-02 10:57 - 00000000 ____D C:\ProgramData\abelhadigital.com
2015-11-02 10:31 - 2015-11-02 10:31 - 00000000 ____D C:\Users\admin\.java
2015-11-01 07:58 - 2015-11-01 07:58 - 00000000 ____D C:\Users\admin\AppData\Local\BANDAI NAMCO Games
2015-11-01 07:53 - 2015-11-01 07:57 - 00000000 ____D C:\Program Files (x86)\Dragonball Xenoverse Bundle Edition
2015-11-01 04:12 - 2015-11-01 04:12 - 00000000 ____D C:\Program Files (x86)\Portable
2015-10-31 04:11 - 2015-10-31 04:11 - 00000000 ____D C:\Users\admin\Documents\BNE
2015-10-31 03:32 - 2015-10-31 03:32 - 00000000 ____D C:\Games
2015-10-30 09:41 - 2015-11-13 23:16 - 00000000 ____D C:\Users\admin\AppData\Local\CyberGhost
2015-10-30 09:41 - 2015-10-30 09:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-10-30 09:09 - 2015-10-30 09:09 - 00000026 _____ C:\Windows\SysWOW64\sboot32.ocx
2015-10-29 09:13 - 2015-10-29 09:13 - 00000000 ____D C:\Users\admin\AppData\Local\Geckofx
2015-10-28 17:37 - 2015-11-13 22:48 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-10-28 13:58 - 2015-10-28 13:58 - 01859600 _____ C:\ProgramData\vhzvLr
2015-10-28 13:58 - 2015-10-28 13:58 - 00750320 _____ (AutoIt Team) C:\ProgramData\vhzvLr.exe
2015-10-23 18:53 - 2015-10-23 18:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\Steam
2015-10-21 21:32 - 2015-11-10 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-10-21 21:29 - 2015-10-21 21:29 - 00000000 ____D C:\GOG Games
2015-10-21 21:06 - 2015-10-21 21:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-21 21:06 - 2015-10-21 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vivendi Universal Games
2015-10-21 21:06 - 2015-10-21 21:06 - 00000000 ____D C:\Program Files (x86)\Vivendi Universal Games
2015-10-20 16:10 - 2015-10-20 16:10 - 00129024 _____ C:\Windows\SysWOW64\AVERM.dll
2015-10-20 16:10 - 2015-10-20 16:10 - 00028672 _____ C:\Windows\SysWOW64\AVEQT.dll
2015-10-20 16:10 - 2015-10-20 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultra Video Splitter
2015-10-20 16:10 - 2015-10-20 16:10 - 00000000 ____D C:\Program Files (x86)\Ultra Video Splitter

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-17 15:19 - 2015-06-25 22:14 - 00000000 ____D C:\FRST
2015-11-17 14:47 - 2015-10-07 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-17 13:54 - 2015-05-19 12:27 - 01815382 _____ C:\Windows\WindowsUpdate.log
2015-11-17 13:50 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-17 13:50 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-17 13:35 - 2015-06-24 00:08 - 00000000 ____D C:\ProgramData\VMware
2015-11-17 13:35 - 2015-05-19 14:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-17 13:35 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-16 22:20 - 2015-06-25 03:16 - 00000000 ____D C:\Users\admin\Desktop\Sachen
2015-11-16 20:01 - 2015-06-25 01:04 - 00002714 _____ C:\Windows\Sandboxie.ini
2015-11-16 18:32 - 2015-09-03 21:20 - 00000000 ____D C:\Users\admin\AppData\Local\JDownloader 2.0
2015-11-15 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2015-11-15 02:55 - 2015-06-24 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-15 01:54 - 2015-10-17 16:00 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-14 19:04 - 2015-05-30 17:09 - 00000000 ____D C:\Program Files (x86)\Lee_
2015-11-14 19:01 - 2015-10-08 07:44 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2015-11-14 09:11 - 2011-04-12 08:43 - 00757166 _____ C:\Windows\system32\perfh007.dat
2015-11-14 09:11 - 2011-04-12 08:43 - 00191018 _____ C:\Windows\system32\perfc007.dat
2015-11-14 09:11 - 2009-07-14 06:13 - 01704624 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-14 01:25 - 2015-05-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2015-11-13 23:21 - 2015-08-04 12:08 - 00000000 ____D C:\Tor Browser
2015-11-12 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 16:04 - 2015-06-18 20:59 - 00000000 ___HD C:\Windows\msdownld.tmp
2015-11-12 08:54 - 2015-06-24 01:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lavasoft
2015-11-12 08:54 - 2015-06-24 01:21 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-11 23:45 - 2015-05-19 17:50 - 01633840 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 23:37 - 2011-04-12 08:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 18:01 - 2015-05-19 14:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Freemake
2015-11-10 20:47 - 2015-10-17 16:00 - 00003928 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-10 20:47 - 2015-10-07 16:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 20:47 - 2015-05-19 18:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 20:47 - 2015-05-19 18:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 18:12 - 2015-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-10 18:12 - 2015-05-19 14:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-07 21:46 - 2015-10-08 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-07 21:29 - 2015-06-24 01:14 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-07 01:44 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-11-07 01:25 - 2015-07-23 15:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-06 20:50 - 2015-05-19 13:10 - 00000000 ____D C:\Program Files\COMODO
2015-11-06 20:41 - 2015-05-19 13:09 - 00000000 ____D C:\ProgramData\Comodo
2015-11-06 19:43 - 2015-06-18 20:59 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-11-06 17:04 - 2015-07-21 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 16:42 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 16:08 - 2015-08-22 16:32 - 00000000 ____D C:\Users\admin\Documents\Dolphin Emulator
2015-11-02 22:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\TAPI
2015-11-02 20:59 - 2015-05-19 12:27 - 00000000 ____D C:\Users\admin
2015-11-02 20:56 - 2015-05-19 17:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-02 20:56 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-02 20:56 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-02 12:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-01 21:29 - 2015-05-22 18:00 - 00000000 ____D C:\Program Files\WinRAR
2015-11-01 07:35 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware
2015-11-01 07:35 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Local\VMware
2015-11-01 06:39 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-01 03:37 - 2015-05-22 18:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-01 03:37 - 2015-05-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-30 09:08 - 2009-11-20 12:15 - 00162872 _____ (TheGreenBow) C:\Windows\system32\TgbStarter.exe
2015-10-30 02:52 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-29 21:10 - 2015-05-19 12:28 - 00001325 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-29 21:07 - 2015-06-27 19:26 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MakeTorrent 2.lnk
2015-10-29 21:07 - 2015-05-19 12:51 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-29 21:07 - 2012-03-14 12:15 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-29 21:07 - 2012-03-14 12:15 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-29 21:07 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-29 21:07 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-29 21:07 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-29 21:07 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-10-29 21:06 - 2015-08-04 12:09 - 00000823 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-10-29 21:06 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-29 21:06 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-28 17:41 - 2015-05-19 12:28 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2015-10-28 17:37 - 2013-08-22 13:40 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2015-10-21 18:14 - 2015-05-30 19:06 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 18:12 - 2015-10-17 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 18:12 - 2015-05-30 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-10-21 18:11 - 2015-09-02 16:03 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2015-10-21 18:10 - 2015-10-17 16:23 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-10-21 18:10 - 2015-10-17 16:22 - 00000000 ____D C:\Program Files\Java
2015-10-21 18:09 - 2015-05-30 20:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-20 16:50 - 2015-05-20 21:13 - 00000000 ____D C:\Program Files (x86)\Sims 4
2015-10-20 16:47 - 2015-10-16 22:28 - 00017083 _____ C:\app_updater.log
2015-10-20 16:47 - 2015-10-16 19:36 - 00000000 ____D C:\Users\admin\AppData\Roaming\DVDVideoSoft

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-20 21:51 - 2015-06-05 15:58 - 0000001 _____ () C:\Users\admin\AppData\Roaming\update.dat
2015-11-02 12:28 - 2015-11-06 16:29 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-11-06 23:17 - 2015-11-06 23:17 - 0000000 _____ () C:\ProgramData\aUncijE4
2015-10-28 13:58 - 2015-10-28 13:58 - 1859600 _____ () C:\ProgramData\vhzvLr
2015-10-28 13:58 - 2015-10-28 13:58 - 0750320 _____ (AutoIt Team) C:\ProgramData\vhzvLr.exe
2015-11-06 23:17 - 2015-11-06 23:44 - 0000091 _____ () C:\ProgramData\vhzvLr.folder
2015-11-06 23:17 - 2015-11-06 23:44 - 0000105 _____ () C:\ProgramData\vhzvLr.path

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\vhzvLr.exe


Einige Dateien in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\CG_5.0.15.14_72.EXE
C:\Users\admin\AppData\Local\Temp\dlLogic.exe
C:\Users\admin\AppData\Local\Temp\offer-29903D1E-A9DF-4118-93BA-1F48DE54C1EA.exe
C:\Users\admin\AppData\Local\Temp\offer-784311D8-EB42-4CA1-BEA7-1531815D8E68.exe
C:\Users\admin\AppData\Local\Temp\offer-99D660EA-6D66-4134-A0F2-D1ACE28B445C.exe
C:\Users\admin\AppData\Local\Temp\proxy_vole8146210393378964801.dll
C:\Users\admin\AppData\Local\Temp\spstub.exe
C:\Users\admin\AppData\Local\Temp\upnp.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-10 21:58

==================== Ende von FRST.txt ============================
         

Geändert von ottojack (17.11.2015 um 15:11 Uhr)

Alt 17.11.2015, 14:46   #2
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



und hier das dazugehörige addition logfile:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:16-11-2015
durchgeführt von admin (2015-11-17 15:20:48)
Gestartet von C:\Users\admin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-05-19 11:27:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

admin (S-1-5-21-560193511-1957534509-1735208640-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-560193511-1957534509-1735208640-500 - Administrator - Disabled)
Gast (S-1-5-21-560193511-1957534509-1735208640-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-560193511-1957534509-1735208640-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Total Security (Disabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Disabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Disabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{B0B387B2-B1E4-43F2-961D-08ABFD759E1A}) (Version: 12.1.9.160 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.4.0 - Sereby Corporation)
ArcaniA - Fall of Setarrif (HKLM-x32\...\{BA1F2D65-B22F-47C7-A3D0-A7827DF20272}_is1) (Version:  - Nordic Games GmbH)
ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - Nordic Games GmbH)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
FlatOut 2 (HKLM-x32\...\GOGPACKFLATOUT2_is1) (Version: 2.0.0.7 - GOG.com)
Freemake Video Converter Version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version:  - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version:  - JoWooD Productions Software AG)
HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
Icons from File 5.0.6 (HKLM-x32\...\Icons from File_is1) (Version: 5.0.6 - Vitaliy Levchenko)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 65 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
MakeTorrent v2.1 (HKLM-x32\...\MakeTorrent 2) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
One Piece Pirate Warriors 3: GOLD Edition (HKLM-x32\...\One Piece Pirate Warriors 3: GOLD Edition_is1) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
RAR Password Recovery Magic v6.1.1.393 (HKLM-x32\...\RAR Password Recovery Magic_is1) (Version:  - Password Recovery Magic Studio Ltd.)
Rayman 3 Hoodlum Havoc Version 1.0 (HKLM-x32\...\Rayman 3 Hoodlum Havoc_is1) (Version: 1.0 - Ubisoft)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version:  - Aone Software)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
VirtualDJ 8 (HKLM-x32\...\{90AE6F39-3EE1-45A1-90D5-FB6C82391EDF}) (Version: 8.0.2338.0 - Atomix Productions)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.2 - VMware, Inc)
VMware Workstation (Version: 11.1.2 - VMware, Inc.) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Zombi (HKLM-x32\...\Zombi_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

12-11-2015 23:49:09 Windows Update
17-11-2015 13:41:11 Windows Update

==================== Hosts Inhalt: ==========================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-11-16 20:56 - 00000890 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {028CA519-011B-4015-BDE9-BD363F5EA5DC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {127C27E8-993E-4AC2-BFBA-75C4057CCAFE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {1D290CE2-8968-490C-ACA9-5CC52D603838} - System32\Tasks\{2D8ECF9C-61FD-4ACC-8CF2-FAA2A8027CDD} => C:\Users\admin\Desktop\Bifrost.exe
Task: {34249658-9DD4-487A-AE7F-6BA53E1348AC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-05-19] (Microsoft Corporation)
Task: {51000FED-3EB2-4A64-8AC9-C09A72C2F330} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-02] (Piriform Ltd)
Task: {79CC19AA-C0E1-4CFA-BF19-4C4592D5F616} - System32\Tasks\{84428AE9-0A90-41D9-A9EA-B64252541EAC} => C:\Users\admin\Desktop\Neuer Ordner\Bifrost Stub Customizer v2.0.exe
Task: {807F0029-3273-4FBC-81FC-55037A44C58C} - System32\Tasks\{23620CA1-CC87-49ED-BB6E-44277012C1B0} => pcalua.exe -a "C:\ProgramData\VMware\VMware Player\Uninstaller\\uninstall.exe" -c -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"
Task: {9B52632A-A969-40A6-B830-FDE6D3C8C80E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-05-19] (Microsoft Corporation)
Task: {A0A50D1C-ACCC-44F9-A66F-023F2D313B22} - System32\Tasks\{EDED2321-2278-4C8B-AF8E-023C0A6238E9} => pcalua.exe -a C:\Users\admin\Desktop\dd2\INSTALL.EXE -d C:\Users\admin\Desktop\dd2
Task: {A460D382-66EA-4D05-B2EE-4A3C575F6EEB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-05-19] (Microsoft)
Task: {A8F7DD9B-7B2B-4046-BD9A-042487AD3470} - \csrss.exe -> Keine Datei <==== ACHTUNG
Task: {B454D397-B4BE-49A9-8CF4-BACC8DB37F25} - System32\Tasks\{7971804C-8CAA-4D0F-BCBD-664B3155E6E8} => C:\Users\admin\Desktop\Neuer Ordner\Bifrost Stub Customizer v2.0.exe
Task: {D30267F1-1475-4B1E-8E1B-66AB4100F7CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {D667BF88-581E-4E11-91E8-3BA8AC9118E2} - System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA} => pcalua.exe -a "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010\vcredist_x86.exe" -d "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010"
Task: {DE9E383F-27C4-49C3-8DF3-E326443204F7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-05-19] (Microsoft Corporation)
Task: {E64C6729-054E-41F0-B244-E9C5B277279E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-05-19] (Microsoft Corporation)
Task: {F8453438-A0FB-488F-9897-E8C1FCEB75B6} - System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962} => pcalua.exe -a "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-19 14:30 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-31 06:36 - 2015-07-01 19:50 - 12732608 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-10-15 04:43 - 2015-10-09 16:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-20 16:34 - 2015-07-20 16:34 - 00012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll
2015-05-31 06:59 - 2015-05-31 06:59 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-07-20 16:34 - 2015-07-20 16:34 - 00073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll
2015-11-10 19:48 - 2015-11-10 19:48 - 17604296 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\autoexec.bat:$CmdTcID
AlternateDataStreams: C:\vstdlib_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID
AlternateDataStreams: C:\Windows\unins001.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroBackItUp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroMediaHome.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroShowTime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroVision.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNRecode.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system\msvcrt10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\plugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vb40016.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vbrun100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vbrun200.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vbrun300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coin95itp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxcap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc100jpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\microsoft.windows.softwarelogo.showdesktop.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434174.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434181.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434174.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434181.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TgbStarter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tier0_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uplay_r1_loader.dll:$CmdZnID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmnetbridge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vnetinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsgraphicsremoteengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsjitdebugger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vstdlib_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AiORuntimes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoitx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AVEQT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AVERM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comct232.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comct332.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cygwin1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dblist32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxcap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IoctlSvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libeay32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libiconv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libintl3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libmmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libpng13.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libpng15.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libssl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mci32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70CHS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70CHT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70DEU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70ENU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70ESP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70FRA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70ITA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70JPN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70KOR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71CHS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71CHT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71DEU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71ENU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71ESP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71FRA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71ITA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71JPN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71KOR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomct2.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomctl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomm32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdatgrd.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdatlst.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdia100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msflxgrd.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshflxgd.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinet.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmask32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msstdfmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msstkprp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvci70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswinsck.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\openal32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\picclp32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\richtx32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssleay32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysinfo.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tabctl32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tier0_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uplay_r1_loader.dll:$CmdZnID
AlternateDataStreams: C:\Windows\SysWOW64\vb40032.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vmnat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vmnetdhcp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsgraphicsremoteengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsjitdebugger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vstdlib_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zlib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\L1E62x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mbam.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mwac.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\terminpt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetadapter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetbridge.sys:$CmdTcID
AlternateDataStreams: C:\Users\admin\Desktop\LS Crypter.suo:$CmdZnID

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist deaktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{3945C57F-279A-459C-A8FE-AE5138F72912}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4BC426F-536B-4BA2-8D3B-5207990745E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E07A3B24-AF55-45EB-987F-28E099A44A28}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{04006571-C299-4D1F-BDDA-40FCB9484846}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CBE6A3C2-CF81-45CA-A87B-806229BAAC38}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{E26E7D8C-7236-43C7-A3DE-02807DD62CEB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{89A7298D-2ED6-4E53-9FF4-9ED5615646FC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{9D3479CF-1495-49B0-93B9-A16A0D76F674}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C1AD0EC3-C8BA-468C-9DB7-BBFD317C4847}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{93B58B63-40E3-4BC8-9F1E-3FD8AAEA2DF4}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{64D620FC-2CCB-4565-A435-37C95559A567}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{FCAC87B2-8FF0-424C-BF98-5BFD98DCC366}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{3B2AE6C9-C6CD-4F91-A08E-B9D7C55DD86E}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [{16B94FD7-47B1-42AD-96C9-A523C6E7E6B7}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{6EDA7CA2-B5B5-4E2A-A40A-F2B6AFCB8C81}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{25B57D77-E17D-4AE1-BFCB-95D9DAAE0085}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{BD8E7152-5240-4893-8B0E-3512E5A664D2}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [TCP Query User{3D88B679-5C8F-4D3A-AB2A-9609E5EADE4D}C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe] => (Allow) C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe
FirewallRules: [UDP Query User{BF6D2823-C955-4805-BFD3-83B6BD25B82F}C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe] => (Allow) C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe
FirewallRules: [{091724C2-F5CB-4C57-AEE9-1DCF8C1D7926}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{C2F61917-20C7-4335-BB7B-8B8E219DD2BC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{D2F55E05-CCC3-4B7A-A813-B2B220742836}C:\users\admin\desktop\dolphin-x64\dolphin.exe] => (Block) C:\users\admin\desktop\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{5334C742-FA3B-44DC-837B-4289D2C7AEA9}C:\users\admin\desktop\dolphin-x64\dolphin.exe] => (Block) C:\users\admin\desktop\dolphin-x64\dolphin.exe
FirewallRules: [TCP Query User{7FDAA97A-89F5-4045-BBCF-A144602B47A0}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{95DC43D7-389D-4224-8732-2D48DD747533}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{47B4D1B5-7DA2-41DA-8458-6463B2783B17}C:\users\admin\desktop\dd\fgd.exe] => (Allow) C:\users\admin\desktop\dd\fgd.exe
FirewallRules: [UDP Query User{EBF310ED-4973-439A-A743-0F5B0E2C7F36}C:\users\admin\desktop\dd\fgd.exe] => (Allow) C:\users\admin\desktop\dd\fgd.exe
FirewallRules: [{CC1587B9-385F-4523-AC1A-3F0BB2F52764}] => (Allow) LPort=12292
FirewallRules: [{3D7CF3E4-BFCD-44C3-8241-BF893063E6F4}] => (Allow) LPort=500
FirewallRules: [{BBCDF4C6-B742-4D99-A469-16BB058E8F3D}] => (Allow) LPort=4500
FirewallRules: [TCP Query User{7F65A14A-D49F-47CD-A98E-E324E4917AD2}C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [UDP Query User{C971E4CF-8C05-4642-9A40-B6C525D71C6B}C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{7CFB1E5C-C578-4878-A8E2-824F85661E35}] => (Block) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{05EBE91F-D545-43CA-9375-A23D201D3F39}] => (Block) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{BE6A247D-5574-4DD9-A7D9-FA77B81C2F1A}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [UDP Query User{08D366F2-35CC-40D6-92E1-5873B682B2A6}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [{2031D6D0-20A4-4030-B17A-488C7ADC8631}] => (Block) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [{2B13B809-EAEE-4514-B1CD-DB12FA049830}] => (Block) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [TCP Query User{01EE0383-BB73-4D8A-AEC1-12E19233912D}C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe] => (Allow) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{A1A4C67A-E2F8-4954-ADE3-C7F871713059}C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe] => (Allow) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [{F0785EC4-E48D-4C61-8F81-BA76EAEE22DB}] => (Block) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [{ACABB210-169B-465F-BAED-9F9677E79DEA}] => (Block) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [{B3E487E8-1B5E-44A6-9C0B-A3204EE2C8B5}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{BB6D4001-F455-427F-97EE-F5F3471D549B}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{EAF2B7F5-C225-4ACA-A0DB-2FEC13A00127}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{00612333-7E82-45C8-828D-CFC713D4AD3D}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{A8921F25-D264-4279-A103-3229D8FF51D7}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DC07B1FB-902F-44B0-B92E-FB8E2228FB78}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{20F538CD-EC0B-4811-8C1E-E15981E8F642}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{91CACAFD-9A8E-422C-B480-1AA35F7F8257}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9203F0DF-0844-47EE-BE42-B7DDC9DA9C0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{92882AFE-9CDD-4B44-94E3-7ED1F3BD7E2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CC5CF8AF-28D2-41F5-9E25-A5DCBA694736}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A5ABC8D6-E776-494D-9CF3-EE227E55DF34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{15012327-8DB5-46C6-9DA6-C4D42E4D7C3E}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4E469104-0230-4DB8-806E-258368362DB8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3A55189E-651E-4DC5-B69A-CCFE1D34AFBD}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ABDCFB25-91A1-4876-BBCD-C004172D6FE8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C028DE05-8E8F-477A-A845-BE96C9EEE0DC}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{649ABC75-74F7-4B75-9A01-F6CB034E76A8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/17/2015 03:03:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xd8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/17/2015 03:03:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xa10
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/17/2015 03:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0xd44
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/17/2015 03:02:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 38.0.1.5611, Zeitstempel: 0x55541a90
Name des fehlerhaften Moduls: mozalloc.dll, Version: 38.0.1.5611, Zeitstempel: 0x55540a1e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001aa1
ID des fehlerhaften Prozesses: 0x1694
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3

Error: (11/17/2015 01:35:47 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (11/17/2015 01:35:30 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (11/17/2015 01:35:29 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.


Systemfehler:
=============
Error: (11/17/2015 02:35:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware Workstation Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Prozentuale Nutzung des RAM: 62%
Installierter physikalischer RAM: 3071.12 MB
Verfügbarer physikalischer RAM: 1146.56 MB
Summe virtueller Speicher: 6440.44 MB
Verfügbarer virtueller Speicher: 3879.46 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:703.57 GB) NTFS
Drive d: (Disk) (CDROM) (Total:3.06 GB) (Free:0 GB) CDFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3941A79A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

edit: firewall und av-programm hatte ich ausgemacht vor dem frst scan aber jetzt wieder angemacht.
sonst meckert der frst rum vielleicht hab ich mir gedacht...
__________________


Geändert von ottojack (17.11.2015 um 15:08 Uhr)

Alt 17.11.2015, 16:57   #3
schrauber
/// the machine
/// TB-Ausbilder
 

komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



hi,

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
__________________

Alt 17.11.2015, 17:49   #4
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



ok hier das mbar logfile:

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2015.11.17.04
  rootkit: v2015.11.14.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18097
admin :: PC [administrator]

17.11.2015 18:12:07
mbar-log-2015-11-17 (18-12-07).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 380246
Time elapsed: 16 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\DC3_FEXEC (Backdoor.DarkComet.Trace) -> Delete on reboot. [d048f9865c2fc175e8034169e81bba46]

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Users\admin\AppData\Local\Temp\upnp.exe (Backdoor.Daromec) -> Delete on reboot. [a078354a2c5fc5717793e810ba49e41c]
C:\Users\admin\AppData\Local\Temp\Rar$EXa0.984\HSS-5.0.2-install-plain-714-plain.exe (VirTool.VBBind) -> Delete on reboot. [74a46b14dead22146b1d2ffd34d030d0]
C:\Users\admin\AppData\Local\Temp\Rar$DRa0.039\HSS-5.0.2-install-plain-714-plain.exe (VirTool.VBBind) -> Delete on reboot. [66b2d8a7a7e475c12b5d59d3a55f629e]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
         
und hier das tdsskiller logfile:

Code:
ATTFilter
18:41:27.0873 0x0eb4  TDSS rootkit removing tool 3.1.0.6 Nov 16 2015 12:17:23
18:41:31.0505 0x0eb4  ============================================================
18:41:31.0505 0x0eb4  Current date / time: 2015/11/17 18:41:31.0505
18:41:31.0505 0x0eb4  SystemInfo:
18:41:31.0505 0x0eb4  
18:41:31.0506 0x0eb4  OS Version: 6.1.7601 ServicePack: 1.0
18:41:31.0506 0x0eb4  Product type: Workstation
18:41:31.0506 0x0eb4  ComputerName: PC
18:41:31.0507 0x0eb4  UserName: admin
18:41:31.0507 0x0eb4  Windows directory: C:\Windows
18:41:31.0507 0x0eb4  System windows directory: C:\Windows
18:41:31.0507 0x0eb4  Running under WOW64
18:41:31.0507 0x0eb4  Processor architecture: Intel x64
18:41:31.0507 0x0eb4  Number of processors: 2
18:41:31.0507 0x0eb4  Page size: 0x1000
18:41:31.0507 0x0eb4  Boot type: Normal boot
18:41:31.0507 0x0eb4  ============================================================
18:41:38.0480 0x0eb4  KLMD registered as C:\Windows\system32\drivers\57377636.sys
18:41:38.0692 0x0eb4  System UUID: {3398C108-D621-0055-2D64-3BC9152926C7}
18:41:39.0114 0x0eb4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x700FC, SectorsPerTrack: 0x13, TracksPerCylinder: 0xE0, Type 'K0', Flags 0x00000040
18:41:39.0128 0x0eb4  ============================================================
18:41:39.0128 0x0eb4  \Device\Harddisk0\DR0:
18:41:39.0129 0x0eb4  MBR partitions:
18:41:39.0129 0x0eb4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:41:39.0129 0x0eb4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
18:41:39.0129 0x0eb4  ============================================================
18:41:39.0150 0x0eb4  C: <-> \Device\Harddisk0\DR0\Partition2
18:41:39.0150 0x0eb4  ============================================================
18:41:39.0150 0x0eb4  Initialize success
18:41:39.0150 0x0eb4  ============================================================
18:44:07.0248 0x13b0  ============================================================
18:44:07.0248 0x13b0  Scan started
18:44:07.0248 0x13b0  Mode: Manual; SigCheck; TDLFS; 
18:44:07.0248 0x13b0  ============================================================
18:44:07.0248 0x13b0  KSN ping started
18:44:09.0671 0x13b0  KSN ping finished: true
18:44:11.0923 0x13b0  ================ Scan system memory ========================
18:44:11.0923 0x13b0  System memory - ok
18:44:11.0923 0x13b0  ================ Scan services =============================
18:44:12.0040 0x13b0  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
18:44:12.0139 0x13b0  1394ohci - ok
18:44:12.0171 0x13b0  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
18:44:12.0193 0x13b0  ACPI - ok
18:44:12.0210 0x13b0  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
18:44:12.0272 0x13b0  AcpiPmi - ok
18:44:12.0360 0x13b0  [ 91B88B8845AE709EB780D372372A0BBF, AFBBF839D67A4BD5E064BF4640F8C7D3066594E93B28E69B81D521FAD65415BC ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:44:12.0387 0x13b0  AdobeFlashPlayerUpdateSvc - ok
18:44:12.0421 0x13b0  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
18:44:12.0454 0x13b0  adp94xx - ok
18:44:12.0479 0x13b0  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
18:44:12.0502 0x13b0  adpahci - ok
18:44:12.0522 0x13b0  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
18:44:12.0541 0x13b0  adpu320 - ok
18:44:12.0583 0x13b0  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
18:44:12.0708 0x13b0  AeLookupSvc - ok
18:44:12.0775 0x13b0  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
18:44:12.0827 0x13b0  AFD - ok
18:44:12.0853 0x13b0  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
18:44:12.0869 0x13b0  agp440 - ok
18:44:12.0887 0x13b0  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
18:44:12.0954 0x13b0  ALG - ok
18:44:12.0976 0x13b0  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
18:44:12.0993 0x13b0  aliide - ok
18:44:13.0017 0x13b0  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
18:44:13.0034 0x13b0  amdide - ok
18:44:13.0041 0x13b0  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
18:44:13.0077 0x13b0  AmdK8 - ok
18:44:13.0098 0x13b0  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
18:44:13.0129 0x13b0  AmdPPM - ok
18:44:13.0154 0x13b0  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
18:44:13.0171 0x13b0  amdsata - ok
18:44:13.0187 0x13b0  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
18:44:13.0205 0x13b0  amdsbs - ok
18:44:13.0218 0x13b0  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
18:44:13.0232 0x13b0  amdxata - ok
18:44:13.0276 0x13b0  [ 27DABFB4A6B0140C34DBEC713469592B, A355170D353AFBF0DE4EF53282F8404788FBBD0E2A1B7282B1B2925923E83141 ] AppID           C:\Windows\system32\drivers\appid.sys
18:44:13.0331 0x13b0  AppID - ok
18:44:13.0354 0x13b0  [ ABC373B9C6275D45F17DB559408FFD1B, 12B355393BEBE2D1D24D7A9DA5E69E03E334899407503BC1CADCF7BE39828223 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
18:44:13.0384 0x13b0  AppIDSvc - ok
18:44:13.0420 0x13b0  [ 3EA5DA3F459F6ED19E10166965F6892F, F5618A5FA72C5E57BCFA6F2ECB840B1AEC60C72840AF3C1D94D5FCDB5ED2BF5E ] Appinfo         C:\Windows\System32\appinfo.dll
18:44:13.0456 0x13b0  Appinfo - ok
18:44:13.0483 0x13b0  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
18:44:13.0531 0x13b0  AppMgmt - ok
18:44:13.0546 0x13b0  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
18:44:13.0565 0x13b0  arc - ok
18:44:13.0582 0x13b0  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
18:44:13.0598 0x13b0  arcsas - ok
18:44:13.0675 0x13b0  [ 2AC1E04A3542137F5C28C509FE0EB430, 66E507AB2905505080E32B83693690EA232B7E68204874861FA1C932DA61F0C6 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
18:44:13.0700 0x13b0  aspnet_state - ok
18:44:13.0730 0x13b0  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
18:44:13.0840 0x13b0  AsyncMac - ok
18:44:13.0862 0x13b0  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
18:44:13.0875 0x13b0  atapi - ok
18:44:13.0883 0x13b0  athr - ok
18:44:13.0914 0x13b0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:44:13.0985 0x13b0  AudioEndpointBuilder - ok
18:44:14.0011 0x13b0  [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv        C:\Windows\System32\Audiosrv.dll
18:44:14.0040 0x13b0  AudioSrv - ok
18:44:14.0144 0x13b0  [ 9C7C876ACB9B707ECD08BD434C46A4D3, 4135E95C0E531854268D2009ACD6F932D8ADC4D31E72D3B942F731C60ECCDF1D ] AVP15.0.2       C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
18:44:14.0178 0x13b0  AVP15.0.2 - ok
18:44:14.0211 0x13b0  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
18:44:14.0279 0x13b0  AxInstSV - ok
18:44:14.0324 0x13b0  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
18:44:14.0383 0x13b0  b06bdrv - ok
18:44:14.0416 0x13b0  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
18:44:14.0441 0x13b0  b57nd60a - ok
18:44:14.0456 0x13b0  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
18:44:14.0512 0x13b0  BDESVC - ok
18:44:14.0531 0x13b0  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
18:44:14.0601 0x13b0  Beep - ok
18:44:14.0660 0x13b0  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
18:44:14.0728 0x13b0  BFE - ok
18:44:14.0791 0x13b0  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
18:44:14.0937 0x13b0  BITS - ok
18:44:14.0952 0x13b0  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
18:44:14.0981 0x13b0  blbdrive - ok
18:44:15.0015 0x13b0  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
18:44:15.0073 0x13b0  bowser - ok
18:44:15.0092 0x13b0  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
18:44:15.0133 0x13b0  BrFiltLo - ok
18:44:15.0154 0x13b0  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
18:44:15.0172 0x13b0  BrFiltUp - ok
18:44:15.0225 0x13b0  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
18:44:15.0295 0x13b0  BridgeMP - ok
18:44:15.0324 0x13b0  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
18:44:15.0377 0x13b0  Browser - ok
18:44:15.0408 0x13b0  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
18:44:15.0449 0x13b0  Brserid - ok
18:44:15.0467 0x13b0  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
18:44:15.0485 0x13b0  BrSerWdm - ok
18:44:15.0495 0x13b0  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
18:44:15.0513 0x13b0  BrUsbMdm - ok
18:44:15.0523 0x13b0  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
18:44:15.0554 0x13b0  BrUsbSer - ok
18:44:15.0578 0x13b0  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
18:44:15.0612 0x13b0  BTHMODEM - ok
18:44:15.0650 0x13b0  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
18:44:15.0702 0x13b0  bthserv - ok
18:44:15.0741 0x13b0  c2wts - ok
18:44:15.0769 0x13b0  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
18:44:15.0822 0x13b0  cdfs - ok
18:44:15.0856 0x13b0  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
18:44:15.0874 0x13b0  cdrom - ok
18:44:15.0894 0x13b0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
18:44:15.0930 0x13b0  CertPropSvc - ok
18:44:16.0014 0x13b0  [ 6FED735D3B808D51C725C886E8F53116, 7DABDFA995C1323E222D7D5AE7F3AE28E11703E21430EA7B7B16B12DF0102B86 ] CGVPNCliService C:\Program Files\CyberGhost 5\Service.exe
18:44:16.0036 0x13b0  CGVPNCliService - ok
18:44:16.0053 0x13b0  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
18:44:16.0071 0x13b0  circlass - ok
18:44:16.0097 0x13b0  [ 404B7DF9CA4D1CB675045AF220FF3285, 91FFADE2ABE5C48849E63134D5FFD20671FE0D1720F7D486F904391B3D142C96 ] CLFS            C:\Windows\system32\CLFS.sys
18:44:16.0120 0x13b0  CLFS - ok
18:44:16.0170 0x13b0  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:44:16.0194 0x13b0  clr_optimization_v2.0.50727_32 - ok
18:44:16.0205 0x13b0  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:44:16.0220 0x13b0  clr_optimization_v2.0.50727_64 - ok
18:44:16.0276 0x13b0  [ 19E11CACD01FCB8C63DED05319074420, 7A5972525CC20679A682C738475D968A89E1453BBBF070A18E6216ED7801A3C2 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:44:16.0298 0x13b0  clr_optimization_v4.0.30319_32 - ok
18:44:16.0312 0x13b0  [ F71413E276F4EDA3BFD1B51C1FDBAD5E, 29A1B39F8DB96612442016439D3AC968678298CB46EE95CF2D11C71881353F65 ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:44:16.0331 0x13b0  clr_optimization_v4.0.30319_64 - ok
18:44:16.0350 0x13b0  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
18:44:16.0382 0x13b0  CmBatt - ok
18:44:16.0400 0x13b0  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
18:44:16.0414 0x13b0  cmdide - ok
18:44:16.0448 0x13b0  [ 429B31D047CFAD3CA5DD38120A2CE455, 5CC1459CBBBF2E6788635D4C277B116D90AE01DBE7AD561EB41A668F64801E80 ] cm_km_w         C:\Windows\system32\DRIVERS\cm_km_w.sys
18:44:16.0468 0x13b0  cm_km_w - ok
18:44:16.0496 0x13b0  [ EC0511BB85BAA42A9734011685A6732C, 10B52F0860CCB3AA0FC34DDA5C5538BFCF7B6D40738B7756297237FD2D9E01C1 ] CNG             C:\Windows\system32\Drivers\cng.sys
18:44:16.0528 0x13b0  CNG - ok
18:44:16.0538 0x13b0  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
18:44:16.0552 0x13b0  Compbatt - ok
18:44:16.0569 0x13b0  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
18:44:16.0586 0x13b0  CompositeBus - ok
18:44:16.0596 0x13b0  COMSysApp - ok
18:44:16.0608 0x13b0  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
18:44:16.0623 0x13b0  crcdisk - ok
18:44:16.0649 0x13b0  [ 7BC3E861F7E8EB543A630090FAE779E0, 52A538F25C853AAC9706CD0D4EBF80B1963391AA175895CFD9D44C8ABBFCFB74 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
18:44:16.0677 0x13b0  CryptSvc - ok
18:44:16.0701 0x13b0  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
18:44:16.0760 0x13b0  CSC - ok
18:44:16.0822 0x13b0  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
18:44:16.0873 0x13b0  CscService - ok
18:44:16.0913 0x13b0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
18:44:16.0975 0x13b0  DcomLaunch - ok
18:44:17.0008 0x13b0  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
18:44:17.0052 0x13b0  defragsvc - ok
18:44:17.0067 0x13b0  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
18:44:17.0123 0x13b0  DfsC - ok
18:44:17.0148 0x13b0  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
18:44:17.0211 0x13b0  Dhcp - ok
18:44:17.0309 0x13b0  [ EC3F433D00365F1A9BC3411BCA7C7140, 0852D747359DE573504EBBDB99DA26D3BFA8B3C7A4836F8E3A5AD94B5571AD5C ] DiagTrack       C:\Windows\system32\diagtrack.dll
18:44:17.0387 0x13b0  DiagTrack - ok
18:44:17.0474 0x13b0  [ 91DF13EC831BDCFA36A7A12CD13D66B9, 5054281FE91D4BE0DB446F6F30E3D59E669185555F6C20B988DEC250713FFCED ] Disc Soft Lite Bus Service C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
18:44:17.0520 0x13b0  Disc Soft Lite Bus Service - ok
18:44:17.0549 0x13b0  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
18:44:17.0586 0x13b0  discache - ok
18:44:17.0637 0x13b0  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
18:44:17.0659 0x13b0  Disk - ok
18:44:17.0714 0x13b0  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
18:44:17.0773 0x13b0  dmvsc - ok
18:44:17.0818 0x13b0  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
18:44:17.0874 0x13b0  Dnscache - ok
18:44:17.0908 0x13b0  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
18:44:17.0978 0x13b0  dot3svc - ok
18:44:18.0002 0x13b0  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
18:44:18.0058 0x13b0  DPS - ok
18:44:18.0100 0x13b0  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
18:44:18.0150 0x13b0  drmkaud - ok
18:44:18.0181 0x13b0  [ 496C3C6BC3D930D0960C9E75AA30F4A7, 3FE0E86DA8C2C6A990BB2F1B92C22BD3483882B8D69FF8025BB68A199362C234 ] dtlitescsibus   C:\Windows\system32\DRIVERS\dtlitescsibus.sys
18:44:18.0195 0x13b0  dtlitescsibus - ok
18:44:18.0239 0x13b0  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
18:44:18.0278 0x13b0  DXGKrnl - ok
18:44:18.0290 0x13b0  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
18:44:18.0346 0x13b0  EapHost - ok
18:44:18.0470 0x13b0  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
18:44:18.0581 0x13b0  ebdrv - ok
18:44:18.0610 0x13b0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] EFS             C:\Windows\System32\lsass.exe
18:44:18.0647 0x13b0  EFS - ok
18:44:18.0702 0x13b0  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
18:44:18.0776 0x13b0  ehRecvr - ok
18:44:18.0790 0x13b0  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
18:44:18.0827 0x13b0  ehSched - ok
18:44:18.0870 0x13b0  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
18:44:18.0897 0x13b0  elxstor - ok
18:44:18.0914 0x13b0  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
18:44:18.0928 0x13b0  ErrDev - ok
18:44:18.0969 0x13b0  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
18:44:19.0015 0x13b0  EventSystem - ok
18:44:19.0039 0x13b0  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
18:44:19.0098 0x13b0  exfat - ok
18:44:19.0122 0x13b0  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
18:44:19.0162 0x13b0  fastfat - ok
18:44:19.0196 0x13b0  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
18:44:19.0244 0x13b0  Fax - ok
18:44:19.0267 0x13b0  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
18:44:19.0283 0x13b0  fdc - ok
18:44:19.0296 0x13b0  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
18:44:19.0352 0x13b0  fdPHost - ok
18:44:19.0375 0x13b0  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
18:44:19.0411 0x13b0  FDResPub - ok
18:44:19.0425 0x13b0  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
18:44:19.0441 0x13b0  FileInfo - ok
18:44:19.0449 0x13b0  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
18:44:19.0500 0x13b0  Filetrace - ok
18:44:19.0518 0x13b0  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
18:44:19.0548 0x13b0  flpydisk - ok
18:44:19.0575 0x13b0  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
18:44:19.0595 0x13b0  FltMgr - ok
18:44:19.0660 0x13b0  [ D5A775990A7C202A037378FDBCDB6141, 27AD242914FAFB7A27B3045C0F0F6AFE6873FE331A51D8BB29A63B5D84C72EFB ] FontCache       C:\Windows\system32\FntCache.dll
18:44:19.0723 0x13b0  FontCache - ok
18:44:19.0820 0x13b0  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:44:19.0839 0x13b0  FontCache3.0.0.0 - ok
18:44:19.0856 0x13b0  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
18:44:19.0870 0x13b0  FsDepends - ok
18:44:19.0881 0x13b0  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
18:44:19.0896 0x13b0  Fs_Rec - ok
18:44:19.0997 0x13b0  [ 38F3CF15321DC2B47C7907EB222B637A, C2CE4F62BD7C93566C36B7290DA3E804FB79A18A18E2544E2B6404B473483D4E ] fussvc          C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe
18:44:20.0027 0x13b0  fussvc - detected UnsignedFile.Multi.Generic ( 1 )
18:44:23.0672 0x13b0  Detect skipped due to KSN trusted
18:44:23.0672 0x13b0  fussvc - ok
18:44:23.0740 0x13b0  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
18:44:23.0766 0x13b0  fvevol - ok
18:44:23.0789 0x13b0  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
18:44:23.0805 0x13b0  gagp30kx - ok
18:44:23.0877 0x13b0  [ 28D0B60C58D1F734449E735E2C4FCE94, 8DF2706EB0F6383BA44961440FDAA93B3756E48994FBF4AB2B13CDA66A6F3C3F ] GfExperienceService C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
18:44:23.0918 0x13b0  GfExperienceService - ok
18:44:23.0956 0x13b0  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
18:44:24.0028 0x13b0  gpsvc - ok
18:44:24.0069 0x13b0  [ 3F95931AEEA6DEF9FC02C565D2EFC145, A77CE97B0143A035D7C2655C2BF31008D4D555EF63CCF188EC58D5611782E635 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
18:44:24.0082 0x13b0  hcmon - ok
18:44:24.0098 0x13b0  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
18:44:24.0128 0x13b0  hcw85cir - ok
18:44:24.0159 0x13b0  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:44:24.0197 0x13b0  HdAudAddService - ok
18:44:24.0231 0x13b0  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
18:44:24.0251 0x13b0  HDAudBus - ok
18:44:24.0263 0x13b0  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
18:44:24.0280 0x13b0  HidBatt - ok
18:44:24.0296 0x13b0  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
18:44:24.0329 0x13b0  HidBth - ok
18:44:24.0348 0x13b0  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
18:44:24.0383 0x13b0  HidIr - ok
18:44:24.0408 0x13b0  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
18:44:24.0447 0x13b0  hidserv - ok
18:44:24.0467 0x13b0  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\drivers\hidusb.sys
18:44:24.0501 0x13b0  HidUsb - ok
18:44:24.0531 0x13b0  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
18:44:24.0570 0x13b0  hkmsvc - ok
18:44:24.0584 0x13b0  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:44:24.0646 0x13b0  HomeGroupListener - ok
18:44:24.0682 0x13b0  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:44:24.0711 0x13b0  HomeGroupProvider - ok
18:44:24.0737 0x13b0  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
18:44:24.0759 0x13b0  HpSAMD - ok
18:44:24.0806 0x13b0  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
18:44:24.0855 0x13b0  HTTP - ok
18:44:24.0875 0x13b0  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
18:44:24.0889 0x13b0  hwpolicy - ok
18:44:24.0907 0x13b0  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
18:44:24.0925 0x13b0  i8042prt - ok
18:44:24.0953 0x13b0  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
18:44:24.0977 0x13b0  iaStorV - ok
18:44:25.0038 0x13b0  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:44:25.0076 0x13b0  idsvc - ok
18:44:25.0086 0x13b0  IEEtwCollectorService - ok
18:44:25.0267 0x13b0  [ A87261EF1546325B559374F5689CF5BC, 8DE48A8A13A32AAAC54CDDF58F3F61BE3E2802C1D9CA1CA98E57EB0D65FB6002 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
18:44:25.0491 0x13b0  igfx - ok
18:44:25.0521 0x13b0  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
18:44:25.0535 0x13b0  iirsp - ok
18:44:25.0575 0x13b0  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
18:44:25.0612 0x13b0  IKEEXT - ok
18:44:25.0633 0x13b0  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
18:44:25.0647 0x13b0  intelide - ok
18:44:25.0656 0x13b0  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
18:44:25.0687 0x13b0  intelppm - ok
18:44:25.0722 0x13b0  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
18:44:25.0763 0x13b0  IPBusEnum - ok
18:44:25.0780 0x13b0  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:44:25.0834 0x13b0  IpFilterDriver - ok
18:44:25.0877 0x13b0  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
18:44:25.0939 0x13b0  iphlpsvc - ok
18:44:25.0962 0x13b0  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
18:44:25.0992 0x13b0  IPMIDRV - ok
18:44:26.0015 0x13b0  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
18:44:26.0074 0x13b0  IPNAT - ok
18:44:26.0094 0x13b0  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
18:44:26.0114 0x13b0  IRENUM - ok
18:44:26.0128 0x13b0  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
18:44:26.0142 0x13b0  isapnp - ok
18:44:26.0157 0x13b0  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
18:44:26.0178 0x13b0  iScsiPrt - ok
18:44:26.0198 0x13b0  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
18:44:26.0212 0x13b0  kbdclass - ok
18:44:26.0222 0x13b0  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
18:44:26.0239 0x13b0  kbdhid - ok
18:44:26.0253 0x13b0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] KeyIso          C:\Windows\system32\lsass.exe
18:44:26.0268 0x13b0  KeyIso - ok
18:44:26.0321 0x13b0  [ 5781DA0CFB8833F5D8AEB433233C7294, 5EF52B532257E8CD34CEAFA405FF022CB1127B6A92BEE5578BC73B0380556D2A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
18:44:26.0347 0x13b0  kl1 - ok
18:44:26.0373 0x13b0  [ EE7A44540B65B6FF617DCB8929C9FDAE, E9FB0BEAA1692CEBE8F6E1DED6AE49EFE2679F606CD251AE2222095D37129CDA ] kldisk          C:\Windows\system32\DRIVERS\kldisk.sys
18:44:26.0389 0x13b0  kldisk - ok
18:44:26.0425 0x13b0  [ 119FC2FA9972458FF15BC17F2C36AB99, 6D45F8C9DC0CA7E8CA24E339B543E255C2A36349F9E510F20415FC4F6A1BD868 ] klflt           C:\Windows\system32\DRIVERS\klflt.sys
18:44:26.0451 0x13b0  klflt - ok
18:44:26.0467 0x13b0  [ B96959CDDDEAE40F5B57C52AC6F94EC0, 207CA534DEACA83231FCE92E248ECFA95B8A12FA7FD3D711B730D76FD4A481DD ] klhk            C:\Windows\system32\DRIVERS\klhk.sys
18:44:26.0486 0x13b0  klhk - ok
18:44:26.0517 0x13b0  [ 61F6CCFE3D7B278E7F03DE7BC08DB694, 20D8BB1EEC95BDB11D91BF130D8BEE43048C950C274C8921D69B252A0C89BC7F ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
18:44:26.0552 0x13b0  KLIF - ok
18:44:26.0580 0x13b0  [ 3B360AA2710679C71E450745B96A801C, 2DDD55D838DA70D4834896AC70BEFB611488D894A79B14D5838401F5D9F93A84 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
18:44:26.0596 0x13b0  KLIM6 - ok
18:44:26.0604 0x13b0  [ 7DBA65D9D2974298B927287904EFF3D4, F69DDB0FF6CCEAE5EC7CD2A04A55E24D960DF4C6F935475C4AD466506D652255 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
18:44:26.0618 0x13b0  klkbdflt - ok
18:44:26.0623 0x13b0  klkbdflt2 - ok
18:44:26.0660 0x13b0  [ 99EA6658E783A8D683BC3B72FD9FD235, 28163AE6503A30722497B5176AFDB139C21DC318622ABF867B65AB2C7D96EF59 ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
18:44:26.0674 0x13b0  klmouflt - ok
18:44:26.0681 0x13b0  [ B33399BCA2034648520E34987CE2C0C9, F93B38D7DFAAE44B929BC2F739F03A9A67C6FA4AFC29B07DF96D2C7011DCB1AF ] klpd            C:\Windows\system32\DRIVERS\klpd.sys
18:44:26.0695 0x13b0  klpd - ok
18:44:26.0711 0x13b0  [ B36DEE2A91F9388C4D3ED744592DE81D, 78D64539A375C80250FB9FA5E1DDA208B331A85916E19ED1353623DDF750EC58 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
18:44:26.0726 0x13b0  kltdi - ok
18:44:26.0761 0x13b0  [ 88D5EF6EE17C280167D42B53282AB4BD, CFFF8D7CE24FCE62FB2C21E1B09DF914612C1EF96876855537B207F7BD83E872 ] Klwtp           C:\Windows\system32\DRIVERS\klwtp.sys
18:44:26.0777 0x13b0  Klwtp - ok
18:44:26.0788 0x13b0  [ F9F8752748D6629EB8A5990F97D4346B, 833788E320F429BA25838F414F190C1D024D352F4F3CE050D593DCAEB2BAC2E8 ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
18:44:26.0806 0x13b0  kneps - ok
18:44:26.0828 0x13b0  [ BCC83F22805F560C8A487F2F296A78FE, B6729B9D85CC3B9377E3143FEF920EFAA82D152845A43074417E9266C9F5C1A8 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
18:44:26.0843 0x13b0  KSecDD - ok
18:44:26.0861 0x13b0  [ 33D52A96BEEE8AFCE9E07EEC9FE0C9DB, 5367B46A43296792A0E6294906D40511079D5CAA23F08D5A7EDE02C06AD34484 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
18:44:26.0879 0x13b0  KSecPkg - ok
18:44:26.0905 0x13b0  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
18:44:26.0942 0x13b0  ksthunk - ok
18:44:26.0966 0x13b0  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
18:44:27.0029 0x13b0  KtmRm - ok
18:44:27.0072 0x13b0  [ B8E670D7EF61615FA03104552854FAC9, 4037B5A5D1E6E0310B73D5AF8E40A5C0ED4AD238F0EDAFF6AC6F392A2886197F ] L1E             C:\Windows\system32\DRIVERS\L1E62x64.sys
18:44:27.0107 0x13b0  L1E - ok
18:44:27.0142 0x13b0  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
18:44:27.0203 0x13b0  LanmanServer - ok
18:44:27.0235 0x13b0  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:44:27.0275 0x13b0  LanmanWorkstation - ok
18:44:27.0297 0x13b0  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
18:44:27.0354 0x13b0  lltdio - ok
18:44:27.0386 0x13b0  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
18:44:27.0450 0x13b0  lltdsvc - ok
18:44:27.0464 0x13b0  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
18:44:27.0502 0x13b0  lmhosts - ok
18:44:27.0535 0x13b0  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
18:44:27.0553 0x13b0  LSI_FC - ok
18:44:27.0565 0x13b0  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
18:44:27.0582 0x13b0  LSI_SAS - ok
18:44:27.0593 0x13b0  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
18:44:27.0608 0x13b0  LSI_SAS2 - ok
18:44:27.0626 0x13b0  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
18:44:27.0642 0x13b0  LSI_SCSI - ok
18:44:27.0658 0x13b0  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
18:44:27.0697 0x13b0  luafv - ok
18:44:27.0728 0x13b0  [ CFBC6C6D8A492697CABD1D353EE64933, DDAA844908324740C891EB8F08E2A8BB00457063B31C4A762745C1C2415FC12D ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
18:44:27.0740 0x13b0  MBAMProtector - ok
18:44:27.0836 0x13b0  [ AB176B9E59C0435499D83047D84EDD59, 85B826A3972CE9AD885313B69B9C60328B850257667D0EB65DDE890D0BB06361 ] MBAMScheduler   C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
18:44:27.0886 0x13b0  MBAMScheduler - ok
18:44:27.0930 0x13b0  [ 40C126CB15FAB7D6C66490DCA9C1AED2, B32CEE2D2409232C245427D5E9647FDF59AF1D8AB5E8A98EE2D1F1314599FD14 ] MBAMService     C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
18:44:27.0970 0x13b0  MBAMService - ok
18:44:27.0984 0x13b0  [ D61070CFAD43038DC56AEAD9BFE9CE2A, BD77AEF60E7FD2015CB14A464799304359547146C14A47F8D25274ACFA2E42D5 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
18:44:27.0997 0x13b0  MBAMWebAccessControl - ok
18:44:28.0020 0x13b0  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
18:44:28.0056 0x13b0  Mcx2Svc - ok
18:44:28.0080 0x13b0  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
18:44:28.0094 0x13b0  megasas - ok
18:44:28.0113 0x13b0  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
18:44:28.0133 0x13b0  MegaSR - ok
18:44:28.0149 0x13b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
18:44:28.0188 0x13b0  MMCSS - ok
18:44:28.0199 0x13b0  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
18:44:28.0235 0x13b0  Modem - ok
18:44:28.0254 0x13b0  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
18:44:28.0271 0x13b0  monitor - ok
18:44:28.0281 0x13b0  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\drivers\mouclass.sys
18:44:28.0296 0x13b0  mouclass - ok
18:44:28.0309 0x13b0  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
18:44:28.0351 0x13b0  mouhid - ok
18:44:28.0389 0x13b0  [ 67050452C0118BAF2883928E6FCCFE47, 335FC0AEB7B47DCC7CE0CF3F424EB60ACB1327D2FF6515F04D9AC03A10FF1E31 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
18:44:28.0405 0x13b0  mountmgr - ok
18:44:28.0446 0x13b0  [ DD370A8148862150BA81A3F5C56A1E40, F56B84297BDC32266CB69D10FB2D66B8B332D60CAB7E64E4E3AC2BB749BBD31B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:44:28.0463 0x13b0  MozillaMaintenance - ok
18:44:28.0473 0x13b0  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
18:44:28.0490 0x13b0  mpio - ok
18:44:28.0504 0x13b0  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
18:44:28.0542 0x13b0  mpsdrv - ok
18:44:28.0570 0x13b0  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
18:44:28.0645 0x13b0  MpsSvc - ok
18:44:28.0680 0x13b0  [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
18:44:28.0717 0x13b0  MRxDAV - ok
18:44:28.0762 0x13b0  [ 73ADDCC406B86E7DA4416691E8E74BDA, 4EC970B9095E6DAA79BF7EFB92DF3F2C0AB0C46739AA36C171A262E05B63CBB5 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
18:44:28.0797 0x13b0  mrxsmb - ok
18:44:28.0827 0x13b0  [ 7C81098FBAF2EAF5B54B939F832B0F61, 999435DF4638ECB136D5BF1B84305A84B215BAB542E4D5301E57D28D507E11B3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:44:28.0868 0x13b0  mrxsmb10 - ok
18:44:28.0894 0x13b0  [ ACB763673BCCE6C7B3B8F858C9FE4F1F, CCD49558F8A01A225AEAE60BF299BCA6E9399E39F4F553FABC36CADB164BBBC0 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:44:28.0928 0x13b0  mrxsmb20 - ok
18:44:28.0962 0x13b0  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
18:44:28.0976 0x13b0  msahci - ok
18:44:29.0008 0x13b0  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
18:44:29.0024 0x13b0  msdsm - ok
18:44:29.0036 0x13b0  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
18:44:29.0070 0x13b0  MSDTC - ok
18:44:29.0107 0x13b0  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
18:44:29.0160 0x13b0  Msfs - ok
18:44:29.0182 0x13b0  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
18:44:29.0219 0x13b0  mshidkmdf - ok
18:44:29.0226 0x13b0  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
18:44:29.0240 0x13b0  msisadrv - ok
18:44:29.0269 0x13b0  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
18:44:29.0325 0x13b0  MSiSCSI - ok
18:44:29.0330 0x13b0  msiserver - ok
18:44:29.0356 0x13b0  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
18:44:29.0393 0x13b0  MSKSSRV - ok
18:44:29.0400 0x13b0  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
18:44:29.0435 0x13b0  MSPCLOCK - ok
18:44:29.0445 0x13b0  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
18:44:29.0481 0x13b0  MSPQM - ok
18:44:29.0505 0x13b0  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
18:44:29.0527 0x13b0  MsRPC - ok
18:44:29.0544 0x13b0  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
18:44:29.0557 0x13b0  mssmbios - ok
18:44:29.0570 0x13b0  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
18:44:29.0606 0x13b0  MSTEE - ok
18:44:29.0614 0x13b0  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
18:44:29.0629 0x13b0  MTConfig - ok
18:44:29.0647 0x13b0  [ 03B7145C889603537E9FFEABB1AD1089, B3CD93B893D4A2370CBF382366C6F596372857F8711EF6FFF83BFE2B449F424E ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
18:44:29.0668 0x13b0  MTsensor - ok
18:44:29.0685 0x13b0  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
18:44:29.0700 0x13b0  Mup - ok
18:44:29.0730 0x13b0  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
18:44:29.0790 0x13b0  napagent - ok
18:44:29.0828 0x13b0  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
18:44:29.0855 0x13b0  NativeWifiP - ok
18:44:29.0954 0x13b0  [ 3BAE2BFCB6D69E19C8373F635DD544DC, A32DB5282ED5AFC1650883B1870E46FDC029EF9225075E6916D2E371F18D8B9E ] NBService       C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
18:44:29.0989 0x13b0  NBService - ok
18:44:30.0039 0x13b0  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
18:44:30.0077 0x13b0  NDIS - ok
18:44:30.0091 0x13b0  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
18:44:30.0127 0x13b0  NdisCap - ok
18:44:30.0140 0x13b0  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
18:44:30.0212 0x13b0  NdisTapi - ok
18:44:30.0235 0x13b0  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
18:44:30.0270 0x13b0  Ndisuio - ok
18:44:30.0284 0x13b0  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
18:44:30.0340 0x13b0  NdisWan - ok
18:44:30.0359 0x13b0  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
18:44:30.0394 0x13b0  NDProxy - ok
18:44:30.0408 0x13b0  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
18:44:30.0458 0x13b0  NetBIOS - ok
18:44:30.0483 0x13b0  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
18:44:30.0524 0x13b0  NetBT - ok
18:44:30.0537 0x13b0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] Netlogon        C:\Windows\system32\lsass.exe
18:44:30.0552 0x13b0  Netlogon - ok
18:44:30.0583 0x13b0  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
18:44:30.0642 0x13b0  Netman - ok
18:44:30.0682 0x13b0  [ E8892A34670A85B9F8CAF901D32FEF38, 8AE54AC3A03872601A3B55EA4F4AB3B90BBB433B4C0B69B70E1A517D9B48E5F3 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:30.0701 0x13b0  NetMsmqActivator - ok
18:44:30.0719 0x13b0  [ E8892A34670A85B9F8CAF901D32FEF38, 8AE54AC3A03872601A3B55EA4F4AB3B90BBB433B4C0B69B70E1A517D9B48E5F3 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:30.0736 0x13b0  NetPipeActivator - ok
18:44:30.0774 0x13b0  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
18:44:30.0822 0x13b0  netprofm - ok
18:44:30.0840 0x13b0  [ E8892A34670A85B9F8CAF901D32FEF38, 8AE54AC3A03872601A3B55EA4F4AB3B90BBB433B4C0B69B70E1A517D9B48E5F3 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:30.0858 0x13b0  NetTcpActivator - ok
18:44:30.0865 0x13b0  [ E8892A34670A85B9F8CAF901D32FEF38, 8AE54AC3A03872601A3B55EA4F4AB3B90BBB433B4C0B69B70E1A517D9B48E5F3 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
18:44:30.0882 0x13b0  NetTcpPortSharing - ok
18:44:30.0900 0x13b0  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
18:44:30.0914 0x13b0  nfrd960 - ok
18:44:30.0934 0x13b0  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
18:44:30.0992 0x13b0  NlaSvc - ok
18:44:31.0061 0x13b0  [ 193FA51DDDD0BFFDED1C340F0434999A, C05CA0A8568E9CBDA15633ED420C29F52082114B2B9F24EB61369E42C480C080 ] NMIndexingService C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
18:44:31.0082 0x13b0  NMIndexingService - ok
18:44:31.0137 0x13b0  [ 5A38F3BAD50558F0E09D696ACF612D9E, 7720F580BF140E16AFF2A9CD4F610FCB12716DD836F35E993456CE9E65990807 ] NoIPDUCService4 C:\Program Files (x86)\No-IP\ducservice.exe
18:44:31.0143 0x13b0  NoIPDUCService4 - detected UnsignedFile.Multi.Generic ( 1 )
18:44:33.0510 0x13b0  Detect skipped due to KSN trusted
18:44:33.0511 0x13b0  NoIPDUCService4 - ok
18:44:33.0548 0x13b0  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
18:44:33.0599 0x13b0  Npfs - ok
18:44:33.0628 0x13b0  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
18:44:33.0664 0x13b0  nsi - ok
18:44:33.0675 0x13b0  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
18:44:33.0711 0x13b0  nsiproxy - ok
18:44:33.0799 0x13b0  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
18:44:33.0857 0x13b0  Ntfs - ok
18:44:33.0874 0x13b0  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
18:44:33.0935 0x13b0  Null - ok
18:44:34.0275 0x13b0  [ AB443152695F1B606EFD3E3728D5F362, 3971767054299AD703AE72013E3FADB5F416614036E5560BACBA52464E54CE24 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:44:34.0653 0x13b0  nvlddmkm - ok
18:44:34.0753 0x13b0  [ 93C82F365F9C0A2058A211E305A5CCFA, 1B3FA9122377CF8C982EEE8719E2E295E3D118AC15646ACAB3A5BF78E1EE7E70 ] NvNetworkService C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
18:44:34.0808 0x13b0  NvNetworkService - ok
18:44:34.0831 0x13b0  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
18:44:34.0848 0x13b0  nvraid - ok
18:44:34.0864 0x13b0  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
18:44:34.0881 0x13b0  nvstor - ok
18:44:34.0915 0x13b0  [ 977C9F7656D07D36887814A7D570FE1A, 843032A0EB1A4B81E506F80C59E613F700A353DE2C3514566092E336FE608DAB ] NvStreamKms     C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
18:44:34.0931 0x13b0  NvStreamKms - ok
18:44:34.0935 0x13b0  NvStreamSvc - ok
18:44:34.0979 0x13b0  [ F3A837A403C0E92A7475913659DECF94, D76875A11889474203A5CBACE5912562C4361C1A7A9AEB3DD06AF1E4523F4D98 ] nvsvc           C:\Windows\system32\nvvsvc.exe
18:44:35.0016 0x13b0  nvsvc - ok
18:44:35.0059 0x13b0  [ DBFE7B2DF103F74AE51840B3C5F25FE9, 436CAA417FD24BA870F117FA4BABA2AB694825795508BCFCC8C927CC2D5BBC5E ] nvvad_WaveExtensible C:\Windows\system32\drivers\nvvad64v.sys
18:44:35.0071 0x13b0  nvvad_WaveExtensible - ok
18:44:35.0090 0x13b0  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
18:44:35.0109 0x13b0  nv_agp - ok
18:44:35.0131 0x13b0  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
18:44:35.0168 0x13b0  ohci1394 - ok
18:44:35.0207 0x13b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
18:44:35.0264 0x13b0  p2pimsvc - ok
18:44:35.0283 0x13b0  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
18:44:35.0325 0x13b0  p2psvc - ok
18:44:35.0347 0x13b0  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
18:44:35.0380 0x13b0  Parport - ok
18:44:35.0406 0x13b0  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
18:44:35.0422 0x13b0  partmgr - ok
18:44:35.0445 0x13b0  [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc          C:\Windows\System32\pcasvc.dll
18:44:35.0500 0x13b0  PcaSvc - ok
18:44:35.0520 0x13b0  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
18:44:35.0538 0x13b0  pci - ok
18:44:35.0563 0x13b0  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
18:44:35.0577 0x13b0  pciide - ok
18:44:35.0601 0x13b0  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
18:44:35.0620 0x13b0  pcmcia - ok
18:44:35.0639 0x13b0  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
18:44:35.0654 0x13b0  pcw - ok
18:44:35.0682 0x13b0  [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
18:44:35.0714 0x13b0  PEAUTH - ok
18:44:35.0767 0x13b0  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
18:44:35.0824 0x13b0  PeerDistSvc - ok
18:44:35.0865 0x13b0  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
18:44:35.0901 0x13b0  PerfHost - ok
18:44:35.0964 0x13b0  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
18:44:36.0052 0x13b0  pla - ok
18:44:36.0088 0x13b0  [ 875E4E0661F3A5994DF9E5E3A0A4F96B, 7198C02935B3714C455EE94305D2A21D900D72AC67049C11A1E842572AD6C5E1 ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
18:44:36.0111 0x13b0  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic ( 1 )
18:44:38.0471 0x13b0  Detect skipped due to KSN trusted
18:44:38.0471 0x13b0  PLFlash DeviceIoControl Service - ok
18:44:38.0520 0x13b0  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
18:44:38.0570 0x13b0  PlugPlay - ok
18:44:38.0594 0x13b0  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
18:44:38.0611 0x13b0  PNRPAutoReg - ok
18:44:38.0624 0x13b0  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
18:44:38.0646 0x13b0  PNRPsvc - ok
18:44:38.0679 0x13b0  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
18:44:38.0726 0x13b0  PolicyAgent - ok
18:44:38.0744 0x13b0  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
18:44:38.0803 0x13b0  Power - ok
18:44:38.0832 0x13b0  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
18:44:38.0888 0x13b0  PptpMiniport - ok
18:44:38.0915 0x13b0  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
18:44:38.0951 0x13b0  Processor - ok
18:44:38.0991 0x13b0  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
18:44:39.0027 0x13b0  ProfSvc - ok
18:44:39.0047 0x13b0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:44:39.0061 0x13b0  ProtectedStorage - ok
18:44:39.0071 0x13b0  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
18:44:39.0122 0x13b0  Psched - ok
18:44:39.0178 0x13b0  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
18:44:39.0232 0x13b0  ql2300 - ok
18:44:39.0256 0x13b0  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
18:44:39.0273 0x13b0  ql40xx - ok
18:44:39.0287 0x13b0  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
18:44:39.0313 0x13b0  QWAVE - ok
18:44:39.0322 0x13b0  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
18:44:39.0342 0x13b0  QWAVEdrv - ok
18:44:39.0356 0x13b0  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
18:44:39.0407 0x13b0  RasAcd - ok
18:44:39.0440 0x13b0  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
18:44:39.0494 0x13b0  RasAgileVpn - ok
18:44:39.0517 0x13b0  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
18:44:39.0556 0x13b0  RasAuto - ok
18:44:39.0571 0x13b0  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
18:44:39.0625 0x13b0  Rasl2tp - ok
18:44:39.0653 0x13b0  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
18:44:39.0698 0x13b0  RasMan - ok
18:44:39.0712 0x13b0  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
18:44:39.0749 0x13b0  RasPppoe - ok
18:44:39.0759 0x13b0  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
18:44:39.0797 0x13b0  RasSstp - ok
18:44:39.0812 0x13b0  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
18:44:39.0854 0x13b0  rdbss - ok
18:44:39.0864 0x13b0  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
18:44:39.0881 0x13b0  rdpbus - ok
18:44:39.0889 0x13b0  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
18:44:39.0925 0x13b0  RDPCDD - ok
18:44:39.0945 0x13b0  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
18:44:39.0998 0x13b0  RDPDR - ok
18:44:40.0031 0x13b0  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
18:44:40.0070 0x13b0  RDPENCDD - ok
18:44:40.0079 0x13b0  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
18:44:40.0116 0x13b0  RDPREFMP - ok
18:44:40.0182 0x13b0  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:44:40.0255 0x13b0  RdpVideoMiniport - ok
18:44:40.0297 0x13b0  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
18:44:40.0335 0x13b0  RDPWD - ok
18:44:40.0362 0x13b0  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
18:44:40.0385 0x13b0  rdyboost - ok
18:44:40.0409 0x13b0  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
18:44:40.0466 0x13b0  RemoteAccess - ok
18:44:40.0498 0x13b0  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
18:44:40.0559 0x13b0  RemoteRegistry - ok
18:44:40.0588 0x13b0  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
18:44:40.0644 0x13b0  RpcEptMapper - ok
18:44:40.0676 0x13b0  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
18:44:40.0711 0x13b0  RpcLocator - ok
18:44:40.0744 0x13b0  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
18:44:40.0795 0x13b0  RpcSs - ok
18:44:40.0809 0x13b0  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
18:44:40.0846 0x13b0  rspndr - ok
18:44:40.0877 0x13b0  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
18:44:40.0907 0x13b0  s3cap - ok
18:44:40.0930 0x13b0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] SamSs           C:\Windows\system32\lsass.exe
18:44:40.0944 0x13b0  SamSs - ok
18:44:40.0976 0x13b0  [ D2FA15AED5CEB66259F24B656A76B663, 009D273CFA4B2D7BBBFB69C7F722DC5F7AB3AA2562A66695ECAE6D30D5B997CD ] SbieDrv         C:\Program Files\Sandboxie\SbieDrv.sys
18:44:40.0993 0x13b0  SbieDrv - ok
18:44:41.0003 0x13b0  [ B93AC7F63D395F19B3C77680FD84833D, BBCC7BA27A305E4E07F82AF11FF8A0E258DDB67E36BE5E74389A27A7D2DD5A05 ] SbieSvc         C:\Program Files\Sandboxie\SbieSvc.exe
18:44:41.0017 0x13b0  SbieSvc - ok
18:44:41.0034 0x13b0  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
18:44:41.0049 0x13b0  sbp2port - ok
18:44:41.0065 0x13b0  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
18:44:41.0125 0x13b0  SCardSvr - ok
18:44:41.0140 0x13b0  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
18:44:41.0175 0x13b0  scfilter - ok
18:44:41.0239 0x13b0  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
18:44:41.0327 0x13b0  Schedule - ok
18:44:41.0356 0x13b0  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
18:44:41.0393 0x13b0  SCPolicySvc - ok
18:44:41.0410 0x13b0  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
18:44:41.0437 0x13b0  SDRSVC - ok
18:44:41.0449 0x13b0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
18:44:41.0486 0x13b0  secdrv - ok
18:44:41.0504 0x13b0  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
18:44:41.0541 0x13b0  seclogon - ok
18:44:41.0548 0x13b0  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
18:44:41.0586 0x13b0  SENS - ok
18:44:41.0595 0x13b0  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
18:44:41.0652 0x13b0  SensrSvc - ok
18:44:41.0659 0x13b0  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
18:44:41.0675 0x13b0  Serenum - ok
18:44:41.0697 0x13b0  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
18:44:41.0728 0x13b0  Serial - ok
18:44:41.0751 0x13b0  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
18:44:41.0766 0x13b0  sermouse - ok
18:44:41.0784 0x13b0  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
18:44:41.0823 0x13b0  SessionEnv - ok
18:44:41.0833 0x13b0  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
18:44:41.0851 0x13b0  sffdisk - ok
18:44:41.0864 0x13b0  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
18:44:41.0896 0x13b0  sffp_mmc - ok
18:44:41.0919 0x13b0  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
18:44:41.0936 0x13b0  sffp_sd - ok
18:44:41.0946 0x13b0  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
18:44:41.0962 0x13b0  sfloppy - ok
18:44:41.0990 0x13b0  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
18:44:42.0035 0x13b0  SharedAccess - ok
18:44:42.0068 0x13b0  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:44:42.0132 0x13b0  ShellHWDetection - ok
18:44:42.0154 0x13b0  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
18:44:42.0168 0x13b0  SiSRaid2 - ok
18:44:42.0181 0x13b0  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
18:44:42.0198 0x13b0  SiSRaid4 - ok
18:44:42.0216 0x13b0  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
18:44:42.0255 0x13b0  Smb - ok
18:44:42.0272 0x13b0  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
18:44:42.0289 0x13b0  SNMPTRAP - ok
18:44:42.0298 0x13b0  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
18:44:42.0313 0x13b0  spldr - ok
18:44:42.0344 0x13b0  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
18:44:42.0390 0x13b0  Spooler - ok
18:44:42.0493 0x13b0  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
18:44:42.0636 0x13b0  sppsvc - ok
18:44:42.0653 0x13b0  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
18:44:42.0711 0x13b0  sppuinotify - ok
18:44:42.0758 0x13b0  [ FEB80A9EC320569CC82D4DB9F4AC78BC, E6340CDA9B5F59DBE68128356E357FEDA3655A296BFE4B7F44944F2DE5DA9765 ] sptd            C:\Windows\System32\Drivers\sptd.sys
18:44:42.0781 0x13b0  sptd - ok
18:44:42.0854 0x13b0  [ 8FD8EE71D7D639F85805EEE4ADB2AA15, 027E680BE49F705843B0117A72FAFC7681798B99685B91989928EF03767CD7A5 ] SQLWriter       C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
18:44:42.0875 0x13b0  SQLWriter - ok
18:44:42.0910 0x13b0  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
18:44:42.0973 0x13b0  srv - ok
18:44:43.0005 0x13b0  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
18:44:43.0047 0x13b0  srv2 - ok
18:44:43.0075 0x13b0  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
18:44:43.0092 0x13b0  srvnet - ok
18:44:43.0117 0x13b0  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
18:44:43.0172 0x13b0  SSDPSRV - ok
18:44:43.0194 0x13b0  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
18:44:43.0233 0x13b0  SstpSvc - ok
18:44:43.0284 0x13b0  [ 7FFEE5D79695C7392DBF3EA1F18A1E67, 641FB87F0826C183F54B24099A3DFD2A322CF60500D31A602B83C2D5B6F40781 ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:44:43.0304 0x13b0  Stereo Service - ok
18:44:43.0317 0x13b0  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
18:44:43.0332 0x13b0  stexstor - ok
18:44:43.0375 0x13b0  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
18:44:43.0412 0x13b0  stisvc - ok
18:44:43.0424 0x13b0  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
18:44:43.0439 0x13b0  storflt - ok
18:44:43.0457 0x13b0  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
18:44:43.0472 0x13b0  storvsc - ok
18:44:43.0485 0x13b0  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
18:44:43.0499 0x13b0  swenum - ok
18:44:43.0518 0x13b0  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
18:44:43.0569 0x13b0  swprv - ok
18:44:43.0589 0x13b0  [ C3A39C4079305480972D29C44B868C78, 8F1BB75C743256F905EAEDE744B6082C53774C49126875FB4E4FBA30F5478B17 ] Synth3dVsc      C:\Windows\system32\drivers\Synth3dVsc.sys
18:44:43.0605 0x13b0  Synth3dVsc - ok
18:44:43.0684 0x13b0  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
18:44:43.0777 0x13b0  SysMain - ok
18:44:43.0802 0x13b0  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:44:43.0832 0x13b0  TabletInputService - ok
18:44:43.0869 0x13b0  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
18:44:43.0883 0x13b0  tap0901 - ok
18:44:43.0898 0x13b0  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
18:44:43.0961 0x13b0  TapiSrv - ok
18:44:43.0986 0x13b0  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
18:44:44.0037 0x13b0  TBS - ok
18:44:44.0110 0x13b0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
18:44:44.0173 0x13b0  Tcpip - ok
18:44:44.0236 0x13b0  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
18:44:44.0291 0x13b0  TCPIP6 - ok
18:44:44.0309 0x13b0  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
18:44:44.0324 0x13b0  tcpipreg - ok
18:44:44.0339 0x13b0  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
18:44:44.0367 0x13b0  TDPIPE - ok
18:44:44.0372 0x13b0  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
18:44:44.0387 0x13b0  TDTCP - ok
18:44:44.0430 0x13b0  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
18:44:44.0472 0x13b0  tdx - ok
18:44:44.0567 0x13b0  [ 950AD1AE7498A492126FB9F9B2E27DB5, C4C9A972015F567FC87A4094C86835B2DD3476426AB8B40CD4872A725CA89CFC ] Te.Service      C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe
18:44:44.0596 0x13b0  Te.Service - detected UnsignedFile.Multi.Generic ( 1 )
18:44:46.0952 0x13b0  Detect skipped due to KSN trusted
18:44:46.0952 0x13b0  Te.Service - ok
18:44:46.0982 0x13b0  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
18:44:47.0004 0x13b0  TermDD - ok
18:44:47.0023 0x13b0  [ EF4469AB69EB15E5D3754E6AEAFBCD3D, 3609214C3D5181364B544EBF17E9A109952BE1C4C35BE0A8727BFA8F49ECB130 ] terminpt        C:\Windows\system32\drivers\terminpt.sys
18:44:47.0053 0x13b0  terminpt - ok
18:44:47.0090 0x13b0  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
18:44:47.0139 0x13b0  TermService - ok
18:44:47.0169 0x13b0  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
18:44:47.0191 0x13b0  Themes - ok
18:44:47.0219 0x13b0  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
18:44:47.0255 0x13b0  THREADORDER - ok
18:44:47.0272 0x13b0  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
18:44:47.0313 0x13b0  TrkWks - ok
18:44:47.0354 0x13b0  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:44:47.0413 0x13b0  TrustedInstaller - ok
18:44:47.0466 0x13b0  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
18:44:47.0506 0x13b0  tssecsrv - ok
18:44:47.0541 0x13b0  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
18:44:47.0566 0x13b0  TsUsbFlt - ok
18:44:47.0591 0x13b0  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
18:44:47.0635 0x13b0  TsUsbGD - ok
18:44:47.0673 0x13b0  [ E1748D04AE40118B62BC18AC86032192, A954B141D1B27272C771D14F3B40C7CC1F572DD72559F2C96182EFBE2B095FDE ] tsusbhub        C:\Windows\system32\drivers\tsusbhub.sys
18:44:47.0707 0x13b0  tsusbhub - ok
18:44:47.0740 0x13b0  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
18:44:47.0791 0x13b0  tunnel - ok
18:44:47.0818 0x13b0  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
18:44:47.0833 0x13b0  uagp35 - ok
18:44:47.0850 0x13b0  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
18:44:47.0892 0x13b0  udfs - ok
18:44:47.0912 0x13b0  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
18:44:47.0929 0x13b0  UI0Detect - ok
18:44:47.0952 0x13b0  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
18:44:47.0967 0x13b0  uliagpkx - ok
18:44:47.0985 0x13b0  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
18:44:48.0016 0x13b0  umbus - ok
18:44:48.0048 0x13b0  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
18:44:48.0087 0x13b0  UmPass - ok
18:44:48.0113 0x13b0  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
18:44:48.0159 0x13b0  UmRdpService - ok
18:44:48.0188 0x13b0  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
18:44:48.0233 0x13b0  upnphost - ok
18:44:48.0242 0x13b0  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
18:44:48.0295 0x13b0  usbccgp - ok
18:44:48.0316 0x13b0  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
18:44:48.0353 0x13b0  usbcir - ok
18:44:48.0371 0x13b0  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
18:44:48.0385 0x13b0  usbehci - ok
18:44:48.0404 0x13b0  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
18:44:48.0427 0x13b0  usbhub - ok
18:44:48.0445 0x13b0  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
18:44:48.0476 0x13b0  usbohci - ok
18:44:48.0499 0x13b0  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
18:44:48.0516 0x13b0  usbprint - ok
18:44:48.0529 0x13b0  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:44:48.0584 0x13b0  USBSTOR - ok
18:44:48.0606 0x13b0  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
18:44:48.0623 0x13b0  usbuhci - ok
18:44:48.0641 0x13b0  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
18:44:48.0704 0x13b0  usbvideo - ok
18:44:48.0739 0x13b0  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
18:44:48.0796 0x13b0  UxSms - ok
18:44:48.0815 0x13b0  [ 2BC45F4CF55B45BDD650828192F132B8, 4ABBC1DE6B17F7FEE9CB0BEEFEB6C88321826B4D52FBDF8B4B885CEA3CFD24F7 ] VaultSvc        C:\Windows\system32\lsass.exe
18:44:48.0830 0x13b0  VaultSvc - ok
18:44:48.0844 0x13b0  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
18:44:48.0859 0x13b0  vdrvroot - ok
18:44:48.0881 0x13b0  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
18:44:48.0945 0x13b0  vds - ok
18:44:48.0969 0x13b0  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
18:44:48.0986 0x13b0  vga - ok
18:44:48.0999 0x13b0  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
18:44:49.0051 0x13b0  VgaSave - ok
18:44:49.0055 0x13b0  VGPU - ok
18:44:49.0078 0x13b0  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
18:44:49.0097 0x13b0  vhdmp - ok
18:44:49.0131 0x13b0  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
18:44:49.0145 0x13b0  viaide - ok
18:44:49.0200 0x13b0  [ 225E1E03B2AABE2D493FCDB459303701, 6123280A48E973AC9696954879CF5F791E6D52CBE0BD07F291437D1A82413891 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
18:44:49.0217 0x13b0  VMAuthdService - ok
18:44:49.0241 0x13b0  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
18:44:49.0259 0x13b0  vmbus - ok
18:44:49.0271 0x13b0  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
18:44:49.0305 0x13b0  VMBusHID - ok
18:44:49.0346 0x13b0  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
18:44:49.0366 0x13b0  vmci - ok
18:44:49.0380 0x13b0  [ A3412EC3FF7A5AC2CA3A3951476BFA9C, 8A3D241168205B6B5348F44DF89875067CDD5B29BE8CF14ADA8403225AE2A379 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
18:44:49.0392 0x13b0  VMnetAdapter - ok
18:44:49.0400 0x13b0  [ F76AD463DBE8D30CB715A09DF9FF2BE9, 5B2184582496ED0EE8582C6AD3BCF49674690C585439B6F57B43ADC12DF941F6 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
18:44:49.0412 0x13b0  VMnetBridge - ok
18:44:49.0456 0x13b0  [ 98E73D79FCD3D48E31EE999B5DF1B0ED, FBDC884BD9376C7E8727BACCF6482207166634F4B2644C8C794295094B29426E ] VMnetDHCP       C:\Windows\SysWOW64\vmnetdhcp.exe
18:44:49.0475 0x13b0  VMnetDHCP - ok
18:44:49.0487 0x13b0  [ B564A598B9B31E9358B2D6C9BC96D710, 19A9EFC08AE11A31169F712C577EBAFFF0A37311271FD46F02873286C8281DB7 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
18:44:49.0498 0x13b0  VMnetuserif - ok
18:44:49.0509 0x13b0  [ 1507AD521DA518B289DF349791EB702C, 601DA4133A9F6AB7C9CD3EC48544D4A14F0CCAD4C867DED4C368A353D7F079B7 ] VMparport       C:\Windows\system32\drivers\VMparport.sys
18:44:49.0521 0x13b0  VMparport - ok
18:44:49.0587 0x13b0  [ 15D702F235BD1077007A180EEFB9DBB8, 610794EB9AF68789F46D193EF11B406D190096DF9EC557563798D625806D5704 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
18:44:49.0622 0x13b0  VMUSBArbService - ok
18:44:49.0652 0x13b0  [ 0769FDF4C15D9EDD3CAAC148A8EDC2E5, 65E5CA9461C47491E83EBD755C10AE1665E71D2B73F2CE97A59B9E7380D42E8D ] VMware NAT Service C:\Windows\SysWOW64\vmnat.exe
18:44:49.0673 0x13b0  VMware NAT Service - ok
18:44:50.0001 0x13b0  [ 3EEEA5B5EDB54E2969CE2B8599D45983, F9AB57B13DA4330B9BD31611CC968F1B5E6AB1EA7AE3E08CA2E6F5DDBFA28674 ] VMwareHostd     C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
18:44:50.0380 0x13b0  VMwareHostd - ok
18:44:50.0425 0x13b0  [ 8FCCBE30DC217C244CE38DD7F9B673C3, C1E6E65A435D764695C4B9411ED623D626D8A744E3E09752FBB66260D9ACE8D6 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
18:44:50.0438 0x13b0  vmx86 - ok
18:44:50.0445 0x13b0  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
18:44:50.0460 0x13b0  volmgr - ok
18:44:50.0488 0x13b0  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
18:44:50.0511 0x13b0  volmgrx - ok
18:44:50.0523 0x13b0  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
18:44:50.0545 0x13b0  volsnap - ok
18:44:50.0589 0x13b0  [ ED1F4BDF68C649C6F79A02502BB6C9BC, 3D2830822D4A2C7B3676100B27DEC7B1C2EF640DA36C6543365A9CF2A61BF68E ] VsEtwService120 C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe
18:44:50.0606 0x13b0  VsEtwService120 - ok
18:44:50.0640 0x13b0  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
18:44:50.0658 0x13b0  vsmraid - ok
18:44:50.0677 0x13b0  [ 1C7DC94FDCABD06D24C3A532DC33FB34, 5403724E70ABBE1070958CA58496DB2237F35CAB37296E1ECB64D4A0FE432AC1 ] vsock           C:\Windows\system32\drivers\vsock.sys
18:44:50.0690 0x13b0  vsock - ok
18:44:50.0751 0x13b0  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
18:44:50.0847 0x13b0  VSS - ok
18:44:50.0907 0x13b0  [ C279CC22288F277A14620EB949F0E1B9, 8E158D7C930EA6B3ACD7194062AFB562DE8D392A32E4F93E64D06F4A20739E69 ] vstor2-mntapi20-shared C:\Windows\syswow64\drivers\vstor2-mntapi20-shared.sys
18:44:50.0923 0x13b0  vstor2-mntapi20-shared - ok
18:44:50.0942 0x13b0  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
18:44:50.0977 0x13b0  vwifibus - ok
18:44:51.0003 0x13b0  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
18:44:51.0023 0x13b0  vwififlt - ok
18:44:51.0046 0x13b0  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
18:44:51.0093 0x13b0  W32Time - ok
18:44:51.0115 0x13b0  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
18:44:51.0131 0x13b0  WacomPen - ok
18:44:51.0152 0x13b0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
18:44:51.0189 0x13b0  WANARP - ok
18:44:51.0194 0x13b0  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
18:44:51.0229 0x13b0  Wanarpv6 - ok
18:44:51.0318 0x13b0  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
18:44:51.0365 0x13b0  WatAdminSvc - ok
18:44:51.0428 0x13b0  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
18:44:51.0494 0x13b0  wbengine - ok
18:44:51.0516 0x13b0  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
18:44:51.0561 0x13b0  WbioSrvc - ok
18:44:51.0593 0x13b0  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
18:44:51.0623 0x13b0  wcncsvc - ok
18:44:51.0633 0x13b0  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:44:51.0692 0x13b0  WcsPlugInService - ok
18:44:51.0705 0x13b0  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
18:44:51.0722 0x13b0  Wd - ok
18:44:51.0754 0x13b0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
18:44:51.0789 0x13b0  Wdf01000 - ok
18:44:51.0810 0x13b0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
18:44:51.0857 0x13b0  WdiServiceHost - ok
18:44:51.0862 0x13b0  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
18:44:51.0879 0x13b0  WdiSystemHost - ok
18:44:51.0907 0x13b0  [ 4E89FC53493704BF835F0300DC201C34, FB3080725E144D93512DED81047D21C0582BC3412250EFF37E039108D7351F53 ] WebClient       C:\Windows\System32\webclnt.dll
18:44:51.0944 0x13b0  WebClient - ok
18:44:51.0970 0x13b0  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
18:44:52.0013 0x13b0  Wecsvc - ok
18:44:52.0024 0x13b0  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
18:44:52.0080 0x13b0  wercplsupport - ok
18:44:52.0103 0x13b0  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
18:44:52.0142 0x13b0  WerSvc - ok
18:44:52.0161 0x13b0  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
18:44:52.0197 0x13b0  WfpLwf - ok
18:44:52.0211 0x13b0  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
18:44:52.0225 0x13b0  WIMMount - ok
18:44:52.0237 0x13b0  WinDefend - ok
18:44:52.0243 0x13b0  WinHttpAutoProxySvc - ok
18:44:52.0285 0x13b0  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
18:44:52.0344 0x13b0  Winmgmt - ok
18:44:52.0422 0x13b0  [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM           C:\Windows\system32\WsmSvc.dll
18:44:52.0519 0x13b0  WinRM - ok
18:44:52.0571 0x13b0  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
18:44:52.0614 0x13b0  Wlansvc - ok
18:44:52.0632 0x13b0  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
18:44:52.0648 0x13b0  WmiAcpi - ok
18:44:52.0674 0x13b0  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
18:44:52.0695 0x13b0  wmiApSrv - ok
18:44:52.0706 0x13b0  WMPNetworkSvc - ok
18:44:52.0714 0x13b0  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
18:44:52.0738 0x13b0  WPCSvc - ok
18:44:52.0749 0x13b0  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
18:44:52.0770 0x13b0  WPDBusEnum - ok
18:44:52.0776 0x13b0  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
18:44:52.0811 0x13b0  ws2ifsl - ok
18:44:52.0821 0x13b0  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
18:44:52.0844 0x13b0  wscsvc - ok
18:44:52.0849 0x13b0  WSearch - ok
18:44:52.0934 0x13b0  [ 361845875ED8ED13086E7F37265C45DA, A0931DC1E35712036E93BBC3600530C0DA12E94E0D898787C818C526DFF240C2 ] wuauserv        C:\Windows\system32\wuaueng.dll
18:44:53.0062 0x13b0  wuauserv - ok
18:44:53.0096 0x13b0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
18:44:53.0127 0x13b0  WudfPf - ok
18:44:53.0170 0x13b0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
18:44:53.0215 0x13b0  WUDFRd - ok
18:44:53.0243 0x13b0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
18:44:53.0261 0x13b0  wudfsvc - ok
18:44:53.0282 0x13b0  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
18:44:53.0330 0x13b0  WwanSvc - ok
18:44:53.0357 0x13b0  ================ Scan global ===============================
18:44:53.0394 0x13b0  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
18:44:53.0423 0x13b0  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
18:44:53.0443 0x13b0  [ FF41063E45C6238CAF48CBE6D0D6FC4B, 9B755EA23E7D2554E3AC3ADFFC4AFF7EB4F4A0F5CD3E6F2300BC98B21474CBC6 ] C:\Windows\system32\winsrv.dll
18:44:53.0469 0x13b0  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
18:44:53.0492 0x13b0  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
18:44:53.0502 0x13b0  [ Global ] - ok
18:44:53.0503 0x13b0  ================ Scan MBR ==================================
18:44:53.0514 0x13b0  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:44:53.0994 0x13b0  \Device\Harddisk0\DR0 - ok
18:44:53.0994 0x13b0  ================ Scan VBR ==================================
18:44:53.0998 0x13b0  [ CF9A178FCC73C6FA5DAD1A262E970F5F ] \Device\Harddisk0\DR0\Partition1
18:44:54.0039 0x13b0  \Device\Harddisk0\DR0\Partition1 - ok
18:44:54.0043 0x13b0  [ A2B3E58F131D3CB6AA948D00FCBC80D4 ] \Device\Harddisk0\DR0\Partition2
18:44:54.0102 0x13b0  \Device\Harddisk0\DR0\Partition2 - ok
18:44:54.0102 0x13b0  ================ Scan generic autorun ======================
18:44:54.0221 0x13b0  [ 059E588FDF6B7E83227D45D026D21874, 211B5E85D84562E11F3A676686E7C716BB59912F7764A49D9164277EB3991AC3 ] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
18:44:54.0301 0x13b0  NvBackend - ok
18:44:54.0328 0x13b0  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
18:44:54.0345 0x13b0  ShadowPlay - ok
18:44:54.0365 0x13b0  [ 191210884CB10B17DA4D627EB2DE9270, 249AA2449BCE5D61747EE2078E154B8676D26676EE39941F0E00261496C660F4 ] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
18:44:54.0377 0x13b0  vmware-tray.exe - ok
18:44:54.0430 0x13b0  [ 6E5999B4A55D98413D5BE01CB65D2B1A, A6631E690680149602889E0D1CBAA33119260753CE5D6E1E49F54BC7AFDA3C48 ] C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
18:44:54.0438 0x13b0  ProductUpdater - detected UnsignedFile.Multi.Generic ( 1 )
18:44:56.0834 0x13b0  Detect skipped due to KSN trusted
18:44:56.0834 0x13b0  ProductUpdater - ok
18:44:56.0892 0x13b0  [ FCEC6F664FA7E5FE323165FBC9314470, 4E5AB1E6C3D2881D95E74F2F28649A7DBC4919CA249829A0E4CD9804E401A025 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
18:44:56.0921 0x13b0  SunJavaUpdateSched - ok
18:44:56.0964 0x13b0  ConsoleApplication5 - ok
18:44:56.0968 0x13b0  Toolbase - ok
18:44:57.0018 0x13b0  [ 1B31D1266691EDD4224B0036449F14B4, A03D67AEF16351D3A4C410759EF58B179DA01A1160F220966510BCA6DCA95AAD ] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
18:44:57.0035 0x13b0  BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - ok
18:44:57.0279 0x13b0  [ B05E1CE24CC555E189FCEB1AD07DFCED, 074E7F84C64B6BB54EE3F1BA4EF1804FA33A21ADB1E80904BF56706AA5EB457D ] C:\Program Files\CCleaner\CCleaner64.exe
18:44:57.0535 0x13b0  CCleaner Monitoring - ok
18:44:57.0655 0x13b0  [ 8559C71A3253D15506A61F8F508219CA, 7126635F6D9295178966949FA1E91E4B6F83040095F5346729EBEF0657FCFED2 ] C:\Program Files\Sandboxie\SbieCtrl.exe
18:44:57.0688 0x13b0  SandboxieControl - ok
18:44:58.0199 0x13b0  [ 3D5D4137594D2EBA8868EAD504B89366, D5FEB5B8303B083A79A4617E59B2FB34FAD71BE72F3F8DD6E4B69B3D03FE658A ] C:\Program Files\DAEMON Tools Lite\DTAgent.exe
18:44:58.0339 0x13b0  DAEMON Tools Lite Automount - ok
18:44:58.0349 0x13b0  Waiting for KSN requests completion. In queue: 188
18:44:59.0349 0x13b0  Waiting for KSN requests completion. In queue: 188
18:45:00.0350 0x13b0  Waiting for KSN requests completion. In queue: 188
18:45:01.0394 0x13b0  AV detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x40000 ( disabled : updated )
18:45:01.0395 0x13b0  FW detected via SS2: Kaspersky Total Security, C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\wmiav.exe ( 15.0.2.361 ), 0x40010 ( disabled )
18:45:01.0413 0x13b0  Win FW state via NFP2: disabled ( trusted )
18:45:03.0843 0x13b0  ============================================================
18:45:03.0843 0x13b0  Scan finished
18:45:03.0843 0x13b0  ============================================================
18:45:03.0853 0x151c  Detected object count: 0
18:45:03.0853 0x151c  Actual detected object count: 0
18:45:16.0305 0x14e8  Deinitialize success
         

Alt 18.11.2015, 16:01   #5
schrauber
/// the machine
/// TB-Ausbilder
 

komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



hi,

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.


__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 18.11.2015, 23:16   #6
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



bevor ich combofix angeklickt hatte, da hat meine tastatur rumgespinnt aber nur auf manchen internet seiten im firefox,nicht auf google oder so aber bei bestimmten schon.
da war z.b. die taste y = x und die taste s = z und so was ähnliches.
jetzt nach combofix geht wieder alles auf allen seiten aber die kimischen prozesse sind immernoch im taskmanager.

hier mal das combofix logfile,combofix war auch rasch fertig nach 15 minuten und hat nicht rumgemeckert.


Code:
ATTFilter
ComboFix 15-11-17.01 - admin 18.11.2015  20:41:31.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1961 [GMT 1:00]
ausgeführt von:: c:\users\admin\Desktop\ComboFix.exe
AV: Kaspersky Total Security *Disabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
FW: Kaspersky Total Security *Disabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
SP: Kaspersky Total Security *Disabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\aUncijE4
c:\users\admin\AppData\Roaming\dclogs
c:\users\admin\AppData\Roaming\Secure-Soft Stealer
c:\windows\7Loader.TAG
c:\windows\msdownld.tmp
c:\windows\update.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-10-18 bis 2015-11-18  ))))))))))))))))))))))))))))))
.
.
2015-11-18 19:50 . 2015-11-18 19:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-11-18 17:06 . 2015-11-18 17:06	75888	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{15A1D355-6B7F-45C5-B950-017DF2DAE41F}\offreg.3116.dll
2015-11-17 19:34 . 2015-11-17 21:11	--------	d-----w-	c:\users\admin\AppData\Local\AutoIt v3
2015-11-17 18:10 . 2015-11-17 21:11	--------	d-----w-	c:\program files (x86)\AutoIt3
2015-11-17 12:41 . 2015-10-20 02:33	11140960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{15A1D355-6B7F-45C5-B950-017DF2DAE41F}\mpengine.dll
2015-11-16 18:59 . 2015-11-16 18:59	--------	d-----w-	c:\users\admin\AppData\Local\SearchProtect
2015-11-16 18:59 . 2015-11-16 18:59	--------	d-----w-	c:\program files (x86)\SearchProtect
2015-11-16 18:58 . 2015-11-17 23:03	--------	d-----w-	c:\users\admin\AppData\Roaming\BitTorrent
2015-11-14 21:23 . 2015-11-14 21:23	--------	d-----w-	c:\users\admin\AppData\Local\SkinSoft
2015-11-13 21:44 . 2015-11-13 21:45	--------	d-----w-	c:\program files\TAP-Windows
2015-11-12 16:51 . 2015-11-12 16:51	--------	d-----w-	c:\programdata\ConsoleApplication5
2015-11-12 08:35 . 2015-11-03 17:55	3211264	----a-w-	c:\windows\system32\win32k.sys
2015-11-11 17:01 . 2015-11-11 17:01	--------	d-----w-	c:\users\admin\AppData\Local\NVIDIA Corporation
2015-11-11 13:36 . 2015-11-11 13:36	425744	----a-w-	c:\windows\system32\LavasoftTcpService64.dll
2015-11-11 13:36 . 2015-11-11 13:36	345360	----a-w-	c:\windows\SysWow64\LavasoftTcpService.dll
2015-11-11 12:49 . 2015-10-30 23:25	66560	----a-w-	c:\windows\system32\iesetup.dll
2015-11-11 12:42 . 2015-11-11 12:42	--------	d-----w-	c:\programdata\A
2015-11-11 12:40 . 2015-11-11 12:40	--------	d-----w-	c:\windows\SysWow64\config\systemprofile\.oracle_jre_usage
2015-11-11 12:15 . 2015-11-11 12:15	--------	d-----w-	c:\programdata\Vitalwerks
2015-11-10 17:12 . 2015-10-13 19:00	1756424	----a-w-	c:\windows\system32\nvspbridge64.dll
2015-11-10 17:12 . 2015-10-13 19:00	1514528	----a-w-	c:\windows\system32\nvspcap64.dll
2015-11-10 17:12 . 2015-10-13 19:00	1316184	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2015-11-10 17:12 . 2015-10-13 19:00	1278920	----a-w-	c:\windows\SysWow64\nvspcap.dll
2015-11-10 17:11 . 2015-10-13 15:26	608048	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2015-11-08 10:30 . 2015-11-08 10:43	--------	d-----w-	C:\EEK
2015-11-07 00:02 . 2013-05-06 07:13	110176	----a-w-	c:\windows\system32\klfphc.dll
2015-11-07 00:01 . 2015-11-07 00:01	--------	d-----w-	c:\windows\ELAMBKUP
2015-11-07 00:01 . 2015-11-07 00:01	--------	d-----w-	c:\program files (x86)\Kaspersky Lab
2015-11-07 00:01 . 2015-11-07 00:44	831672	----a-w-	c:\windows\system32\drivers\klif.sys
2015-11-07 00:01 . 2015-06-27 21:14	225976	----a-w-	c:\windows\system32\drivers\klhk.sys
2015-11-07 00:01 . 2015-06-27 21:14	159960	----a-w-	c:\windows\system32\drivers\klflt.sys
2015-11-06 20:28 . 2015-11-07 00:03	--------	d-----w-	c:\programdata\Kaspersky Lab Setup Files
2015-11-06 20:14 . 2015-11-18 18:50	--------	d-----w-	c:\programdata\Kaspersky Lab
2015-11-06 19:50 . 2015-11-06 19:50	--------	d-----w-	c:\programdata\Steam
2015-11-06 15:53 . 2015-11-06 15:53	--------	d-----w-	c:\program files (x86)\Running With Scissors
2015-11-06 14:27 . 2015-11-06 14:27	--------	d-----w-	c:\program files (x86)\Ubisoft
2015-11-06 13:36 . 2015-11-06 13:36	--------	d-----w-	c:\program files (x86)\Team 17
2015-11-05 15:06 . 2015-11-05 15:07	--------	d-----w-	c:\program files (x86)\Dolphin x86
2015-11-02 21:52 . 2015-11-15 01:03	--------	d-----w-	C:\AdwCleaner
2015-11-02 09:57 . 2015-11-02 09:57	--------	d-----w-	c:\programdata\abelhadigital.com
2015-11-02 09:31 . 2015-11-02 09:31	--------	d-----w-	c:\users\admin\.java
2015-11-01 13:17 . 2015-11-01 13:17	--------	d-----w-	c:\program files (x86)\HashCalc
2015-11-01 06:58 . 2015-11-01 06:58	--------	d-----w-	c:\users\admin\AppData\Local\BANDAI NAMCO Games
2015-11-01 06:53 . 2015-11-01 06:57	--------	d-----w-	c:\program files (x86)\Dragonball Xenoverse Bundle Edition
2015-11-01 03:12 . 2015-11-01 03:12	--------	d-----w-	c:\program files (x86)\Portable
2015-11-01 02:46 . 2015-11-01 03:04	--------	d-----w-	c:\program files (x86)\RAR Password Recovery Magic
2015-10-31 02:32 . 2015-10-31 02:32	--------	d-----w-	C:\Games
2015-10-30 08:41 . 2015-11-13 22:16	--------	d-----w-	c:\users\admin\AppData\Local\CyberGhost
2015-10-30 08:08 . 2015-10-30 08:40	--------	d-----w-	c:\program files (x86)\TheGreenBow
2015-10-29 17:45 . 2015-10-29 17:45	--------	d-----w-	c:\windows\SysWow64\Wat
2015-10-29 17:45 . 2015-10-29 17:45	--------	d-----w-	c:\windows\system32\Wat
2015-10-29 16:02 . 2015-10-29 16:02	--------	d-----w-	c:\users\admin\AppData\Local\GlobalVPN
2015-10-29 08:13 . 2015-10-29 08:13	--------	d-----w-	c:\users\admin\AppData\Local\Geckofx
2015-10-28 16:37 . 2015-11-13 21:48	--------	d-----w-	c:\program files\CyberGhost 5
2015-10-28 12:58 . 2015-10-28 12:58	750320	----a-w-	c:\programdata\vhzvLr.exe
2015-10-23 17:53 . 2015-10-23 17:53	--------	d-----w-	c:\users\admin\AppData\Roaming\Steam
2015-10-21 20:29 . 2015-10-21 20:29	--------	d-----w-	C:\GOG Games
2015-10-21 20:06 . 2015-10-21 20:06	--------	d-----w-	c:\program files (x86)\Vivendi Universal Games
2015-10-21 20:06 . 2015-10-21 20:06	--------	d--h--w-	c:\program files (x86)\InstallShield Installation Information
2015-10-21 20:04 . 2015-10-21 20:04	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2015-10-21 17:11 . 2015-10-21 17:11	--------	d-----w-	c:\program files (x86)\Common Files\Java
2015-10-20 15:16 . 2015-10-20 15:16	--------	d-----w-	c:\users\admin\AppData\Roaming\Boilsoft
2015-10-20 15:16 . 2015-10-20 15:16	--------	d-----w-	c:\program files (x86)\Boilsoft
2015-10-20 15:10 . 2015-10-20 15:10	129024	----a-w-	c:\windows\SysWow64\AVERM.dll
2015-10-20 15:10 . 2015-10-20 15:10	28672	----a-w-	c:\windows\SysWow64\AVEQT.dll
2015-10-20 15:10 . 2015-10-20 15:10	--------	d-----w-	c:\program files (x86)\Ultra Video Splitter
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-17 17:11 . 2015-06-24 00:14	192216	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-11-17 17:10 . 2015-06-24 00:14	109272	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-11-10 19:47 . 2015-05-19 17:47	780488	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-11-10 19:47 . 2015-05-19 17:47	142536	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-11-07 00:44 . 2015-06-27 21:14	190648	----a-w-	c:\windows\system32\drivers\kneps.sys
2015-10-30 08:08 . 2009-11-20 11:15	162872	----a-w-	c:\windows\system32\TgbStarter.exe
2015-10-29 17:50 . 2015-11-11 12:49	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-11 12:49	309248	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-11 12:49	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-11 12:49	103424	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-11 12:49	562176	----a-w-	c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-11 12:49	470528	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-11 12:49	2178560	----a-w-	c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-11 12:49	211968	----a-w-	c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-11 12:49	2560	----a-w-	c:\windows\apppatch\AcRes.dll
2015-10-28 16:37 . 2013-08-22 12:40	40664	----a-w-	c:\windows\system32\drivers\tap0901.sys
2015-10-21 17:10 . 2015-10-17 15:23	110176	----a-w-	c:\windows\system32\WindowsAccessBridge-64.dll
2015-10-20 00:45 . 2015-11-11 12:49	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-10-17 16:11 . 2015-06-24 00:14	63704	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-10-17 16:11 . 2015-06-24 00:14	25816	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-10-16 15:43 . 2015-10-16 15:43	766464	----a-w-	c:\windows\system32\generaltel.dll
2015-10-16 15:43 . 2015-10-16 15:43	73216	----a-w-	c:\windows\system32\acmigration.dll
2015-10-16 15:43 . 2015-10-16 15:43	700416	----a-w-	c:\windows\system32\invagent.dll
2015-10-16 15:43 . 2015-10-16 15:43	503808	----a-w-	c:\windows\system32\devinv.dll
2015-10-16 15:43 . 2015-10-16 15:43	25432	----a-w-	c:\windows\system32\CompatTelRunner.exe
2015-10-16 15:43 . 2015-10-16 15:43	1291264	----a-w-	c:\windows\system32\appraiser.dll
2015-10-16 15:43 . 2015-10-16 15:43	1163776	----a-w-	c:\windows\system32\aeinv.dll
2015-10-14 14:38 . 2015-10-14 14:38	1866752	----a-w-	c:\windows\system32\ExplorerFrame.dll
2015-10-14 14:38 . 2015-10-14 14:38	14176768	----a-w-	c:\windows\system32\shell32.dll
2015-10-14 14:38 . 2015-10-14 14:38	1498624	----a-w-	c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 14:36 . 2015-10-14 14:36	692672	----a-w-	c:\windows\system32\winload.efi
2015-10-14 14:36 . 2015-10-14 14:36	63488	----a-w-	c:\windows\system32\setbcdlocale.dll
2015-10-14 14:36 . 2015-10-14 14:36	616360	----a-w-	c:\windows\system32\winresume.efi
2015-10-14 14:36 . 2015-10-14 14:36	61440	----a-w-	c:\windows\system32\drivers\appid.sys
2015-10-14 14:36 . 2015-10-14 14:36	59392	----a-w-	c:\windows\system32\appidapi.dll
2015-10-14 14:36 . 2015-10-14 14:36	50688	----a-w-	c:\windows\SysWow64\appidapi.dll
2015-10-14 14:36 . 2015-10-14 14:36	32768	----a-w-	c:\windows\system32\appidsvc.dll
2015-10-14 14:36 . 2015-10-14 14:36	17920	----a-w-	c:\windows\system32\appidcertstorecheck.exe
2015-10-14 14:36 . 2015-10-14 14:36	147456	----a-w-	c:\windows\system32\appidpolicyconverter.exe
2015-10-14 14:35 . 2015-10-14 14:35	984448	----a-w-	c:\windows\system32\ucrtbase.dll
2015-10-14 14:35 . 2015-10-14 14:35	20832	----a-w-	c:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	14176	----a-w-	c:\windows\SysWow64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	14176	----a-w-	c:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	14176	----a-w-	c:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12640	----a-w-	c:\windows\SysWow64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12640	----a-w-	c:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\SysWow64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\SysWow64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\SysWow64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\SysWow64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\SysWow64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\SysWow64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\SysWow64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	901264	----a-w-	c:\windows\SysWow64\ucrtbase.dll
2015-10-14 14:35 . 2015-10-14 14:35	66400	----a-w-	c:\windows\SysWow64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	63840	----a-w-	c:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	22368	----a-w-	c:\windows\SysWow64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	19808	----a-w-	c:\windows\SysWow64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	19808	----a-w-	c:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	17760	----a-w-	c:\windows\SysWow64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	17760	----a-w-	c:\windows\SysWow64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	17760	----a-w-	c:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	17760	----a-w-	c:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	16224	----a-w-	c:\windows\SysWow64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	16224	----a-w-	c:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	15712	----a-w-	c:\windows\SysWow64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	15712	----a-w-	c:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	14176	----a-w-	c:\windows\SysWow64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	13664	----a-w-	c:\windows\SysWow64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	13664	----a-w-	c:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12640	----a-w-	c:\windows\SysWow64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12640	----a-w-	c:\windows\SysWow64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12640	----a-w-	c:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12640	----a-w-	c:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\SysWow64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\SysWow64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	12128	----a-w-	c:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 14:35 . 2015-10-14 14:35	11616	----a-w-	c:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 19:00 . 2015-07-29 17:44	3209920	----a-w-	c:\windows\system32\nvapi64.dll
2015-10-13 19:00 . 2015-07-29 17:44	18634072	----a-w-	c:\windows\system32\nvwgf2umx.dll
2015-10-13 19:00 . 2015-07-29 17:44	16128576	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2015-10-13 19:00 . 2015-07-29 17:44	14497568	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2015-10-13 19:00 . 2015-05-19 13:30	74032	----a-w-	c:\windows\system32\OpenCL.dll
2015-10-13 19:00 . 2015-05-19 13:30	59568	----a-w-	c:\windows\SysWow64\OpenCL.dll
2015-10-13 17:26 . 2015-05-19 13:30	6783280	----a-w-	c:\windows\system32\nvcpl.dll
2015-10-13 17:26 . 2015-05-19 13:30	3522168	----a-w-	c:\windows\system32\nvsvc64.dll
2015-10-13 17:26 . 2015-05-19 13:30	933168	----a-w-	c:\windows\system32\nvvsvc.exe
2015-10-13 17:26 . 2015-05-19 13:30	62584	----a-w-	c:\windows\system32\nvshext.dll
2015-10-13 17:26 . 2015-05-19 13:30	384176	----a-w-	c:\windows\system32\nvmctray.dll
2015-10-13 17:26 . 2015-05-19 13:30	2557616	----a-w-	c:\windows\system32\nvsvcr.dll
2015-10-13 16:19 . 2015-05-19 13:30	5972783	----a-w-	c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2015-05-19 152872]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-11-02 8551848]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-11-02 787592]
"DAEMON Tools Lite Automount"="c:\program files\DAEMON Tools Lite\DTAgent.exe" [2015-09-13 4468056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vmware-tray.exe"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2015-07-01 114368]
"ProductUpdater"="c:\program files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe" [2015-10-09 71680]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-10-21 597040]
"ConsoleApplication5"="c:\programdata\ConsoleApplication5\ConsoleApplication5\1.0.0.0\msdcsc.exe" [2015-11-14 0]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"{f255478c-ebfa-426d-a975-4a8d1f9432a4}"="c:\programdata\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe" [2015-08-15 1016624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 AVP15.0.2;Kaspersky Anti-Virus Service 15.0.2;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe;c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys;c:\windows\SYSNATIVE\drivers\Synth3dVsc.sys [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);c:\windows\system32\DRIVERS\cm_km_w.sys;c:\windows\SYSNATIVE\DRIVERS\cm_km_w.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 klhk;klhk;c:\windows\system32\DRIVERS\klhk.sys;c:\windows\SYSNATIVE\DRIVERS\klhk.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 Klwtp;Klwtp;c:\windows\system32\DRIVERS\klwtp.sys;c:\windows\SYSNATIVE\DRIVERS\klwtp.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 CGVPNCliService;CyberGhost 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 kldisk;kldisk;c:\windows\system32\DRIVERS\kldisk.sys;c:\windows\SYSNATIVE\DRIVERS\kldisk.sys [x]
S2 NoIPDUCService4;NO-IP DUC v4.1.1;c:\program files (x86)\No-IP\ducservice.exe;c:\program files (x86)\No-IP\ducservice.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 klflt;Kaspersky Lab Kernel DLL;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2015-11-15 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10 19:47]
.
2015-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-05-19 19:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-13 2585744]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-10-13 1514528]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mDefault_Search_URL = www.google.com
mDefault_Page_URL = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = www.google.com
IE: {{5547CE1F-74E9-41E5-9CBF-5211ECC37341} - {BB7DC12B-C59D-4138-AD28-BBB65DE62A3B} - c:\program files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default\
FF - prefs.js: browser.search.selectedEngine - Bing®
FF - prefs.js: browser.startup.homepage - www.google.de
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-Toolbase - c:\programdata\Microsoft\Microsoft\1.1.1.1\dingdong.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_245_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_245.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-11-18  20:54:39
ComboFix-quarantined-files.txt  2015-11-18 19:54
.
Vor Suchlauf: 14 Verzeichnis(se), 757.638.115.328 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 757.155.024.896 Bytes frei
.
- - End Of File - - 1267B5BEC3D2C5ED60FB5088E993C650
A36C5E4F47E84449FF07ED3517B43A31
         
"edit"
kann das sein das wenn meine VMWare Workstation infiziert ist auch komische prozesse
auf meinem normalem betriebssystem laufen
also ich meine ohne das sich jetzt jemand über meine VMWare einhackt auf mein normales betriebssystem,dass wenn der virus auf der vmware ausgeführt wird mein normales betriebssystem mitinfiziert wird?

Alt 19.11.2015, 15:18   #7
schrauber
/// the machine
/// TB-Ausbilder
 

komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



Malware kann in der Theorie aus einer VM ausbrechen, in der Theorie.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 22.11.2015, 11:33   #8
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



bevor ich hier aus dem abo genommen werde wollt ich kurz bescheid sagen:
bin jetzt ungefähr 2-3 tage nicht am pc,die scanns führe ich dann später durch und poste
die logfiles in den nächsten tagen.wäre das am besten wenn ich meine VMWare mal update?
habe
VMWare 11 und es gibt ja schon 12.
ich fürhre dann auch scanns auf meiner VMWare durch oder soll ich die in nen neuem thread aufmachen NACHDEM erstmal mein normales betriebssystem bereinigt ist?
vielleicht liegt es ja an der VMWare.
habe schon oft im internet gelesen dass es in trojaner funktionen gibt wie "Anti-VMWare"
oder "VMWare umgehen".

Alt 23.11.2015, 13:38   #9
schrauber
/// the machine
/// TB-Ausbilder
 

komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



Die Einstellungen der VM sind wichtig.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.11.2015, 21:07   #10
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



ok da bin ich wieder es kann weiter gehen

hier das mbam logfile:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlaufdatum: 23.11.2015
Suchlaufzeit: 18:56
Protokolldatei: mbam.txt
Administrator: Ja

Version: 2.2.0.1024
Malware-Datenbank: v2015.11.23.06
Rootkit-Datenbank: v2015.11.23.01
Lizenz: Premium-Version
Malware-Schutz: Aktiviert
Schutz vor bösartigen Websites: Aktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: admin

Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 393387
Abgelaufene Zeit: 21 Min., 28 Sek.

Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Tiefer Rootkit-Suchlauf: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 1
Backdoor.Agent.DCEGen, C:\Users\admin\Documents\MSDCSC\Patch.exe, 5944, Löschen bei Neustart, [e48eaed394f77db9e263b1fe0200cc34]

Module: 0
(keine bösartigen Elemente erkannt)

Registrierungsschlüssel: 1
Backdoor.DarkComet.Trace, HKU\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\DC3_FEXEC, In Quarantäne, [bdb5e39edfac37fff288feb57291e31d], 

Registrierungswerte: 1
Backdoor.Agent.DCEGen, HKU\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MicroUpdate, C:\Users\admin\Documents\MSDCSC\Patch.exe, In Quarantäne, [e48eaed394f77db9e263b1fe0200cc34]

Registrierungsdaten: 0
(keine bösartigen Elemente erkannt)

Ordner: 1
Trojan.StolenData, C:\Users\admin\AppData\Roaming\dclogs, In Quarantäne, [2d450b762467c96d4cf287449b68629e], 

Dateien: 4
Trojan.StolenData, C:\Users\admin\AppData\Roaming\dclogs\2015-11-23-2.dc, In Quarantäne, [2d450b762467c96d4cf287449b68629e], 
Backdoor.Agent.DCEGen, C:\Users\admin\Documents\MSDCSC\Patch.exe, Löschen bei Neustart, [e48eaed394f77db9e263b1fe0200cc34], 
PUP.Optional.Trovi, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "http://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=D788790A-AA45-4E7E-AA19-8B2361D4197F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP8FB79781-52B7-4BCA-8AB0-EC4E38EF33B1&D=112215");), Ersetzt,[086a7809b6d53402db322d5c1ee6c13f]
PUP.Optional.Trovi, C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.selectedEngine", "Trovi");), Ersetzt,[3240047d2d5ee94d9877deab22e2629e]

Physische Sektoren: 0
(keine bösartigen Elemente erkannt)


(end)
         

und hier das adcleaner logfile:

Code:
ATTFilter
# AdwCleaner v5.022 - Bericht erstellt am 23/11/2015 um 19:33:28
# Aktualisiert am 22/11/2015 von Xplode
# Datenbank : 2015-11-22.2 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : admin - PC
# Gestartet von : C:\Program Files (x86)\Lee_\Setups\Anti-M\AdwCleaner_5.022.exe
# Option : Löschen
# Unterstützung : http://toolslib.net/forum

***** [ Dienste ] *****


***** [ Ordner ] *****


***** [ Dateien ] *****


***** [ DLLs ] *****


***** [ Verknüpfungen ] *****


***** [ Aufgabenplanung ] *****


***** [ Registrierungsdatenbank ] *****

[-] Schlüssel Gelöscht : HKLM\SOFTWARE\ORBTR

***** [ Internetbrowser ] *****

[-] [C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default\prefs.js] [Preference] Gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3333673&octid=EB_ORIGINAL_CTID&ISID=D788790A-AA45-4E7E-AA19-8B2361D4197F&SearchSource=69&CUI=&SSPV=&Lay=1&UM=8&UP=SP8FB79781-52B7-4BCA[...]

*************************

:: "Tracing" Schlüssel gelöscht
:: Proxy Einstellungen zurückgesetzt
:: Winsock Einstellungen zurückgesetzt
:: Internet Explorer Richtlinien gelöscht
:: Chrome Richtlinien gelöscht

########## EOF - C:\AdwCleaner\AdwCleaner[C8].txt - [1240 Bytes] ##########
         



und hier das junkremoval tool logfile:

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.0 (11.12.2015)
Operating System: Windows 7 Ultimate x64 
Ran by admin (Administrator) on 23.11.2015 at 19:39:51,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 


Deleted the following from C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default\prefs.js
user_pref(browser.search.selectedEngine, Trovi);



Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.11.2015 at 19:42:24,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         


und dann wollt ich noch fragen,welche einstellungen sind den so wichtig in der VMWare und kann ich auch von VMWare version 11 auf 12 updaten ohne das betriebssystem neu auf die vmware aufzu installieren?
und ich habe immernoch komische prozesse

frst logfile hab ich vergessen hier:

Code:
ATTFilter
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-11-2015
durchgeführt von admin (Administrator) auf PC (23-11-2015 22:00:34)
Gestartet von C:\Users\admin\Desktop
Geladene Profile: admin (Verfügbare Profile: admin)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avpui.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
() C:\Program Files (x86)\No-IP\ducservice.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
(Malwarebytes) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-07-01] (VMware, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [71680 2015-10-09] ()
HKLM-x32\...\Run: [ConsoleApplication5] => C:\ProgramData\ConsoleApplication5\ConsoleApplication5\1.0.0.0\msdcsc.exe [0 2015-11-14] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\RunOnce: [{f255478c-ebfa-426d-a975-4a8d1f9432a4}] => C:\ProgramData\Package Cache\{f255478c-ebfa-426d-a975-4a8d1f9432a4}\vs_langpack.exe [1016624 2015-08-15] (Microsoft Corporation)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2015-05-19] (Nero AG)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-11-02] (Piriform Ltd)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-11-02] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-09-13] (Disc Soft Ltd)
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-14] (Microsoft Corporation)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL Keine Datei 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{92F26E54-F45F-436B-AB09-400A4B3518BA}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Beschränkung <======= ACHTUNG
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.de/
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-560193511-1957534509-1735208640-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\x64\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-23] (Oracle Corporation)
BHO-x32: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-23] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\tjc4nckf.default
FF Homepage: www.google.com
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-23] (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] ()
FF Plugin-x32: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Keine Datei]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-10-13] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-07-19] (VideoLAN)
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-11-07] [ist nicht signiert]
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-11-07] [ist nicht signiert]
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-11-07] [ist nicht signiert]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF HKLM-x32\...\Firefox\Extensions: [online_banking_08806E753BE44495B44E90AA2513BDC5@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 AVP15.0.2; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe [194000 2015-06-27] (Kaspersky Lab ZAO)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2015-07-21] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-09-13] (Disc Soft Ltd)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [275752 2015-05-19] (Nero AG)
R2 NoIPDUCService4; C:\Program Files (x86)\No-IP\ducservice.exe [12288 2015-07-20] () [Datei ist nicht signiert]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2015-05-19] (Prolific Technology Inc.) [Datei ist nicht signiert]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-11-02] (Sandboxie Holdings, LLC)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2015-07-21] (Microsoft Corporation) [Datei ist nicht signiert]
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12732608 2015-07-01] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2015-07-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [247016 2015-06-27] (Kaspersky Lab UK Ltd)
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2015-09-13] (Disc Soft Ltd)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [64368 2015-06-27] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [159960 2015-06-27] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [225976 2015-06-27] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [831672 2015-11-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [40304 2015-06-27] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [39280 2015-06-27] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [24944 2015-06-27] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [65208 2015-06-27] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [85360 2015-06-27] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [190648 2015-11-07] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-29] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-07-29] (NVIDIA Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [381608 2015-09-13] (Duplex Secure Ltd.)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31936 2015-05-31] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-05-21] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 athr; system32\DRIVERS\athrx.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
U4 klkbdflt2; system32\DRIVERS\klkbdflt2.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-23 22:00 - 2015-11-23 22:00 - 00019538 _____ C:\Users\admin\Desktop\FRST.txt
2015-11-23 22:00 - 2015-11-23 22:00 - 00000000 ____D C:\Users\admin\Desktop\FRST-OlderVersion
2015-11-23 20:46 - 2015-11-23 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\16EB6D88.sys
2015-11-23 20:46 - 2015-11-23 20:46 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\0EC06DB0.sys
2015-11-23 03:17 - 2015-11-23 03:17 - 00002633 _____ C:\Users\admin\Desktop\µTorrent.lnk
2015-11-23 03:17 - 2015-11-23 03:17 - 00002633 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-11-23 03:16 - 2015-11-23 03:53 - 00000000 ____D C:\Users\admin\AppData\Roaming\uTorrent
2015-11-23 03:14 - 2015-11-23 03:15 - 02026520 _____ (BitTorrent Inc.) C:\Users\admin\Desktop\uTorrent.exe
2015-11-23 02:48 - 2015-11-20 20:19 - 00001796 _____ C:\Users\admin\Downloads\Info.txt
2015-11-23 02:14 - 2015-11-23 02:14 - 00000000 ____D C:\Users\admin\Downloads\Neuer Ordner
2015-11-23 01:15 - 2015-11-23 01:15 - 00001634 _____ C:\Users\admin\Downloads\Actual Keylogger v3.2 +_ [4realtorrentz].rar.torrent
2015-11-23 00:56 - 2015-11-23 00:56 - 01005804 _____ C:\Users\admin\Downloads\Actual Keylogger v3.2 +_ [4realtorrentz].rar
2015-11-21 15:30 - 2015-11-21 15:46 - 00040435 _____ C:\Windows\update.exe
2015-11-20 15:39 - 2015-11-21 20:56 - 00000000 ____D C:\Users\admin\Documents\Gothic3ForsakenGods
2015-11-20 15:33 - 2015-11-20 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Götterdämmerung Enhanced Edition
2015-11-20 15:09 - 2015-11-20 15:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Modkit
2015-11-20 15:08 - 2015-11-20 15:36 - 00036946 _____ C:\Windows\DirectX.log
2015-11-20 15:04 - 2015-11-20 15:04 - 00000000 ____D C:\Users\admin\Documents\Gothic3
2015-11-20 15:04 - 2015-11-20 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic 3 Enhanced Edition
2015-11-19 00:50 - 2015-11-19 00:56 - 00000000 ____D C:\Program Files (x86)\Resource Hacker
2015-11-19 00:50 - 2015-11-19 00:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Resource Hacker
2015-11-19 00:49 - 2015-11-19 00:49 - 02781137 _____ ( ) C:\Users\admin\Desktop\reshacker_setup.exe
2015-11-19 00:33 - 2015-11-19 00:33 - 00000000 ____D C:\ProgramData\Microsoft Corporation
2015-11-18 20:54 - 2015-11-18 21:00 - 00032970 _____ C:\ComboFix.txt
2015-11-18 20:38 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-18 20:38 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-18 20:38 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-18 20:38 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-18 20:38 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-18 20:38 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-18 20:38 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-18 20:38 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-18 18:59 - 2015-11-18 20:35 - 00000000 ____D C:\Users\admin\Downloads\relink.us - Jurassic.World.2015.BDRip.AC3.German.XviD-LoC - ID5ec8e208ab394d7829e99dad4a0009
2015-11-18 13:24 - 2015-11-23 20:06 - 00002890 _____ C:\Windows\setupact.log
2015-11-18 13:24 - 2015-11-23 19:34 - 00032022 _____ C:\Windows\PFRO.log
2015-11-18 13:24 - 2015-11-18 13:24 - 00270720 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-18 13:24 - 2015-11-18 13:24 - 00000000 _____ C:\Windows\setuperr.log
2015-11-18 00:34 - 2015-11-18 00:34 - 00059616 _____ C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-11-17 22:12 - 2015-11-17 22:12 - 00000325 _____ C:\Users\admin\SciTE.session
2015-11-17 20:34 - 2015-11-17 22:11 - 00000000 ____D C:\Users\admin\AppData\Local\AutoIt v3
2015-11-17 19:10 - 2015-11-17 22:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoIt v3
2015-11-17 19:10 - 2015-11-17 22:11 - 00000000 ____D C:\Program Files (x86)\AutoIt3
2015-11-17 15:51 - 2015-11-17 15:51 - 04039411 _____ C:\Users\admin\Downloads\IsoBuster Pro 3.6.0.0.zip
2015-11-16 19:59 - 2015-11-16 19:59 - 00002673 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\BitTorrent.lnk
2015-11-16 19:58 - 2015-11-19 02:47 - 00000000 ____D C:\Users\admin\AppData\Roaming\BitTorrent
2015-11-16 15:19 - 2015-11-16 16:26 - 00000000 ____D C:\Users\admin\Downloads\relink.us - mp-refueled-xweb.rar - IDcde97372375e14a26ac86e5b1ac505
2015-11-14 22:23 - 2015-11-14 22:23 - 00000000 ____D C:\Users\admin\AppData\Local\SkinSoft
2015-11-13 22:44 - 2015-11-13 22:45 - 00000000 ____D C:\Program Files\TAP-Windows
2015-11-12 17:51 - 2015-11-12 17:51 - 00000000 ____D C:\ProgramData\ConsoleApplication5
2015-11-12 09:35 - 2015-11-03 18:55 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 09:11 - 2015-11-23 22:00 - 02348544 _____ (Farbar) C:\Users\admin\Desktop\FRST64.exe
2015-11-11 18:01 - 2015-11-11 18:01 - 00000000 ____D C:\Users\admin\AppData\Local\NVIDIA Corporation
2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2015-11-11 14:36 - 2015-11-11 18:44 - 00002832 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2015-11-11 14:36 - 2015-11-11 14:36 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2015-11-11 14:36 - 2015-11-11 14:36 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2015-11-11 13:50 - 2015-11-03 23:10 - 00390344 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-11 13:50 - 2015-11-03 22:51 - 00342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-11 13:50 - 2015-10-31 00:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-11 13:50 - 2015-10-31 00:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-11-11 13:50 - 2015-10-31 00:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-11-11 13:50 - 2015-10-31 00:16 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-11 13:50 - 2015-10-31 00:12 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-11-11 13:50 - 2015-10-31 00:04 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-11-11 13:50 - 2015-10-30 23:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-11 13:50 - 2015-10-30 23:53 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-11-11 13:50 - 2015-10-30 23:52 - 20331520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-11 13:50 - 2015-10-30 23:47 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-11 13:50 - 2015-10-30 23:46 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-11 13:50 - 2015-10-30 23:46 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-11 13:50 - 2015-10-30 23:45 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-11-11 13:50 - 2015-10-30 23:44 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-11-11 13:50 - 2015-10-30 23:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-11-11 13:50 - 2015-10-30 23:42 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-11 13:50 - 2015-10-30 23:39 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-11 13:50 - 2015-10-30 23:39 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-11 13:50 - 2015-10-30 23:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-11 13:50 - 2015-10-30 23:36 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-11 13:50 - 2015-10-30 23:36 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-11-11 13:50 - 2015-10-30 23:32 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-11 13:50 - 2015-10-30 23:31 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-11 13:50 - 2015-10-30 23:28 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-11 13:50 - 2015-10-30 23:23 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-11-11 13:50 - 2015-10-30 23:19 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-11 13:50 - 2015-10-30 23:18 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-11 13:50 - 2015-10-30 23:17 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-11-11 13:50 - 2015-10-30 23:10 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-11 13:50 - 2015-10-30 23:09 - 12854272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-11 13:50 - 2015-10-30 23:09 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-11 13:50 - 2015-10-30 23:04 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-11 13:50 - 2015-10-30 22:48 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-11 13:50 - 2015-10-30 22:46 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-11 13:50 - 2015-10-20 19:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-11 13:50 - 2015-10-20 19:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-11 13:50 - 2015-10-20 19:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-11 13:50 - 2015-10-20 19:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-11 13:50 - 2015-10-20 19:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-11 13:50 - 2015-10-20 18:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-11 13:50 - 2015-10-20 18:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-11 13:49 - 2015-10-31 00:46 - 25818624 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-11 13:49 - 2015-10-31 00:25 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-11 13:49 - 2015-10-31 00:25 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-11 13:49 - 2015-10-31 00:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-11 13:49 - 2015-10-31 00:24 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-11 13:49 - 2015-10-31 00:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-11-11 13:49 - 2015-10-31 00:17 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-11 13:49 - 2015-10-31 00:13 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-11 13:49 - 2015-10-31 00:12 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-11-11 13:49 - 2015-10-31 00:11 - 05990912 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-11 13:49 - 2015-10-31 00:11 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-11 13:49 - 2015-10-31 00:11 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-11-11 13:49 - 2015-10-31 00:01 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-11 13:49 - 2015-10-30 23:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-11 13:49 - 2015-10-30 23:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-11 13:49 - 2015-10-30 23:45 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-11 13:49 - 2015-10-30 23:36 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-11-11 13:49 - 2015-10-30 23:34 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-11-11 13:49 - 2015-10-30 23:29 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-11 13:49 - 2015-10-30 23:29 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-11-11 13:49 - 2015-10-30 23:22 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-11 13:49 - 2015-10-30 23:21 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-11 13:49 - 2015-10-30 23:17 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-11 13:49 - 2015-10-30 23:16 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-11 13:49 - 2015-10-30 23:11 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-11-11 13:49 - 2015-10-30 23:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-11-11 13:49 - 2015-10-30 22:53 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-11-11 13:49 - 2015-10-30 22:51 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-11 13:49 - 2015-10-29 18:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-11 13:49 - 2015-10-29 18:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-11 13:49 - 2015-10-29 18:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-11 13:49 - 2015-10-29 18:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-11 13:49 - 2015-10-20 02:12 - 05570496 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-11 13:49 - 2015-10-20 02:12 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-11 13:49 - 2015-10-20 02:12 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-11 13:49 - 2015-10-20 02:09 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-11 13:49 - 2015-10-20 02:06 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-11 13:49 - 2015-10-20 02:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-11 13:49 - 2015-10-20 02:05 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-11 13:49 - 2015-10-20 02:05 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-11 13:49 - 2015-10-20 02:04 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-11 13:49 - 2015-10-20 02:04 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-11 13:49 - 2015-10-20 02:04 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-11 13:49 - 2015-10-20 02:00 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-11 13:49 - 2015-10-20 01:59 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:53 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:52 - 03991488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-11 13:49 - 2015-10-20 01:52 - 03935680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-11 13:49 - 2015-10-20 01:48 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-11 13:49 - 2015-10-20 01:45 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-11 13:49 - 2015-10-20 01:45 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-11 13:49 - 2015-10-20 01:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-11 13:49 - 2015-10-20 01:44 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-11 13:49 - 2015-10-20 01:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-11 13:49 - 2015-10-20 01:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 01:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:41 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-11 13:49 - 2015-10-20 00:40 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-11 13:49 - 2015-10-20 00:40 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-11 13:49 - 2015-10-20 00:29 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-11 13:49 - 2015-10-20 00:29 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-11 13:49 - 2015-10-20 00:27 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:27 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:27 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-11 13:49 - 2015-10-20 00:27 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-11 13:49 - 2015-10-13 17:41 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-11 13:49 - 2015-10-13 17:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-11 13:49 - 2015-10-13 05:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-11 13:49 - 2015-10-01 19:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-11 13:49 - 2015-10-01 19:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-11 13:49 - 2015-10-01 18:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-11 13:49 - 2015-09-23 14:15 - 00460776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-11 13:49 - 2015-09-23 14:15 - 00299632 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-11 13:49 - 2015-09-23 14:09 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-11 13:42 - 2015-11-11 13:42 - 00000000 ____D C:\ProgramData\A
2015-11-11 13:33 - 2015-11-23 19:54 - 00000000 __SHD C:\Users\admin\Documents\MSDCSC
2015-11-11 13:15 - 2015-11-11 13:15 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC
2015-11-11 13:15 - 2015-11-11 13:15 - 00000000 ____D C:\ProgramData\Vitalwerks
2015-11-10 18:12 - 2015-11-10 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-11-10 18:12 - 2015-10-13 20:00 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-11-10 18:12 - 2015-10-13 20:00 - 01514528 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-11-10 18:12 - 2015-10-13 20:00 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-11-10 18:12 - 2015-10-13 20:00 - 01278920 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-11-10 18:11 - 2015-10-13 16:26 - 00608048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-11-10 18:09 - 2015-10-13 20:00 - 31514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 24199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 22993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 17559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 15293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 13916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 13828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 12898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-11-10 18:09 - 2015-10-13 20:00 - 11272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 11209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 04245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 03986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 01908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 01556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-11-10 18:09 - 2015-10-13 20:00 - 00869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-11-08 11:30 - 2015-11-08 11:43 - 00000000 ____D C:\EEK
2015-11-07 01:02 - 2015-11-07 01:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-11-07 01:02 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-11-07 01:01 - 2015-11-07 01:44 - 00831672 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Windows\ELAMBKUP
2015-11-07 01:01 - 2015-11-07 01:01 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-11-07 01:01 - 2015-06-27 22:14 - 00225976 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-11-07 01:01 - 2015-06-27 22:14 - 00159960 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-11-06 23:17 - 2015-11-06 23:44 - 00000105 _____ C:\ProgramData\vhzvLr.path
2015-11-06 23:17 - 2015-11-06 23:44 - 00000091 _____ C:\ProgramData\vhzvLr.folder
2015-11-06 21:28 - 2015-11-07 01:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2015-11-06 21:21 - 2015-11-06 21:21 - 00262144 _____ C:\Windows\system32\config\elam
2015-11-06 21:14 - 2015-11-23 20:21 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\Users\admin\Documents\My Games
2015-11-06 20:50 - 2015-11-06 20:50 - 00000000 ____D C:\ProgramData\Steam
2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962}
2015-11-06 19:45 - 2015-11-06 19:45 - 00003360 _____ C:\Windows\System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA}
2015-11-06 16:53 - 2015-11-06 16:53 - 00000000 ____D C:\Program Files (x86)\Running With Scissors
2015-11-06 15:27 - 2015-11-06 15:27 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-11-06 14:36 - 2015-11-06 14:36 - 00000000 ____D C:\Program Files (x86)\Team 17
2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolphin x86
2015-11-05 16:06 - 2015-11-05 16:07 - 00000000 ____D C:\Program Files (x86)\Dolphin x86
2015-11-02 22:59 - 2015-11-02 22:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-11-02 22:52 - 2015-11-23 19:33 - 00000000 ____D C:\AdwCleaner
2015-11-02 21:03 - 2015-11-02 21:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-11-02 12:28 - 2015-11-06 16:29 - 00007597 _____ C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-11-02 12:05 - 2015-11-02 12:05 - 00000000 ____H C:\Users\admin\Documents\Default.rdp
2015-11-02 10:57 - 2015-11-02 10:57 - 00000000 ____D C:\Users\Public\Documents\HostsMan Backups
2015-11-02 10:57 - 2015-11-02 10:57 - 00000000 ____D C:\ProgramData\abelhadigital.com
2015-11-02 10:31 - 2015-11-02 10:31 - 00000000 ____D C:\Users\admin\.java
2015-11-01 14:17 - 2015-11-18 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HashCalc
2015-11-01 14:17 - 2015-11-18 23:36 - 00000000 ____D C:\Program Files (x86)\HashCalc
2015-11-01 13:27 - 2015-11-01 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ophcrack
2015-11-01 07:58 - 2015-11-01 07:58 - 00000000 ____D C:\Users\admin\AppData\Local\BANDAI NAMCO Games
2015-11-01 07:57 - 2015-11-01 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragonball Xenoverse Bundle Edition
2015-11-01 07:53 - 2015-11-01 07:57 - 00000000 ____D C:\Program Files (x86)\Dragonball Xenoverse Bundle Edition
2015-11-01 04:12 - 2015-11-01 04:12 - 00000000 ____D C:\Program Files (x86)\Portable
2015-11-01 03:46 - 2015-11-01 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery Magic
2015-11-01 03:46 - 2015-11-01 04:04 - 00000000 ____D C:\Program Files (x86)\RAR Password Recovery Magic
2015-11-01 03:19 - 2015-11-01 03:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
2015-10-31 04:11 - 2015-10-31 04:11 - 00000000 ____D C:\Users\admin\Documents\BNE
2015-10-31 03:32 - 2015-10-31 03:32 - 00000000 ____D C:\Games
2015-10-30 10:52 - 2015-10-30 10:52 - 00024576 ____H C:\Users\admin\Desktop\LS Crypter.suo
2015-10-30 09:09 - 2015-10-30 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TheGreenBow
2015-10-30 09:09 - 2015-10-30 09:09 - 00000026 _____ C:\Windows\SysWOW64\sboot32.ocx
2015-10-30 09:08 - 2015-10-30 09:40 - 00000000 ____D C:\Program Files (x86)\TheGreenBow
2015-10-29 17:02 - 2015-10-29 17:02 - 00000000 ____D C:\Users\admin\AppData\Local\GlobalVPN
2015-10-29 09:13 - 2015-10-29 09:13 - 00000000 ____D C:\Users\admin\AppData\Local\Geckofx
2015-10-28 17:37 - 2015-11-23 03:03 - 00000000 ____D C:\Program Files\CyberGhost 5
2015-10-28 13:58 - 2015-10-28 13:58 - 01859600 _____ C:\ProgramData\vhzvLr
2015-10-28 13:58 - 2015-10-28 13:58 - 00750320 _____ (AutoIt Team) C:\ProgramData\vhzvLr.exe

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-11-23 22:00 - 2015-06-25 22:14 - 00000000 ____D C:\FRST
2015-11-23 22:00 - 2015-06-25 03:16 - 00000000 ____D C:\Users\admin\Desktop\Sachen
2015-11-23 21:59 - 2015-10-07 16:46 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-23 21:59 - 2015-06-24 01:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-23 21:04 - 2015-05-19 12:27 - 01076417 _____ C:\Windows\WindowsUpdate.log
2015-11-23 21:01 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-23 21:01 - 2009-07-14 05:45 - 00037488 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-23 20:40 - 2015-10-17 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-11-23 20:40 - 2015-10-17 16:22 - 00000000 ____D C:\Program Files\Java
2015-11-23 20:40 - 2015-05-30 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-11-23 20:40 - 2015-05-30 20:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-11-23 20:39 - 2015-09-02 16:03 - 00000000 ____D C:\Users\admin\.oracle_jre_usage
2015-11-23 20:38 - 2015-10-17 16:23 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-11-23 20:06 - 2015-06-24 00:08 - 00000000 ____D C:\ProgramData\VMware
2015-11-23 20:06 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-23 20:05 - 2015-05-19 14:30 - 00000000 ____D C:\ProgramData\NVIDIA
2015-11-23 19:20 - 2009-07-14 06:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-11-23 18:55 - 2015-06-24 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-11-23 18:55 - 2015-06-24 01:14 - 00000000 ____D C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2015-11-23 18:35 - 2015-10-08 19:52 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-11-23 18:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2015-11-21 23:57 - 2015-10-17 16:00 - 00000946 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-11-20 15:12 - 2015-05-30 12:47 - 00000000 ____D C:\Program Files (x86)\Nordic Games
2015-11-19 16:24 - 2015-05-23 17:32 - 00000000 ____D C:\Users\admin\AppData\Roaming\vlc
2015-11-19 04:11 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Roaming\VMware
2015-11-19 04:11 - 2015-06-24 00:10 - 00000000 ____D C:\Users\admin\AppData\Local\VMware
2015-11-19 03:57 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2015-11-18 20:54 - 2015-09-14 19:48 - 00000000 ____D C:\Qoobox
2015-11-18 20:51 - 2015-09-14 19:48 - 00000000 ____D C:\Windows\erdnt
2015-11-18 20:50 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2015-11-18 20:46 - 2015-06-21 20:48 - 00000000 ____D C:\ProgramData\TEMP
2015-11-18 20:37 - 2015-09-03 21:20 - 00000000 ____D C:\Users\admin\AppData\Local\JDownloader 2.0
2015-11-17 22:12 - 2015-05-19 12:27 - 00000000 ____D C:\Users\admin
2015-11-17 19:51 - 2011-04-12 08:54 - 00000000 ____D C:\Windows\ShellNew
2015-11-17 18:34 - 2015-05-19 12:21 - 00000000 ____D C:\Windows\CSC
2015-11-17 18:00 - 2015-06-25 01:04 - 00002714 _____ C:\Windows\Sandboxie.ini
2015-11-17 16:53 - 2015-07-21 15:57 - 00000000 ____D C:\Users\admin\Documents\Visual Studio 2013
2015-11-15 03:36 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system
2015-11-14 19:04 - 2015-05-30 17:09 - 00000000 ____D C:\Program Files (x86)\Lee_
2015-11-14 19:01 - 2015-10-08 07:44 - 00000000 ____D C:\Users\admin\AppData\LocalLow\Temp
2015-11-14 09:11 - 2011-04-12 08:43 - 00757166 _____ C:\Windows\system32\perfh007.dat
2015-11-14 09:11 - 2011-04-12 08:43 - 00191018 _____ C:\Windows\system32\perfc007.dat
2015-11-14 09:11 - 2009-07-14 06:13 - 01704624 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-13 23:21 - 2015-08-04 12:08 - 00000000 ____D C:\Tor Browser
2015-11-12 18:51 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2015-11-12 08:54 - 2015-06-24 01:23 - 00000000 ____D C:\Users\admin\AppData\Roaming\Lavasoft
2015-11-12 08:54 - 2015-06-24 01:21 - 00000000 ____D C:\ProgramData\Lavasoft
2015-11-11 23:45 - 2015-05-19 17:50 - 01633840 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 23:37 - 2011-04-12 08:54 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 18:01 - 2015-05-19 14:29 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2015-11-11 14:36 - 2015-10-15 04:43 - 00000000 ____D C:\ProgramData\Freemake
2015-11-11 13:15 - 2015-06-27 21:26 - 00000000 ____D C:\Program Files (x86)\No-IP
2015-11-10 20:47 - 2015-10-17 16:00 - 00003928 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-11-10 20:47 - 2015-10-07 16:46 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-11-10 20:47 - 2015-05-19 18:47 - 00780488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-10 20:47 - 2015-05-19 18:47 - 00142536 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-10 20:19 - 2015-10-21 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GOG.com
2015-11-10 18:12 - 2015-05-19 14:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-11-10 18:12 - 2015-05-19 14:29 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-11-07 04:04 - 2015-09-13 21:54 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
2015-11-07 01:44 - 2015-06-27 22:14 - 00190648 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-11-07 01:25 - 2015-07-23 15:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-11-06 20:50 - 2015-05-19 13:10 - 00000000 ____D C:\Program Files\COMODO
2015-11-06 20:41 - 2015-05-19 13:09 - 00000000 ____D C:\ProgramData\Comodo
2015-11-06 19:43 - 2015-06-18 20:59 - 00000000 ____D C:\Windows\SysWOW64\directx
2015-11-06 17:04 - 2015-07-21 15:18 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-06 16:42 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-11-05 16:08 - 2015-08-22 16:32 - 00000000 ____D C:\Users\admin\Documents\Dolphin Emulator
2015-11-02 22:44 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\TAPI
2015-11-02 20:56 - 2015-05-19 17:24 - 00000000 ___SD C:\Windows\system32\GWX
2015-11-02 20:56 - 2011-04-12 08:54 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-11-02 12:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2015-11-01 21:29 - 2015-05-22 18:00 - 00000000 ____D C:\Program Files\WinRAR
2015-11-01 03:37 - 2015-05-22 18:00 - 00000000 ____D C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-11-01 03:37 - 2015-05-22 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-30 09:08 - 2009-11-20 12:15 - 00162872 _____ (TheGreenBow) C:\Windows\system32\TgbStarter.exe
2015-10-30 02:52 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-10-29 21:10 - 2015-05-19 12:28 - 00001325 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-10-29 21:07 - 2015-06-27 19:26 - 00001069 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MakeTorrent 2.lnk
2015-10-29 21:07 - 2015-05-19 12:51 - 00001061 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-10-29 21:07 - 2012-03-14 12:15 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-10-29 21:07 - 2012-03-14 12:15 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-10-29 21:07 - 2009-07-14 05:57 - 00001523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-29 21:07 - 2009-07-14 05:57 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-10-29 21:07 - 2009-07-14 05:57 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-10-29 21:07 - 2009-07-14 05:54 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-10-29 21:06 - 2015-08-04 12:09 - 00000823 _____ C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk
2015-10-29 21:06 - 2009-07-14 06:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-10-29 21:06 - 2009-07-14 05:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-10-28 17:41 - 2015-05-19 12:28 - 00000000 ____D C:\Users\admin\AppData\Local\VirtualStore
2015-10-28 17:37 - 2013-08-22 13:40 - 00040664 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-05-20 21:51 - 2015-06-05 15:58 - 0000001 _____ () C:\Users\admin\AppData\Roaming\update.dat
2015-11-02 12:28 - 2015-11-06 16:29 - 0007597 _____ () C:\Users\admin\AppData\Local\Resmon.ResmonCfg
2015-10-28 13:58 - 2015-10-28 13:58 - 1859600 _____ () C:\ProgramData\vhzvLr
2015-10-28 13:58 - 2015-10-28 13:58 - 0750320 _____ (AutoIt Team) C:\ProgramData\vhzvLr.exe
2015-11-06 23:17 - 2015-11-06 23:44 - 0000091 _____ () C:\ProgramData\vhzvLr.folder
2015-11-06 23:17 - 2015-11-06 23:44 - 0000105 _____ () C:\ProgramData\vhzvLr.path

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\ProgramData\vhzvLr.exe


Einige Dateien in TEMP:
====================
C:\Users\admin\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\admin\AppData\Local\Temp\PORTSCANNER.EXE
C:\Users\admin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-11-20 17:54

==================== Ende von FRST.txt ============================
         

Alt 23.11.2015, 21:08   #11
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



und hier noch ein addition logfile:

Code:
ATTFilter
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-11-2015
durchgeführt von admin (2015-11-23 22:01:31)
Gestartet von C:\Users\admin\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2015-05-19 11:27:50)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

admin (S-1-5-21-560193511-1957534509-1735208640-1001 - Administrator - Enabled) => C:\Users\admin
Administrator (S-1-5-21-560193511-1957534509-1735208640-500 - Administrator - Disabled)
Gast (S-1-5-21-560193511-1957534509-1735208640-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-560193511-1957534509-1735208640-1002 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Kaspersky Total Security (Enabled - Up to date) {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
AS: Kaspersky Total Security (Enabled - Up to date) {0F7D947C-13CC-4207-47BE-41AC12334EC6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Total Security (Enabled) {8C27F4BD-7F99-4CD1-5651-D3EB97674300}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

µTorrent (HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\{B0B387B2-B1E4-43F2-961D-08ABFD759E1A}) (Version: 12.1.9.160 - Adobe Systems, Inc)
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.4.0 - Sereby Corporation)
ArcaniA - Fall of Setarrif (HKLM-x32\...\{BA1F2D65-B22F-47C7-A3D0-A7827DF20272}_is1) (Version:  - Nordic Games GmbH)
ArcaniA - Gothic 4 (HKLM-x32\...\{EE74D039-45D7-44E9-BF95-B9CFB015964F}_is1) (Version:  - Nordic Games GmbH)
AutoIt v3.3.14.1 (HKLM-x32\...\AutoItv3) (Version: 3.3.14.1 - AutoIt Team)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (XAML) for Visual Studio (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
BitTorrent (HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\BitTorrent) (Version: 7.9.5.41203 - BitTorrent Inc.)
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 DEU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Boilsoft Video Splitter 6.34 (HKLM-x32\...\{24549038-9956-4EE5-976D-4419AAEA7DD5}_is1) (Version:  - Boilsoft, Inc.)
Build Tools - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.21005 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Devenv-Ressourcen für Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
Dolphin x86 (HKLM-x32\...\Dolphin x86) (Version: 4.0.2 - Dolphin Development Team)
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Dotfuscator and Analytics Community Edition Language Pack (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
Entity Framework Tools for Visual Studio 2013 (HKLM-x32\...\{08AEF86A-1956-4846-B906-B01350E96E30}) (Version: 12.0.20912.0 - Microsoft Corporation)
FlatOut 2 (HKLM-x32\...\GOGPACKFLATOUT2_is1) (Version: 2.0.0.7 - GOG.com)
Freemake Video Converter Version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Gothic 3 Enhanced Edition (HKLM-x32\...\{C28A686B-D439-4B83-B023-7402E982F69D}_is1) (Version:  - Nordic Games GmbH)
Gothic 3 Götterdämmerung Enhanced Edition (HKLM-x32\...\{6890095D-D7FE-465A-9B1D-BE605B1F5FD9}_is1) (Version:  - Nordic Games GmbH)
Gothic 3 Modkit v1.75.14 (HKLM-x32\...\{420DA6C7-EE34-4468-AE16-87205B7D24EF}_is1) (Version: v1.75.14 - Nordic Games GmbH)
Gothic II - Die Nacht des Raben (HKLM-x32\...\Gothic II - Die Nacht des Raben) (Version:  - JoWooD Productions Software AG)
Gothic II (HKLM-x32\...\Gothic II) (Version:  - JoWooD Productions Software AG)
HashCalc 2.02 (HKLM-x32\...\HashCalc_is1) (Version:  - SlavaSoft Inc.)
Icons from File 5.0.6 (HKLM-x32\...\Icons from File_is1) (Version: 5.0.6 - Vitaliy Levchenko)
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 45 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0180450}) (Version: 8.0.450.15 - Oracle Corporation)
JavaScript Tooling (Version: 12.0.21005 - Microsoft Corporation) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Total Security (HKLM-x32\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.396 - Kaspersky Lab)
Kaspersky Total Security (x32 Version: 15.0.2.396 - Kaspersky Lab) Hidden
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for de-de Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
MakeTorrent v2.1 (HKLM-x32\...\MakeTorrent 2) (Version:  - )
Malwarebytes Anti-Malware Version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK - DEU Lang Pack (HKLM-x32\...\{21B0F482-5EF9-45DA-8840-340AFE705A6C}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (Deutsch) (HKLM-x32\...\{CBD7095F-7211-43FD-9FE7-FB08D753AF79}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 Sprachpaket - DEU (HKLM-x32\...\Microsoft Help Viewer 2.1 Sprachpaket - DEU) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 DEU  (HKLM\...\{98225B15-ECF5-4645-B5AC-F8C5E869A5D5}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - DEU (12.0.30919.1) (HKLM-x32\...\{BCB8A870-2B3D-4CC0-87D6-F931E065AC0C}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61187 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61186 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.7523 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.7523 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.7523 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{f0080ca2-80ae-4958-b6eb-e8fa916d744a}) (Version: 11.0.61030.0 - Корпорация Майкрософт)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{e6e75766-da0f-4ba2-9788-6ea593ce702d}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package - SE (x64) (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package - SE (x64)) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{6dff50d0-3bc3-4a92-b724-bf6d6a99de4f}) (Version: 12.0.21005.13 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM-x32\...\{C6115A28-F277-4E82-B067-84D28BF21031}) (Version: 7.03.1357 - Nero AG)
No-IP DUC (HKLM-x32\...\NoIPDUC) (Version: 4.1.1 - Vitalwerks Internet Solutions LLC)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.92 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
One Piece Pirate Warriors 3: GOLD Edition (HKLM-x32\...\One Piece Pirate Warriors 3: GOLD Edition_is1) (Version:  - )
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM-x32\...\{D5409B11-EF28-37A1-AE7A-6051A5BAD923}) (Version: 4.5.50932 - Microsoft Corporation)
Paket zur Festlegung von Zielversionen für Microsoft .NET Framework 4.5.1 RC für Windows Store-Apps (Deutsch) (x32 Version: 4.5.21005 - Microsoft Corporation) Hidden
PreEmptive Analytics Client German Language Pack (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
Python Tools Redirection Template (x32 Version: 1.1 - Microsoft Corporation) Hidden
RAR Password Recovery Magic v6.1.1.393 (HKLM-x32\...\RAR Password Recovery Magic_is1) (Version:  - Password Recovery Magic Studio Ltd.)
Rayman 3 Hoodlum Havoc Version 1.0 (HKLM-x32\...\Rayman 3 Hoodlum Havoc_is1) (Version: 1.0 - Ubisoft)
Resource Hacker Version 4.2.5 (HKLM-x32\...\ResourceHacker_is1) (Version:  - )
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
SciTE4AutoIt3 15.920.938.0 (HKLM-x32\...\SciTE4AutoIt3) (Version: 15.920.938.0 - Jos van der Zande)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
The Simpsons Hit & Run(TM) (HKLM-x32\...\{F79AAB3A-B8B4-4AC7-94AB-1C4C076C6A89}) (Version: 1.00.000 - )
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.353 - TuneUp Software) Hidden
Ultra Video Splitter 6.4.1208 (HKLM-x32\...\Ultra Video Splitter_is1) (Version:  - Aone Software)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Usenet.nl (HKLM-x32\...\Usenet.nl_is1) (Version:  - )
VirtualDJ 8 (HKLM-x32\...\{90AE6F39-3EE1-45A1-90D5-FB6C82391EDF}) (Version: 8.0.2338.0 - Atomix Productions)
VLC media player 2.0.3 (HKLM-x32\...\VLC media player) (Version: 2.0.3 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.2 - VMware, Inc)
VMware Workstation (Version: 11.1.2 - VMware, Inc.) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Workflow Manager Client 1.0 (Version: 2.0.30813.2 - Microsoft Corporation) Hidden
Workflow Manager Tools 1.0 for Visual Studio (Version: 2.0.30725.1 - Microsoft Corporation) Hidden
Zombi (HKLM-x32\...\Zombi_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, markfiter)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

18-11-2015 20:38:53 ComboFix created restore point
20-11-2015 14:45:23 Windows Update
20-11-2015 15:04:48 Microsoft Visual C++ 2005 Redistributable wird installiert
20-11-2015 15:06:20 DirectX wurde installiert
20-11-2015 15:34:08 DirectX wurde installiert
23-11-2015 00:17:23 Windows Defender Checkpoint
23-11-2015 18:00:50 Malwarebytes Anti-Rootkit Restore Point
23-11-2015 19:39:54 JRT Pre-Junkware Removal

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 03:34 - 2015-11-18 20:50 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {028CA519-011B-4015-BDE9-BD363F5EA5DC} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {127C27E8-993E-4AC2-BFBA-75C4057CCAFE} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-21] (Microsoft Corporation)
Task: {1D290CE2-8968-490C-ACA9-5CC52D603838} - System32\Tasks\{2D8ECF9C-61FD-4ACC-8CF2-FAA2A8027CDD} => C:\Users\admin\Desktop\Bifrost.exe
Task: {34249658-9DD4-487A-AE7F-6BA53E1348AC} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-05-19] (Microsoft Corporation)
Task: {51000FED-3EB2-4A64-8AC9-C09A72C2F330} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-02] (Piriform Ltd)
Task: {596D779F-F60F-4054-9D5F-E020291E3D10} - \bvxvhxvh -> Keine Datei <==== ACHTUNG
Task: {79CC19AA-C0E1-4CFA-BF19-4C4592D5F616} - System32\Tasks\{84428AE9-0A90-41D9-A9EA-B64252541EAC} => C:\Users\admin\Desktop\Neuer Ordner\Bifrost Stub Customizer v2.0.exe
Task: {807F0029-3273-4FBC-81FC-55037A44C58C} - System32\Tasks\{23620CA1-CC87-49ED-BB6E-44277012C1B0} => pcalua.exe -a "C:\ProgramData\VMware\VMware Player\Uninstaller\\uninstall.exe" -c -x -S "C:\ProgramData\VMware\VMware Player\Uninstaller\"
Task: {9B52632A-A969-40A6-B830-FDE6D3C8C80E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-05-19] (Microsoft Corporation)
Task: {A0A50D1C-ACCC-44F9-A66F-023F2D313B22} - System32\Tasks\{EDED2321-2278-4C8B-AF8E-023C0A6238E9} => pcalua.exe -a C:\Users\admin\Desktop\dd2\INSTALL.EXE -d C:\Users\admin\Desktop\dd2
Task: {A460D382-66EA-4D05-B2EE-4A3C575F6EEB} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2015-05-19] (Microsoft)
Task: {A8F7DD9B-7B2B-4046-BD9A-042487AD3470} - \csrss.exe -> Keine Datei <==== ACHTUNG
Task: {B454D397-B4BE-49A9-8CF4-BACC8DB37F25} - System32\Tasks\{7971804C-8CAA-4D0F-BCBD-664B3155E6E8} => C:\Users\admin\Desktop\Neuer Ordner\Bifrost Stub Customizer v2.0.exe
Task: {D30267F1-1475-4B1E-8E1B-66AB4100F7CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated)
Task: {D667BF88-581E-4E11-91E8-3BA8AC9118E2} - System32\Tasks\{DD797C40-69B3-4789-8E7D-61D869973BFA} => pcalua.exe -a "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010\vcredist_x86.exe" -d "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010"
Task: {DE9E383F-27C4-49C3-8DF3-E326443204F7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2015-05-19] (Microsoft Corporation)
Task: {E64C6729-054E-41F0-B244-E9C5B277279E} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2015-05-19] (Microsoft Corporation)
Task: {F8453438-A0FB-488F-9897-E8C1FCEB75B6} - System32\Tasks\{FC69F42C-6F7E-4342-A66C-6801059D8962} => pcalua.exe -a "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010\vcredist_x64.exe" -d "C:\Program Files (x86)\South Park - The Stick of Truth\_CommonRedist\vcredist\2010"

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Verknüpfungen =============================

(Die Einträge können gelistet werden, um sie zurückzusetzen oder zu entfernen.)

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-05-19 14:30 - 2015-10-13 18:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-31 06:36 - 2015-07-01 19:50 - 12732608 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2015-10-15 04:43 - 2015-10-09 16:56 - 00071680 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2015-10-19 21:00 - 2015-10-19 21:00 - 00057344 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-07-20 16:34 - 2015-07-20 16:34 - 00012288 _____ () C:\Program Files (x86)\No-IP\ducservice.exe
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\kpcengine.2.3.dll
2015-05-31 06:59 - 2015-05-31 06:59 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-05-31 06:36 - 2015-05-31 06:36 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-07-20 16:34 - 2015-07-20 16:34 - 00073728 _____ () C:\Program Files (x86)\No-IP\ducapi.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00338216 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\online_banking@kaspersky.com\nponlinebanking.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00502056 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\content_blocker@kaspersky.com\npcontentblocker.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 00608040 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com\npvkplugin.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\autoexec.bat:$CmdTcID
AlternateDataStreams: C:\vstdlib_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\splwow64.exe:$CmdTcID
AlternateDataStreams: C:\Windows\unins000.exe:$CmdTcID
AlternateDataStreams: C:\Windows\unins001.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroBackItUp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroMediaHome.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroShowTime.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNNeroVision.exe:$CmdTcID
AlternateDataStreams: C:\Windows\UNRecode.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system\msvcrt10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\plugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vb40016.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vbrun100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vbrun200.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system\vbrun300.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\appverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\basesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\browser.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\coin95itp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diagtrack.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxcap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IEUDINIT.EXE:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IKEEXT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mcupdate_GenuineIntel.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mfc100jpn.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\microsoft.windows.softwarelogo.showdesktop.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvaudcap64v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434174.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispco6434181.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434144.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434174.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\nvdispgenco6434181.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorekmts.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpcorets.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\RdpGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpudd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdpwsx.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdrmemptylst.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spoolsv.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\sysmain.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\taskhost.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TgbStarter.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tier0_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbGDCoInstaller.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\TSWbPrxy.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\uplay_r1_loader.dll:$CmdZnID
AlternateDataStreams: C:\Windows\system32\UtcResources.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vmnetbridge.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vnetinst.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsgraphicsremoteengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vsjitdebugger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\vstdlib_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID
AlternateDataStreams: C:\Windows\system32\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AiORuntimes.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\appverif.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atl71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\autoitx3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AVEQT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\AVERM.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\browcli.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cdosys.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certenc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\certutil.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cewmdm.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\clfsw32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comct232.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comct332.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comctl32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\comdlg32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\cygwin1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d2d1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3d10warp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dcsx_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_24.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_25.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_26.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_27.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_28.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_29.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_30.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_33.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_34.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_35.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_36.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_37.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_38.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_39.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_40.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_41.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_43.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dblist32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dciman32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dpnet.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxcap.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxcpl.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\fontsub.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\FWPUCLNT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IMJP10K.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\IoctlSvc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libeay32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libiconv2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libintl3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libmmd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libpng13.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libpng15.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\libssl32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\lpk.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mci32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70CHS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70CHT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70DEU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70ENU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70ESP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70FRA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70ITA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70JPN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70KOR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc70u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71CHS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71CHT.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71DEU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71ENU.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71ESP.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71FRA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71ITA.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71JPN.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71KOR.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mfc71u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomct2.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomctl.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mscomm32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msctf.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdatgrd.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdatlst.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdia100.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msflxgrd.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mshflxgd.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msinet.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmask32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\MsRdpWebAccess.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msstdfmt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msstkprp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstsc.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mstscax.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvci70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcp71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr70.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msvcr71.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\mswinsck.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml3r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\netapi32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\notepad.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nshwfp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\nvaudcap32v.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ole32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\oleaut32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\openal32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\packager.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\picclp32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\pku2u.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rastls.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdpendp_winip.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\rdvidcrl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\richtx32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scesrv.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\scrrun.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shdocvw.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ssleay32.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\synceng.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\sysinfo.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tabctl32.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tier0_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tsgqec.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\uplay_r1_loader.dll:$CmdZnID
AlternateDataStreams: C:\Windows\SysWOW64\vb40032.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vcamp140.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vmnat.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vmnetdhcp.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsgraphicsremoteengine.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vsjitdebugger.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\vstdlib_s.dll:$CmdZnID
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\win32spl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\winsta.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wksprtPS.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WMPhoto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wrap_oal.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wscript.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\wshom.ocx:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\x3daudio1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\X3DAudio1_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_10.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_8.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine2_9.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xactengine3_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_0.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_4.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_5.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_6.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_2.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\xinput1_3.dll:$CmdTcID
AlternateDataStreams: C:\Windows\SysWOW64\zlib1.dll:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dtlitescsibus.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgkrnl.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\dxgmms1.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\http.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\L1E62x64.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\nvvad64v.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\partmgr.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpvideominiport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\rdpwd.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\terminpt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\tssecsrv.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbFlt.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\TsUsbGD.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmci.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetadapter.sys:$CmdTcID
AlternateDataStreams: C:\Windows\system32\Drivers\vmnetbridge.sys:$CmdTcID
AlternateDataStreams: C:\Users\admin\Desktop\LS Crypter.suo:$CmdZnID

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-560193511-1957534509-1735208640-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-560193511-1957534509-1735208640-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\admin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)


==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{3945C57F-279A-459C-A8FE-AE5138F72912}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D4BC426F-536B-4BA2-8D3B-5207990745E7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E07A3B24-AF55-45EB-987F-28E099A44A28}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{04006571-C299-4D1F-BDDA-40FCB9484846}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [{CBE6A3C2-CF81-45CA-A87B-806229BAAC38}] => (Allow) C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe
FirewallRules: [TCP Query User{FCCD3125-2FB2-497F-A74D-CCA8149904DC}C:\users\admin\desktop\dc\darkcomet.exe] => (Allow) C:\users\admin\desktop\dc\darkcomet.exe
FirewallRules: [UDP Query User{CE4E2128-F169-42D6-8AD3-0B35FDAF1544}C:\users\admin\desktop\dc\darkcomet.exe] => (Allow) C:\users\admin\desktop\dc\darkcomet.exe
FirewallRules: [TCP Query User{D427572D-88C9-43D9-BC3B-859CE73B107A}C:\users\admin\desktop\bifrost(win7)\bifrost.exe] => (Allow) C:\users\admin\desktop\bifrost(win7)\bifrost.exe
FirewallRules: [UDP Query User{2B20F3F9-83D3-41B0-BB8E-F02BA2391FEB}C:\users\admin\desktop\bifrost(win7)\bifrost.exe] => (Allow) C:\users\admin\desktop\bifrost(win7)\bifrost.exe
FirewallRules: [{E26E7D8C-7236-43C7-A3DE-02807DD62CEB}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{89A7298D-2ED6-4E53-9FF4-9ED5615646FC}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
FirewallRules: [{9D3479CF-1495-49B0-93B9-A16A0D76F674}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [{C1AD0EC3-C8BA-468C-9DB7-BBFD317C4847}] => (Allow) C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
FirewallRules: [TCP Query User{93B58B63-40E3-4BC8-9F1E-3FD8AAEA2DF4}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [UDP Query User{64D620FC-2CCB-4565-A435-37C95559A567}C:\program files (x86)\funcom\age of conan\conanpatcher.exe] => (Allow) C:\program files (x86)\funcom\age of conan\conanpatcher.exe
FirewallRules: [TCP Query User{FCAC87B2-8FF0-424C-BF98-5BFD98DCC366}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [UDP Query User{3B2AE6C9-C6CD-4F91-A08E-B9D7C55DD86E}C:\program files (x86)\funcom\age of conan\ageofconan.exe] => (Allow) C:\program files (x86)\funcom\age of conan\ageofconan.exe
FirewallRules: [{16B94FD7-47B1-42AD-96C9-A523C6E7E6B7}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{6EDA7CA2-B5B5-4E2A-A40A-F2B6AFCB8C81}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{25B57D77-E17D-4AE1-BFCB-95D9DAAE0085}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [{BD8E7152-5240-4893-8B0E-3512E5A664D2}] => (Allow) C:\Program Files (x86)\WinSCP\WinSCP.exe
FirewallRules: [TCP Query User{3D88B679-5C8F-4D3A-AB2A-9609E5EADE4D}C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe] => (Allow) C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe
FirewallRules: [UDP Query User{BF6D2823-C955-4805-BFD3-83B6BD25B82F}C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe] => (Allow) C:\users\admin\desktop\epsxe\epsxe 1.70\epsxe.exe
FirewallRules: [{091724C2-F5CB-4C57-AEE9-1DCF8C1D7926}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{C2F61917-20C7-4335-BB7B-8B8E219DD2BC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [TCP Query User{D2F55E05-CCC3-4B7A-A813-B2B220742836}C:\users\admin\desktop\dolphin-x64\dolphin.exe] => (Block) C:\users\admin\desktop\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{5334C742-FA3B-44DC-837B-4289D2C7AEA9}C:\users\admin\desktop\dolphin-x64\dolphin.exe] => (Block) C:\users\admin\desktop\dolphin-x64\dolphin.exe
FirewallRules: [TCP Query User{7FDAA97A-89F5-4045-BBCF-A144602B47A0}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [UDP Query User{95DC43D7-389D-4224-8732-2D48DD747533}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
FirewallRules: [TCP Query User{47B4D1B5-7DA2-41DA-8458-6463B2783B17}C:\users\admin\desktop\dd\fgd.exe] => (Allow) C:\users\admin\desktop\dd\fgd.exe
FirewallRules: [UDP Query User{EBF310ED-4973-439A-A743-0F5B0E2C7F36}C:\users\admin\desktop\dd\fgd.exe] => (Allow) C:\users\admin\desktop\dd\fgd.exe
FirewallRules: [{CC1587B9-385F-4523-AC1A-3F0BB2F52764}] => (Allow) LPort=12292
FirewallRules: [{3D7CF3E4-BFCD-44C3-8241-BF893063E6F4}] => (Allow) LPort=500
FirewallRules: [{BBCDF4C6-B742-4D99-A469-16BB058E8F3D}] => (Allow) LPort=4500
FirewallRules: [TCP Query User{7F65A14A-D49F-47CD-A98E-E324E4917AD2}C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [UDP Query User{C971E4CF-8C05-4642-9A40-B6C525D71C6B}C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe] => (Allow) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{7CFB1E5C-C578-4878-A8E2-824F85661E35}] => (Block) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [{05EBE91F-D545-43CA-9375-A23D201D3F39}] => (Block) C:\users\admin\appdata\local\jdownloader 2.0\jdownloader2.exe
FirewallRules: [TCP Query User{BE6A247D-5574-4DD9-A7D9-FA77B81C2F1A}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [UDP Query User{08D366F2-35CC-40D6-92E1-5873B682B2A6}C:\program files (x86)\dolphin x86\dolphin.exe] => (Allow) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [{2031D6D0-20A4-4030-B17A-488C7ADC8631}] => (Block) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [{2B13B809-EAEE-4514-B1CD-DB12FA049830}] => (Block) C:\program files (x86)\dolphin x86\dolphin.exe
FirewallRules: [TCP Query User{01EE0383-BB73-4D8A-AEC1-12E19233912D}C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe] => (Allow) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [UDP Query User{A1A4C67A-E2F8-4954-ADE3-C7F871713059}C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe] => (Allow) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [{F0785EC4-E48D-4C61-8F81-BA76EAEE22DB}] => (Block) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [{ACABB210-169B-465F-BAED-9F9677E79DEA}] => (Block) C:\users\admin\desktop\sachen\dolphin-x64\dolphin.exe
FirewallRules: [{E121F659-2C28-4BAE-8DC3-00CDD31F2842}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{49C8A316-1A5E-4675-9BEB-A2424DE17EBB}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{FFF0ED60-708B-4575-B22C-D18C4EC7AB7C}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{5DEF9D07-1997-4E19-A611-9BF984632A3D}] => (Allow) C:\Program Files (x86)\South Park - The Stick of Truth\South Park - The Stick of Truth.exe
FirewallRules: [{B3E487E8-1B5E-44A6-9C0B-A3204EE2C8B5}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{BB6D4001-F455-427F-97EE-F5F3471D549B}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{EAF2B7F5-C225-4ACA-A0DB-2FEC13A00127}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{00612333-7E82-45C8-828D-CFC713D4AD3D}] => (Allow) C:\Users\admin\Desktop\Kaspersky AV 2015 + Activation 27-11-2017 + Update Solution [danhuk]\Setup\kav15.0.0.463en_6664.exe
FirewallRules: [{A8921F25-D264-4279-A103-3229D8FF51D7}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{DC07B1FB-902F-44B0-B92E-FB8E2228FB78}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{20F538CD-EC0B-4811-8C1E-E15981E8F642}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{91CACAFD-9A8E-422C-B480-1AA35F7F8257}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{9203F0DF-0844-47EE-BE42-B7DDC9DA9C0B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{92882AFE-9CDD-4B44-94E3-7ED1F3BD7E2E}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{CC5CF8AF-28D2-41F5-9E25-A5DCBA694736}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A5ABC8D6-E776-494D-9CF3-EE227E55DF34}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{36CDBAF8-C2B4-4A08-9D77-34B73BAD3F55}C:\users\admin\desktop\dark\darkcomet.exe] => (Allow) C:\users\admin\desktop\dark\darkcomet.exe
FirewallRules: [UDP Query User{65750116-1312-4411-9A71-18A03FD6D9EB}C:\users\admin\desktop\dark\darkcomet.exe] => (Allow) C:\users\admin\desktop\dark\darkcomet.exe
FirewallRules: [{FC058A32-D150-4E42-8D69-2A306C7FFEFA}] => (Block) C:\users\admin\desktop\dark\darkcomet.exe
FirewallRules: [{A932071C-8BA6-4BC7-8140-A66922918DC6}] => (Block) C:\users\admin\desktop\dark\darkcomet.exe
FirewallRules: [{ED47C8B6-D0D0-4D86-8B79-FC37E974AF08}] => (Allow) LPort=1604
FirewallRules: [{CE3BE198-581E-4607-8664-6959B4AF12FC}] => (Allow) LPort=1604
FirewallRules: [TCP Query User{D102616C-AD3F-4A2C-80A0-4CD7E794CD34}C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe] => (Block) C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe
FirewallRules: [UDP Query User{AE96ED5F-3768-453E-A12F-E02A632E7E20}C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe] => (Block) C:\users\admin\appdata\local\temp\rar$exa0.907\darkcomet.exe
FirewallRules: [{36EEAE6B-1CDD-43D4-AC3B-5BE1C3C1EC34}] => (Allow) LPort=80
FirewallRules: [{7ABF3F14-5D68-4255-949D-1427839B9B71}] => (Allow) LPort=81
FirewallRules: [{8C36D80B-2F6B-438A-A817-61E8355C366B}] => (Allow) LPort=443
FirewallRules: [{15012327-8DB5-46C6-9DA6-C4D42E4D7C3E}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4E469104-0230-4DB8-806E-258368362DB8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{3A55189E-651E-4DC5-B69A-CCFE1D34AFBD}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{ABDCFB25-91A1-4876-BBCD-C004172D6FE8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{C028DE05-8E8F-477A-A845-BE96C9EEE0DC}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{649ABC75-74F7-4B75-9A01-F6CB034E76A8}] => (Allow) C:\Users\admin\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1D7940A7-A7EF-45EE-843D-47A3870F5258}C:\users\admin\desktop\darkc\darkcomet.exe] => (Allow) C:\users\admin\desktop\darkc\darkcomet.exe
FirewallRules: [UDP Query User{6B32C4E5-8FC6-4635-8E0E-B7A4B406494D}C:\users\admin\desktop\darkc\darkcomet.exe] => (Allow) C:\users\admin\desktop\darkc\darkcomet.exe
FirewallRules: [{54566C4E-505E-4A10-927D-3D64D640BBE6}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{62687BA1-4F2F-4C40-8B66-C0F8162DA0A8}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{1C4F3BC6-E7AE-46B8-90DA-689045026571}] => (Allow) C:\Users\admin\Desktop\Neuer Ordner\uTorrentPortable\uTorrentPortable\App\uTorrent\uTorrent.exe
FirewallRules: [{694C4A21-0AA5-4495-B1E6-92329E786B1D}] => (Allow) C:\Users\admin\Desktop\Neuer Ordner\uTorrentPortable\uTorrentPortable\App\uTorrent\uTorrent.exe
FirewallRules: [{FECE7823-7088-4E3C-A74D-E9B7019F3438}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{9240C8A4-83ED-47E2-970E-98E6DF64C364}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D7FF9051-7DAE-4262-B7DD-31F6216EBD56}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B46B8492-8D86-4C49-8759-1988161F862C}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{B9197AB2-3A22-4780-ADDA-CD1DB7C6BA80}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BE10D23D-2F5E-4A12-A07F-5E11F65B1554}] => (Allow) C:\Users\admin\AppData\Roaming\uTorrent\uTorrent.exe

==================== Fehlerhafte Geräte im Gerätemanager =============


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (11/23/2015 08:06:21 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (11/23/2015 08:06:14 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (11/23/2015 08:06:13 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (11/23/2015 07:59:15 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (11/23/2015 07:59:07 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog

Error: (11/23/2015 07:59:06 PM) (Source: Windows Search Service) (EventID: 3006) (User: )
Description: Die Leistungsüberwachung kann für den Gatherer-Dienst nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Error: (11/23/2015 07:52:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Patch.exe, Version: 0.0.0.0, Zeitstempel: 0x564bcf14
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.19045, Zeitstempel: 0x56258f05
Ausnahmecode: 0xe0434352
Fehleroffset: 0x0000c42d
ID des fehlerhaften Prozesses: 0x1630
Startzeit der fehlerhaften Anwendung: 0xPatch.exe0
Pfad der fehlerhaften Anwendung: Patch.exe1
Pfad des fehlerhaften Moduls: Patch.exe2
Berichtskennung: Patch.exe3

Error: (11/23/2015 07:51:58 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Anwendung: Patch.exe
Frameworkversion: v4.0.30319
Beschreibung: Der Prozess wurde aufgrund einer unbehandelten Ausnahme beendet.
Ausnahmeinformationen: System.TypeInitializationException
Stapel:
   bei leer.DriveFactory.CopyForm(System.String, System.String, Byte[], Boolean)
   bei leer.BookmarkStream.PrintEditor()
   bei System.Threading.ThreadHelper.ThreadStart_Context(System.Object)
   bei System.Threading.ExecutionContext.RunInternal(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object, Boolean)
   bei System.Threading.ExecutionContext.Run(System.Threading.ExecutionContext, System.Threading.ContextCallback, System.Object)
   bei System.Threading.ThreadHelper.ThreadStart()

Error: (11/23/2015 07:35:24 PM) (Source: Windows Search Service) (EventID: 10021) (User: )
Description: Die Registrierungsinformationen der Leistungsindikatoren für WSearchIdxPi für die Instanz   konnten wegen des folgenden Fehlers nicht abgerufen werden: Der Vorgang wurde erfolgreich beendet.   0x0.

Error: (11/23/2015 07:35:18 PM) (Source: Windows Search Service) (EventID: 3007) (User: )
Description: Die Leistungsüberwachung für den Gatherer-Dienst kann nicht initialisiert werden, da die Datenquellen nicht geladen sind oder das freigegebene Speicherobjekt nicht geöffnet werden konnte. Dies beeinträchtigt lediglich die Verfügbarkeit der Leistungsindikatoren. Starten Sie den Computer erneut.

Kontext:  Anwendung, SystemIndex Katalog


Systemfehler:
=============
Error: (11/23/2015 08:04:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware Workstation Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/23/2015 07:57:41 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "VMware Workstation Server" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (11/23/2015 07:57:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde mit folgendem Fehler beendet: 
%%5

Error: (11/23/2015 07:40:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Streamer Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/23/2015 07:40:24 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (11/23/2015 07:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/23/2015 07:33:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WSearch" konnte sich nicht als "NT AUTHORITY\SYSTEM" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/23/2015 07:33:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1069

Error: (11/23/2015 07:33:56 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WMPNetworkSvc" konnte sich nicht als "NT AUTHORITY\NetworkService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: 
%%50

Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).

Error: (11/23/2015 07:33:28 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.


CodeIntegrity:
===================================
  Date: 2015-11-18 20:49:53.977
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2015-11-18 20:49:53.930
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Speicherinformationen =========================== 

Prozessor: Intel(R) Core(TM)2 CPU 6600 @ 2.40GHz
Prozentuale Nutzung des RAM: 61%
Installierter physikalischer RAM: 3071.12 MB
Verfügbarer physikalischer RAM: 1184.86 MB
Summe virtueller Speicher: 6440.44 MB
Verfügbarer virtueller Speicher: 4195.23 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:689.42 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 3941A79A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================
         

Alt 24.11.2015, 21:22   #12
schrauber
/// the machine
/// TB-Ausbilder
 

komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.11.2015, 23:51   #13
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



ich mache die scanns morgen oder übermorgen , wollt mich nur mal melden bevor ich aus dem abo genommen werde hab zur zeit viel um die ohren.

mfg,

Alt 29.11.2015, 06:03   #14
schrauber
/// the machine
/// TB-Ausbilder
 

komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



ok.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.11.2015, 19:38   #15
ottojack
 
komische prozesse,bin ich infiziert? - Standard

komische prozesse,bin ich infiziert?



hi,
ich kann mit dem eset online scanner keine singnaturendaten herunterladen also es updaten.
da steht immer sowas wie:

Updates gehen nicht runterzuladen,wird ein proxy verwendet?

mein internet ist auch ganz lahm.was mache ich den jetzt?

Antwort

Themen zu komische prozesse,bin ich infiziert?
backdoor.darkcomet.trace, backdoor.daromec, bestimmte, bestimmten, bin ich infiziert, cyberghost, diverse, dnsapi.dll, festplatte, gefährlich, google, immernoch, infiziert, kaspersky total security, komische, logfile, neustart, platte, prozess, prozesse, rundll, rundll32.exe, scanner, taskmanager, virtool.vbbind, windows, ähnliches



Ähnliche Themen: komische prozesse,bin ich infiziert?


  1. Komische Prozesse im Task Manager
    Mülltonne - 09.06.2013 (0)
  2. Facebook-Virus als Bildschirmschoner getarnt. Komische Prozesse FA2.exe, 89FAC.exe
    Log-Analyse und Auswertung - 08.11.2011 (15)
  3. System infiziert. USB-Stick und Datensicherung auch infiziert?
    Plagegeister aller Art und deren Bekämpfung - 05.07.2011 (2)
  4. Komische Prozesse in Task-Manager
    Plagegeister aller Art und deren Bekämpfung - 24.03.2011 (12)
  5. Nach ausführen einer .exe, komische Prozesse am laufen
    Log-Analyse und Auswertung - 08.04.2010 (37)
  6. Infiziert oder nicht? Komische Verbindungen
    Plagegeister aller Art und deren Bekämpfung - 24.04.2009 (4)
  7. brauche Hilfe/PC suckt/ komische Prozesse
    Log-Analyse und Auswertung - 15.04.2009 (3)
  8. Komische Vorgänge....
    Mülltonne - 03.11.2008 (8)
  9. Komische Exe?
    Log-Analyse und Auswertung - 28.07.2008 (2)
  10. Bitte Auswertung von nem HJT-Logfile! Merkwürdige Toolbar, komische Prozesse etc.
    Log-Analyse und Auswertung - 24.02.2008 (1)
  11. keine systemwiederherstellung + komische prozesse
    Log-Analyse und Auswertung - 09.08.2007 (5)
  12. komische links bei icq und komische email was ist das??
    Plagegeister aller Art und deren Bekämpfung - 09.05.2007 (3)
  13. Prozesse über prozesse
    Log-Analyse und Auswertung - 15.11.2005 (2)
  14. Komische Prozesse?!?
    Plagegeister aller Art und deren Bekämpfung - 27.04.2005 (32)
  15. Komische E-Mail
    Plagegeister aller Art und deren Bekämpfung - 17.10.2004 (9)
  16. Komische Prozesse im Taskmanager- Virus?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2004 (2)
  17. Win 2k Prozesse
    Alles rund um Windows - 04.01.2004 (0)

Zum Thema komische prozesse,bin ich infiziert? - hi, bei meinem pc läuft alles gut,soweit so gut. aber in meinem taskmanager ist der prozess "plugin-container.exe" 4 mal drinen. wenn ich die alle beende passiert auch nix aber sie - komische prozesse,bin ich infiziert?...
Archiv
Du betrachtest: komische prozesse,bin ich infiziert? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.