Malwarebytes meldet Warnung bei Browsernutzung (...\windows\systemWOW64\svchost.exe) - VIREN?

DasPiano · 22.01.2017, 19:06

Ich habe dummerweise etwas heruntergeladen, wollte es installieren und habe nun das Problem, das in meinen Browsern (Firefox, Opera) google nicht richtig funktioniert und bei klicken auf links ständig besorgniserregende Pop-Ups erscheinen. habe nund Malwarebytes installiert und es werden entsprechend Fehlermeldungen gezeigt.
Ich habe eine Commodo-Suite zum Shutz gegen Viren installiert und so - aber die meldet sich leider gar nicht.
Bitte helft mir!

burningice · 22.01.2017, 19:16

Mein Name ist Rafael und ich werde dir bei der Bereinigung helfen.

Damit ich dir optimal helfen kann, halte dich bitte an folgende Regeln:

Bitte lies meine Posts komplett durch bevor du sie abarbeitest
Wenn ein Problem auftauchen sollte oder dir etwas unklar ist, unterbreche deine Arbeit und beschreibe es so genau wie möglich.
Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus
Bitte antworte innerhalb von 24h um eine sinnvolle Bereinigung zu ermöglichen
Poste die Logs immer in CODE-Tags (#-Button), zur Not die Logs einfach aufteilen
Wichtig: Nur weil dein Problem mit einem Schritt plötzlich behoben ist, bedeutet das nicht, dass dein PC auch sauber ist. Mache solange weiter, bis ich dir sage, dass dein PC "clean" ist
Wir machen unsere Arbeit freiwillig und ehrenamtlich neben unserer normalen Beschäftigung im Leben. Dennoch, wenn ich dir nicht binnen 36h antworte, sende mir bitte eine persönliche Nachricht!

Los geht's

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

DasPiano · 22.01.2017, 19:43

Hallo Rafael,
ich freue mich sehr über deine schnelle Antwort. Vielen Dank!!!
Es geht los...

Code:

ATTFilter

Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version: 22-01-2017
durchgeführt von Björn (Administrator) auf MUSIC-PC (22-01-2017 19:35:12)
Gestartet von C:\Users\Björn\Downloads
Geladene Profile: Björn (Verfügbare Profile: Björn)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 8 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(AMD) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
() C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
(DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Digital Wave Ltd.) C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
() C:\Windows\SysWOW64\WinMsgBalloonServer.exe
() C:\Windows\SysWOW64\WinMsgBalloonClient.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
() C:\Program Files (x86)\GTFAVENUE Updater\GTFAVENUE Updater.exe
(Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\Björn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\wtoolex\wpsupdatesvr.exe

==================== Registry (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-08-02] (COMODO)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1610936 2016-08-02] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-18] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2017-01-15] (Malwarebytes)
HKLM-x32\...\Run: [MyMemory] => C:\Program Files (x86)\MyMemory\MyMemory.exe [7572480 2016-12-22] (TODO: <Company name>) <===== ACHTUNG
HKLM-x32\...\Run: [AppTrailers] => C:\Users\Björn\AppData\Roaming\AppTrailers\AppTrailers.exe su <===== ACHTUNG
HKLM-x32\...\Run: [DailyBee] => C:\Users\Björn\AppData\Roaming\DailyBee\DailyBee.exe su <===== ACHTUNG
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DPower\DiskPower.exe [210432 2016-07-21] () <===== ACHTUNG
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [26287016 2017-01-13] (Dropbox, Inc.)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [tsiVideo] => C:\Windows\SysWOW64\rundll32.exe C:\Users\BJRN~1\AppData\Local\Temp\mdi064.dll,fjasdfn <===== ACHTUNG
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [msiql] => C:\Users\Björn\AppData\Local\Temp\00006211\msiql.exe /RUNNING <===== ACHTUNG
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [520UOPK0K2] => "C:\Program Files\5MCCT0C8FH\KHQ37XO8E.exe"
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [D0Z1M4QDGR] => C:\Program Files (x86)\DPower\C3EY2HFBJH.exe [380416 2017-01-13] () <===== ACHTUNG
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-12-18] (Apple Inc.)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-12-18] (Apple Inc.)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818712 2016-11-14] (Google)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [Spotify Web Helper] => C:\Users\Björn\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1444976 2017-01-07] (Spotify Ltd)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [Amazon Music] => C:\Users\Björn\AppData\Local\Amazon Music\Amazon Music Helper.exe [3494376 2016-12-14] ()
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Run: [MSConfig] => C:\Users\Björn\oklghvki.exe [32423936 2017-01-22] (Canon)
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\MountPoints2: {002b75fa-58c0-11e6-b64e-3085a9b2fbed} - G:\Autorun.exe
HKU\S-1-5-18\...\Run: [] => 0
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-10-12] (Google)
ShellIconOverlayIdentifiers: [ 1OXShellIconError] -> {42C0113A-BC69-4D4B-A14E-54BA41CEAE57} => C:\Users\Björn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll [2016-10-04] ()
ShellIconOverlayIdentifiers: [ 1OXShellIconInProgress] -> {8D407DD6-3BE7-4710-B9D7-5D4BB4180C9D} => C:\Users\Björn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll [2016-10-04] ()
ShellIconOverlayIdentifiers: [ 1OXShellIconSynchronized] -> {34249083-9061-4B99-BF99-DB2E50F2EF43} => C:\Users\Björn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll [2016-10-04] ()
ShellIconOverlayIdentifiers: [ _OXShellIconError] -> {42C0113A-BC69-4D4B-A14E-54BA41CEAE57} => C:\Users\Björn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll [2016-10-04] ()
ShellIconOverlayIdentifiers: [ _OXShellIconInProgress] -> {8D407DD6-3BE7-4710-B9D7-5D4BB4180C9D} => C:\Users\Björn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll [2016-10-04] ()
ShellIconOverlayIdentifiers: [ _OXShellIconSynchronized] -> {34249083-9061-4B99-BF99-DB2E50F2EF43} => C:\Users\Björn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll [2016-10-04] ()
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Björn\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Björn\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Björn\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [0OpenDrive_ShellOverlayIcon] -> {3268FFAC-39F2-4058-BE09-7396DB121F4A} => C:\Program Files\OpenDrive\OpenDrive.dll [2016-05-26] (OpenDrive Inc.)
ShellIconOverlayIdentifiers: [0OpenDrive_ShellOverlayIconSyncing] -> {D50AFE3E-88FF-41DA-94F1-1814381BD56F} => C:\Program Files\OpenDrive\OpenDrive.dll [2016-05-26] (OpenDrive Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.8.0.dll [2017-01-06] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Björn\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Björn\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Björn\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [0OpenDrive_ShellOverlayIcon] -> {3268FFAC-39F2-4058-BE09-7396DB121F4A} => C:\Program Files\OpenDrive\bin32\OpenDrive.dll [2016-05-26] (OpenDrive Inc.)
ShellIconOverlayIdentifiers-x32: [0OpenDrive_ShellOverlayIconSyncing] -> {D50AFE3E-88FF-41DA-94F1-1814381BD56F} => C:\Program Files\OpenDrive\bin32\OpenDrive.dll [2016-05-26] (OpenDrive Inc.)
GroupPolicy: Beschränkung - Windows Defender <======= ACHTUNG

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Hosts: Hosts Datei wurde nicht im Standardordner gefunden
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6802CC79-77FA-41B0-9516-1405C844A3C3}: [NameServer] 156.154.70.25,156.154.71.25
Tcpip\..\Interfaces\{6802CC79-77FA-41B0-9516-1405C844A3C3}: [DhcpNameServer] 192.168.1.1

FRST.txt FORTSETZUNG:

Code:

ATTFilter

Internet Explorer:
==================
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-4f379b0a
HKU\S-1-5-21-427701803-4022602832-2190140502-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4f379b0a&q={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4f379b0a&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-427701803-4022602832-2190140502-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4f379b0a&q={searchTerms}
SearchScopes: HKU\S-1-5-21-427701803-4022602832-2190140502-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-4f379b0a&q={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Kein Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> Keine Datei
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation)
BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll [2014-09-19] (DVDVideoSoft Ltd.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2008-09-15] (Safer Networking Limited)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-29] (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-29] (Oracle Corporation)
Toolbar: HKLM - Kein Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  Keine Datei
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2015-12-10] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2015-12-10] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 941csvp7.default
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default [2017-01-22]
FF Homepage: Mozilla\Firefox\Profiles\941csvp7.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
FF NewTab: Mozilla\Firefox\Profiles\941csvp7.default -> hxxp://www-searching.com/?site=shyosffdefault&prd=set_ff&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
FF Extension: (MEGA) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\firefox@mega.co.nz.xpi [2017-01-21]
FF Extension: (Clip to OneNote (Legacy Edition)) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\jid0-e0l1gzjOmbUL1N6n3j8dBSBMcGE@jetpack.xpi [2016-04-30]
FF Extension: (SoundCloud MP3 Downloader) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\jid1-hnmMaq1milpehc6uI@jetpack.xpi [2016-12-06]
FF Extension: (Print Edit) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\printedit@DW-dev.xpi [2016-12-22]
FF Extension: (Video DownloadHelper) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-12-30]
FF Extension: (DownThemAll!) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2016-09-29]
FF Extension: (Buy Wizard) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\@buywizard.xpi [2016-08-16]
FF Extension: (Cliqz) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\cliqz@cliqz.com.xpi [2016-12-23]
FF Extension: (Firefox Hotfix) - C:\Users\Björn\AppData\Roaming\Mozilla\Firefox\Profiles\941csvp7.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-12-23]
FF ProfilePath: C:\Users\Björn\AppData\Roaming\Comodo\IceDragon\Profiles\wtuu739g.default [2017-01-14]
FF DefaultSearchEngine: Comodo\IceDragon\Profiles\wtuu739g.default -> Yahoo
FF Homepage: Comodo\IceDragon\Profiles\wtuu739g.default -> about:home
FF Keyword.URL: Comodo\IceDragon\Profiles\wtuu739g.default -> 
FF Extension: (DownloadHelper) - C:\Users\Björn\AppData\Roaming\Comodo\IceDragon\Profiles\wtuu739g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2016-11-13]
FF HKLM-x32\...\Firefox\Extensions: [pdf_architect_3_conv@pdfarchitect.org] - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension
FF Extension: (PDF Architect 3 Creator) - C:\Program Files (x86)\PDF Architect 3\resources\pdfarchitect3firefoxextension [2015-12-22] [ist nicht signiert]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-28] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [Keine Datei]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-28] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-29] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-29] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-19] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: PDF Architect 3 -> C:\Program Files (x86)\PDF Architect 3\np-previewer.dll [2015-09-17] (pdfforge GmbH)
FF Plugin HKU\S-1-5-21-427701803-4022602832-2190140502-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Björn\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-09-22] (Citrix Online)
FF Plugin HKU\S-1-5-21-427701803-4022602832-2190140502-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Björn\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-19] (Microsoft Corporation)

Chrome: 
=======
CHR DefaultProfile: Default
CHR StartupUrls: Default -> "chrome://apps/","hxxp://www.bing.com/search?FORM=INCOH1&PC=IC03&PTAG=ICO-4f379b0a"
CHR HKLM-x32\...\Chrome\Extension: [lolcfbnmeefgkgpjakmncdglnehmimod] - hxxps://clients2.google.com/service/update2/crx

Opera: 
=======
OPR Extension: (Evernote Web Clipper) - C:\Users\Björn\AppData\Roaming\Opera Software\Opera Stable\Extensions\afgbccjghcnbcdjgogpckamibfkceahd [2016-11-16]
OPR Extension: (FVD Video Downloader) - C:\Users\Björn\AppData\Roaming\Opera Software\Opera Stable\Extensions\neacgcjokggofibnbfapeaejhclmpple [2017-01-22]

==================== Dienste (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

"BFE" => Dienst konnte nicht entsperrt werden. <===== ACHTUNG

U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5817256 2016-08-02] (COMODO)
U2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-28] (Advanced Micro Devices, Inc.) [Datei ist nicht signiert]
U2 AMD_RAIDXpert; C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [122880 2009-09-19] (AMD) [Datei ist nicht signiert]
U2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-11-06] (Apple Inc.)
U2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2271928 2016-08-02] (COMODO)
U2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [189776 2016-09-20] (DATA BECKER GmbH & Co KG)
U4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
U4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-19] (Dropbox, Inc.)
U2 DbxSvc; C:\Windows\system32\DbxSvc.exe [51504 2017-01-13] (Dropbox, Inc.)
U2 DigitalWave.Update.Service; C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [440808 2016-12-23] (Digital Wave Ltd.)
U3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-12-12] (Microsoft Corporation) [Datei ist nicht signiert]
U2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2017-01-15] (Malwarebytes)
U2 MSSQL$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2016-05-22] (Microsoft Corporation) [Datei ist nicht signiert]
U3 MSSQLServerADHelper; C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2016-05-22] (Microsoft Corporation) [Datei ist nicht signiert]
U4 PDF Architect 3; C:\Program Files (x86)\PDF Architect 3\ws.exe [2244832 2015-09-17] (pdfforge GmbH)
U4 PDF Architect 3 CrashHandler; C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe [964832 2015-09-17] (pdfforge GmbH)
U4 PDF Architect 3 Creator; C:\Program Files (x86)\PDF Architect 3\creator-ws.exe [767712 2015-09-17] (pdfforge GmbH)
U2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [810320 2017-01-22] (Safer Networking Ltd.)
U3 SQLAgent$SONY_MEDIAMGR; C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2016-05-22] (Microsoft Corporation) [Datei ist nicht signiert]
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2015-12-13] (Microsoft Corporation) [Datei ist nicht signiert]
U2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
U3 wpscloudsvr; C:\Users\Björn\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe [173824 2017-01-08] (Zhuhai Kingsoft Office Software Co.,Ltd)

===================== Treiber (Nicht auf der Ausnahmeliste) ======================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
U1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [37976 2015-10-23] (Windows (R) Win 7 DDK provider) [Datei ist nicht signiert]
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [31648 2016-07-10] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [829600 2016-07-10] (COMODO)
U1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [56472 2016-07-10] (COMODO)
U1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2016-03-13] (Disc Soft Ltd)
U1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2017-01-15] ()
U1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [116248 2016-07-10] (COMODO)
U2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [176064 2017-01-15] (Malwarebytes)
U3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2017-01-22] (Malwarebytes)
U3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2017-01-22] (Malwarebytes)
U0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [250816 2017-01-22] (Malwarebytes)
U3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2017-01-22] (Malwarebytes)
U3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
U2 OpenDrive_minifilter; C:\Program Files\OpenDrive\odminifilter.sys [32000 2016-01-11] (Windows (R) Win 7 DDK provider)
U3 pae_1394; C:\Windows\System32\Drivers\pae_1394_x64.sys [196992 2010-02-03] (Archwave AG)
U3 pae_avs; C:\Windows\System32\Drivers\pae_avs_x64.sys [72576 2010-02-03] (Archwave AG)
U3 synusb64; C:\Windows\System32\DRIVERS\synusb64.sys [30352 2011-12-14] (Steinberg Media Technologies GmbH)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U5 BFE;  <===== ACHTUNG: Gesperrter Dienst
U3 dbx; system32\DRIVERS\dbx.sys [X]

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-22 19:29 - 2017-01-22 19:33 - 00101388 _____ C:\Users\Björn\Downloads\Addition.txt
2017-01-22 19:27 - 2017-01-22 19:35 - 00030436 _____ C:\Users\Björn\Downloads\FRST.txt
2017-01-22 19:25 - 2017-01-22 19:35 - 00000000 ____D C:\FRST
2017-01-22 19:23 - 2017-01-22 19:23 - 02420736 _____ (Farbar) C:\Users\Björn\Downloads\FRST64.exe
2017-01-22 19:03 - 2017-01-22 19:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-01-22 18:59 - 2017-01-22 19:10 - 00000000 ____D C:\Users\Björn\Desktop\mbar
2017-01-22 18:43 - 2017-01-22 18:45 - 00001984 _____ C:\DelFix.txt
2017-01-22 18:43 - 2017-01-22 18:43 - 00000000 ___SD C:\ComboFix
2017-01-22 18:43 - 2017-01-22 18:43 - 00000000 ____D C:\Windows\ERUNT
2017-01-22 18:39 - 2017-01-22 18:39 - 00000000 ____D C:\Windows\erdnt
2017-01-22 18:03 - 2017-01-22 18:03 - 00000000 ___HD C:\OneDriveTemp
2017-01-22 16:47 - 2017-01-22 16:47 - 32423936 ____H (Canon) C:\Users\Björn\oklghvki.exe
2017-01-22 13:27 - 2017-01-22 13:14 - 00003867 ____R C:\Windows\system32\Drivers\etc\hosts.20170122-132748.backup
2017-01-22 13:14 - 2017-01-13 23:27 - 00003722 _____ C:\Windows\system32\Drivers\etc\hosts.20170122-131447.backup
2017-01-22 01:48 - 2017-01-22 01:48 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Best Service Artist Drums
2017-01-22 01:48 - 2017-01-22 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Best Service Artist Drums
2017-01-22 01:16 - 2017-01-22 17:53 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2017-01-22 01:16 - 2017-01-22 01:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
2017-01-22 00:59 - 2017-01-22 00:59 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2017-01-22 00:59 - 2017-01-22 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments FM7
2017-01-22 00:59 - 2001-04-26 18:49 - 00995383 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.002
2017-01-22 00:59 - 2001-04-26 18:49 - 00401462 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.000
2017-01-22 00:59 - 2001-04-26 18:49 - 00278581 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.003
2017-01-22 00:59 - 2001-04-26 18:49 - 00077878 _____ (Microsoft Corporation) C:\Windows\SysWOW64\temp.001
2017-01-15 20:48 - 2017-01-15 20:48 - 00000000 ____D C:\Users\Björn\AppData\Local\ESET
2017-01-15 20:45 - 2017-01-15 20:45 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-01-15 20:44 - 2017-01-22 19:03 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-01-15 20:44 - 2017-01-22 17:55 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-01-15 20:44 - 2017-01-22 17:55 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-01-15 20:44 - 2017-01-22 17:55 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-01-15 20:44 - 2017-01-22 17:55 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-01-15 20:44 - 2017-01-15 20:44 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-01-15 20:44 - 2017-01-15 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-01-15 20:44 - 2017-01-15 20:44 - 00000000 ____D C:\Program Files\Malwarebytes
2017-01-15 20:43 - 2017-01-15 20:43 - 06776960 _____ (ESET spol. s r.o.) C:\Users\Björn\Downloads\ESETOnlineScanner_DEU.exe
2017-01-15 20:42 - 2017-01-15 20:43 - 54199488 _____ (Malwarebytes ) C:\Users\Björn\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2017-01-15 19:39 - 2017-01-15 19:39 - 00000306 __RSH C:\Users\Björn\ntuser.pol
2017-01-13 23:39 - 2017-01-13 23:39 - 00000000 ____D C:\Users\Björn\AppData\Local\Meltytech
2017-01-13 23:37 - 2017-01-13 23:37 - 00000000 ____D C:\Program Files (x86)\OtherSearch
2017-01-13 23:29 - 2017-01-13 23:31 - 00000000 ____D C:\Users\Björn\AppData\Local\app
2017-01-13 23:29 - 2017-01-13 23:29 - 00001670 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shotcut.lnk
2017-01-13 23:27 - 2017-01-22 19:25 - 00000000 ____D C:\Program Files\PGJI1B91QZ
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Windows\SysWOW64\sstmp
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Windows\system32\sstmp
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Program Files\SULLKZKAMA
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Program Files\SDO6FMCT8C
2017-01-13 23:25 - 2017-01-15 19:38 - 00000000 ____D C:\Program Files (x86)\ScreenShared
2017-01-13 23:25 - 2017-01-13 23:29 - 00000000 ____D C:\Program Files\Shotcut
2017-01-13 23:25 - 2017-01-13 23:25 - 00327749 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\drvc.dll
2017-01-13 23:25 - 2017-01-13 23:25 - 00278528 _____ (Real Networks, Inc) C:\Windows\SysWOW64\pncrt.dll
2017-01-13 23:25 - 2017-01-13 23:25 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Olepau32.ax
2017-01-13 23:25 - 2017-01-13 23:25 - 00001086 _____ C:\Users\Björn\Desktop\Play Warframe.lnk
2017-01-13 23:25 - 2017-01-13 23:25 - 00000000 ____D C:\ProgramData\vCore
2017-01-13 23:25 - 2017-01-13 23:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
2017-01-13 23:25 - 2017-01-13 23:25 - 00000000 ____D C:\Program Files\SYFNUMAUQ0
2017-01-13 23:25 - 2017-01-13 23:25 - 00000000 ____D C:\Program Files (x86)\eRightSoft
2017-01-13 23:25 - 2014-03-07 12:03 - 03109520 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avcodec-lav-55.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00550032 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avformat-lav-55.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00313520 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\HLvideo.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00293888 __RSH C:\Windows\SysWOW64\avcodec-lav-1321.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00203408 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\HLsplit.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00181392 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avutil-lav-52.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00166544 __RSH (Intel Corp.) C:\Windows\SysWOW64\IntelQuickSyncDecoder.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00122512 __RSH (1f0.de - Hendrik Leppkes) C:\Windows\SysWOW64\HLaudio.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00118416 __RSH (FFmpeg Project) C:\Windows\SysWOW64\swscale-lav-2.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00109712 __RSH C:\Windows\SysWOW64\libbluray.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00098960 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avfilter-lav-4.dll
2017-01-13 23:25 - 2014-03-07 12:03 - 00059536 __RSH (FFmpeg Project) C:\Windows\SysWOW64\avresample-lav-1.dll
2017-01-13 23:25 - 2014-01-31 17:20 - 00000493 __RSH C:\Windows\SysWOW64\LAVFilters.Dependencies.manifest
2017-01-13 23:25 - 2012-10-05 20:54 - 00188416 __RSH C:\Windows\SysWOW64\winDCE32.dll
2017-01-13 23:25 - 2011-06-14 21:05 - 00121344 __RSH C:\Windows\SysWOW64\TAKDSDecoder.ax
2017-01-13 23:25 - 2011-02-11 11:26 - 00112128 __RSH C:\Windows\SysWOW64\OptimFROG.dll
2017-01-13 23:25 - 2010-01-07 01:00 - 00107520 __RSH C:\Windows\SysWOW64\TAKDSDecoder.dll
2017-01-13 23:25 - 2009-08-11 00:00 - 00352768 __RSH C:\Windows\SysWOW64\ac3DX.ax
2017-01-13 23:25 - 2005-02-22 18:55 - 00081920 __RSH C:\Windows\SysWOW64\aac_parser.ax
2017-01-13 23:25 - 2004-04-27 17:03 - 00017408 __RSH (RadLight) C:\Windows\SysWOW64\RLOFRDec.ax
2017-01-13 23:21 - 2017-01-13 23:22 - 73511992 _____ (Lightworks) C:\Users\Björn\Downloads\lightworks_v12.6.0_full_64bit_setup.exe
2017-01-13 23:20 - 2017-01-13 23:22 - 192177856 _____ C:\Users\Björn\Downloads\shotcut-win64-170102.exe
2017-01-13 23:00 - 2017-01-13 23:01 - 00000000 ____D C:\Users\Björn\AppData\Local\AppTrailers
2017-01-13 23:00 - 2017-01-13 23:00 - 00000474 _____ C:\Windows\Tasks\SMW_UpdateTask_Time_313338343937303331332d5537375a346c2d3232345b41.job
2017-01-13 22:59 - 2017-01-13 23:48 - 00000000 ____D C:\Program Files (x86)\DPower
2017-01-13 22:59 - 2017-01-13 23:01 - 00000000 ____D C:\Program Files\a827113df533e34b4200e7ced6f9ebc8
2017-01-13 22:59 - 2017-01-13 22:59 - 00439808 _____ C:\ProgramData\smp2.exe
2017-01-13 22:59 - 2017-01-13 22:59 - 00364303 _____ (zdengine) C:\Windows\system32\zdengine64.dll
2017-01-13 22:59 - 2017-01-13 22:59 - 00001627 _____ C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-01-13 22:59 - 2017-01-13 22:59 - 00001593 _____ C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-01-13 22:59 - 2017-01-13 22:59 - 00001343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2017-01-13 22:59 - 2017-01-13 22:59 - 00000474 _____ C:\Windows\Tasks\SMW_P.job
2017-01-13 22:59 - 2017-01-13 22:59 - 00000000 ____D C:\Windows\system32\SSL
2017-01-13 22:59 - 2017-01-13 22:59 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DailyBee
2017-01-13 22:59 - 2017-01-13 22:59 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AppTrailers
2017-01-13 22:59 - 2017-01-13 22:59 - 00000000 ____D C:\ProgramData\SearchModule
2017-01-13 22:59 - 2017-01-13 22:59 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2017-01-13 22:59 - 2017-01-13 22:59 - 00000000 ____D C:\Program Files (x86)\BestCleaner
2017-01-13 22:58 - 2017-01-13 22:58 - 00001837 _____ C:\Users\Björn\Desktop\MyMemory.lnk
2017-01-13 22:58 - 2017-01-13 22:58 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Note-UP
2017-01-13 22:58 - 2017-01-13 22:58 - 00000000 ____D C:\Users\Björn\AppData\Local\MAGIX
2017-01-13 22:58 - 2017-01-13 22:58 - 00000000 ____D C:\Program Files (x86)\MyMemory
2017-01-13 22:57 - 2017-01-13 22:58 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Microleaves
2017-01-13 22:57 - 2017-01-13 22:58 - 00000000 ____D C:\Program Files (x86)\GTFAVENUE Updater
2017-01-13 22:57 - 2017-01-13 22:57 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2017-01-13 22:57 - 2017-01-13 22:57 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-01-13 22:57 - 2017-01-13 22:57 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-01-13 22:57 - 2017-01-13 22:57 - 00000000 ____D C:\Program Files (x86)\GTFAVENUE
2017-01-13 22:56 - 2017-01-13 22:56 - 00000000 ____D C:\Users\Björn\AppData\Roaming\tlerauic
2017-01-13 22:56 - 2017-01-13 22:56 - 00000000 ____D C:\Program Files (x86)\Buy Wizard
2017-01-13 21:36 - 2017-01-13 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-01-12 19:19 - 2017-01-12 19:19 - 00095048 _____ (XDLDYU) C:\Windows\system32\Drivers\dfaf938d4ef08a36238ffc44251cd7d1.sys
2017-01-11 20:28 - 2017-01-11 20:28 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-01-11 20:28 - 2017-01-11 20:28 - 00261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-01-11 20:28 - 2017-01-11 20:28 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-01-11 20:28 - 2017-01-11 20:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-01-11 20:28 - 2017-01-11 20:28 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-01-11 20:28 - 2017-01-11 20:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-01-11 20:28 - 2017-01-11 20:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2017-01-11 20:28 - 2017-01-11 20:28 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-01-11 20:28 - 2017-01-11 20:28 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-01-11 20:28 - 2017-01-11 20:28 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2017-01-08 00:45 - 2017-01-21 21:39 - 00003370 _____ C:\Windows\System32\Tasks\WpsUpdateTask_Björn
2017-01-08 00:45 - 2017-01-08 00:45 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WPS Office
2017-01-08 00:44 - 2017-01-15 19:39 - 00000706 _____ C:\Windows\Tasks\WpsKtpcntrQingTask_Björn.job
2017-01-08 00:44 - 2017-01-13 23:33 - 00003624 _____ C:\Windows\System32\Tasks\WpsKtpcntrQingTask_Björn
2017-01-08 00:13 - 2017-01-08 00:13 - 74846552 _____ (Kingsoft Corp. Ltd.) C:\Users\Björn\Downloads\wps_office_free_10.2.0.5811.exe
2017-01-07 23:44 - 2017-01-07 23:44 - 89151616 _____ (Kingsoft Corp. Ltd.) C:\Users\Björn\Downloads\wps_office_free_10.1.0.5795.exe
2017-01-06 01:04 - 2017-01-13 21:34 - 00051504 _____ (Dropbox, Inc.) C:\Windows\system32\DbxSvc.exe
2017-01-06 00:48 - 2017-01-13 21:36 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-stable.sys
2017-01-06 00:48 - 2017-01-13 21:36 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-dev.sys
2017-01-06 00:48 - 2017-01-13 21:36 - 00075888 _____ (Dropbox, Inc.) C:\Windows\system32\Drivers\dbx-canary.sys
2017-01-04 21:44 - 2017-01-04 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pistonsoft BPM Detector
2017-01-04 21:44 - 2017-01-04 21:44 - 00000000 ____D C:\Program Files (x86)\Pistonsoft BPM Detector
2016-12-31 01:26 - 2016-12-31 01:26 - 00000000 ____D C:\ProgramData\DigitalWave.ApplicationUpdater_files
2016-12-24 00:48 - 2016-12-24 00:48 - 00067374 _____ C:\Users\Björn\Desktop\Hammerich-Gesunde-Schuhe-in-Wismar.jpg
2016-12-23 23:20 - 2016-12-23 23:20 - 00225102 _____ C:\Users\Björn\Desktop\Bild-1.jpg
2016-12-23 23:10 - 2016-12-23 23:10 - 00007693 _____ C:\Users\Björn\Desktop\christmasstar12.jpg
2016-12-23 23:09 - 2006-10-31 00:10 - 00120992 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EpPicPrt.dll
2016-12-23 23:09 - 2006-10-31 00:10 - 00071840 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\EPPicMgr.dll
2016-12-23 23:09 - 2006-10-31 00:10 - 00000097 _____ C:\Windows\SysWOW64\PICSDK.ini
2016-12-23 23:09 - 2006-10-20 00:10 - 00501912 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK2.dll
2016-12-23 23:09 - 2006-10-20 00:10 - 00108704 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICEntry.dll
2016-12-23 23:09 - 2006-10-20 00:10 - 00080024 _____ (SEIKO EPSON CORPORATION) C:\Windows\SysWOW64\PICSDK.dll
2016-12-23 23:09 - 2005-06-01 00:20 - 00111932 _____ C:\Windows\SysWOW64\EPPICPrinterDB.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00031053 _____ C:\Windows\SysWOW64\EPPICPattern131.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00027417 _____ C:\Windows\SysWOW64\EPPICPattern121.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00026154 _____ C:\Windows\SysWOW64\EPPICPattern1.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00024903 _____ C:\Windows\SysWOW64\EPPICPattern3.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00021390 _____ C:\Windows\SysWOW64\EPPICPattern5.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00020148 _____ C:\Windows\SysWOW64\EPPICPattern2.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00013732 _____ C:\Windows\SysWOW64\EPPICLocal_EN.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00011811 _____ C:\Windows\SysWOW64\EPPICPattern4.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00006442 _____ C:\Windows\SysWOW64\EPPICLocal_IT.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_PT.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006347 _____ C:\Windows\SysWOW64\EPPICLocal_BP.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006335 _____ C:\Windows\SysWOW64\EPPICLocal_GE.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_FR.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006195 _____ C:\Windows\SysWOW64\EPPICLocal_CF.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006122 _____ C:\Windows\SysWOW64\EPPICLocal_DU.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00006103 _____ C:\Windows\SysWOW64\EPPICLocal_ES.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00005817 _____ C:\Windows\SysWOW64\EPPICLocal_KO.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00005436 _____ C:\Windows\SysWOW64\EPPICLocal_SC.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00004943 _____ C:\Windows\SysWOW64\EPPICPattern6.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00002889 _____ C:\Windows\SysWOW64\EPPICLocal_RU.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00002426 _____ C:\Windows\SysWOW64\EPPICLocal_TC.cfg
2016-12-23 23:09 - 2004-03-03 06:10 - 00001146 _____ C:\Windows\SysWOW64\EPPICPresetData_DU.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_PT.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001139 _____ C:\Windows\SysWOW64\EPPICPresetData_BP.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001136 _____ C:\Windows\SysWOW64\EPPICPresetData_ES.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_FR.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001129 _____ C:\Windows\SysWOW64\EPPICPresetData_CF.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001120 _____ C:\Windows\SysWOW64\EPPICPresetData_IT.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001107 _____ C:\Windows\SysWOW64\EPPICPresetData_GE.dat
2016-12-23 23:09 - 2004-03-03 06:10 - 00001104 _____ C:\Windows\SysWOW64\EPPICPresetData_EN.dat
2016-12-23 23:08 - 2016-12-23 23:08 - 00312450 _____ C:\Users\Björn\Documents\ViewerX.alb
2016-12-23 23:07 - 2016-12-23 23:08 - 00070101 _____ C:\Users\Björn\Desktop\6d65b40e44b8112ef0ce45f17be95a83.jpg
2016-12-23 23:03 - 2016-12-23 23:03 - 00000000 ____D C:\ProgramData\Sony Corporation
2016-12-23 22:52 - 2016-12-23 22:52 - 00279683 _____ C:\Users\Björn\Desktop\81WTtvZLvZL._SL1425_.jpg
2016-12-23 22:45 - 2016-12-23 22:45 - 00206891 _____ C:\Users\Björn\Desktop\71u8wSrPfrL._SL1200_.jpg

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2017-01-22 19:34 - 2015-07-19 12:47 - 01474832 _____ C:\Windows\system32\Drivers\sfi.dat
2017-01-22 19:30 - 2015-02-05 10:43 - 00228288 _____ C:\Users\Björn\AppData\Local\GDIPFONTCACHEV1.DAT
2017-01-22 19:27 - 2015-07-19 18:10 - 11124910 _____ C:\Windows\system32\Drivers\fvstore.dat
2017-01-22 18:55 - 2015-08-01 21:36 - 00000000 ___RD C:\Users\Björn\OneDrive
2017-01-22 18:55 - 2015-02-23 23:37 - 00000000 ____D C:\Users\Björn\Desktop\System & Security
2017-01-22 18:18 - 2015-07-19 12:22 - 00000000 ___RD C:\Users\Björn\Dropbox
2017-01-22 18:07 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-22 18:07 - 2009-07-14 05:45 - 00021664 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-22 18:03 - 2016-12-08 01:02 - 00003172 _____ C:\Windows\System32\Tasks\OneDrive Standalone Update Task v2
2017-01-22 18:03 - 2015-08-01 21:36 - 00002176 _____ C:\Users\Björn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2017-01-22 17:56 - 2016-11-14 01:24 - 00000000 ___RD C:\Users\Björn\Google Drive
2017-01-22 17:55 - 2015-11-01 11:52 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-01-22 17:54 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-22 16:47 - 2015-12-22 00:25 - 00000000 ___RD C:\Users\Björn
2017-01-22 16:24 - 2016-01-09 17:37 - 00000000 ____D C:\Users\Björn\AppData\Roaming\foobar2000
2017-01-22 03:29 - 2016-12-13 01:28 - 00000000 ____D C:\Program Files\Microsoft Office
2017-01-22 03:02 - 2016-11-28 09:17 - 00000000 ____D C:\Users\Björn\AppData\LocalLow\Mozilla
2017-01-22 02:34 - 2015-03-11 18:28 - 00000000 ____D C:\Users\Björn\Desktop\MUSIC & AUDIO
2017-01-22 02:32 - 2016-06-14 23:45 - 00000000 ____D C:\Users\Björn\AppData\Roaming\vlc
2017-01-22 02:19 - 2015-05-03 22:12 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Mp3tag
2017-01-22 02:15 - 2016-06-28 18:38 - 00000000 ____D C:\Users\Björn\AppData\Local\Spotify
2017-01-22 00:59 - 2016-05-22 12:44 - 00000000 ____D C:\Program Files (x86)\Native Instruments
2017-01-22 00:53 - 2015-02-23 23:18 - 00000000 ____D C:\Users\Björn\AppData\Roaming\DAEMON Tools Lite
2017-01-21 22:16 - 2016-06-28 18:37 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Spotify
2017-01-21 21:41 - 2015-05-21 18:22 - 00000000 ____D C:\Program Files\Steinberg
2017-01-21 21:19 - 2015-02-06 01:12 - 00000000 ____D C:\ProgramData\Ashampoo
2017-01-21 21:14 - 2016-08-24 13:30 - 00003868 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1472041840
2017-01-21 21:14 - 2015-07-09 00:21 - 00000000 ____D C:\Program Files (x86)\Opera
2017-01-16 00:27 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2017-01-15 20:46 - 2015-07-19 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2017-01-15 20:46 - 2015-07-19 12:44 - 00000000 ____D C:\Program Files\COMODO
2017-01-15 20:44 - 2015-07-19 14:35 - 00606720 ___SH C:\Users\Björn\Downloads\Thumbs.db
2017-01-15 19:52 - 2015-03-26 20:48 - 00000000 ____D C:\Users\Björn\Desktop\VIDEO
2017-01-15 19:38 - 2009-07-14 05:45 - 00846304 _____ C:\Windows\system32\FNTCACHE.DAT
2017-01-13 23:30 - 2016-05-09 18:57 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2017-01-13 23:30 - 2016-05-09 18:57 - 00000000 ____D C:\ProgramData\Documents\MAGIX
2017-01-13 23:30 - 2015-02-23 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2017-01-13 23:25 - 2016-02-18 22:25 - 00000306 __RSH C:\ProgramData\ntuser.pol
2017-01-13 23:25 - 2009-07-14 04:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-01-13 23:09 - 2016-05-22 02:12 - 00000000 ____D C:\Users\Björn\AppData\Local\Windows Live
2017-01-13 22:34 - 2015-03-24 20:46 - 00000000 ____D C:\Users\Björn\AppData\Roaming\MAGIX
2017-01-13 22:34 - 2015-02-23 23:29 - 00000000 ____D C:\ProgramData\MAGIX
2017-01-13 22:26 - 2016-05-22 02:13 - 00000000 ____D C:\Users\Björn\Documents\My Videos
2017-01-13 22:17 - 2015-02-06 01:16 - 00000000 ____D C:\Users\Björn\AppData\Roaming\DVDVideoSoft
2017-01-13 22:14 - 2016-01-11 20:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2017-01-13 22:14 - 2016-01-11 20:01 - 00000000 ____D C:\Program Files (x86)\QuickTime
2017-01-13 21:57 - 2015-05-21 22:56 - 00000000 ____D C:\Users\Björn\Documents\Cubase LE AI Elements Projects
2017-01-13 21:36 - 2015-07-19 11:21 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-01-11 21:27 - 2009-07-14 03:34 - 00000478 _____ C:\Windows\win.ini
2017-01-11 21:23 - 2015-07-24 22:07 - 00000000 ____D C:\Windows\system32\MRT
2017-01-11 21:19 - 2015-12-22 08:25 - 135657872 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-01-11 21:16 - 2015-12-22 09:35 - 02185946 ____H C:\Users\Björn\AppData\Local\IconCache.db.backup
2017-01-09 10:22 - 2016-01-17 18:52 - 00000000 ____D C:\Users\Björn\AppData\Roaming\MusicBee
2017-01-08 02:04 - 2015-05-21 18:22 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Steinberg
2017-01-08 01:52 - 2015-09-12 18:07 - 00000000 ____D C:\Users\Björn\Desktop\OFFICE
2017-01-08 01:41 - 2016-07-01 01:08 - 00000000 ____D C:\Users\Björn\Downloads\Symphonie des Lebens (hr2 Funkkolleg)
2017-01-08 01:24 - 2015-02-06 01:21 - 00000000 ____D C:\Program Files\Recuva
2017-01-08 00:40 - 2015-05-03 21:23 - 00000000 ____D C:\Users\Björn\AppData\Local\Kingsoft
2017-01-08 00:39 - 2015-12-29 14:11 - 00000000 ____D C:\ProgramData\Kingsoft
2017-01-08 00:14 - 2016-05-21 19:46 - 00000000 ____D C:\ProgramData\MeldaProduction
2017-01-08 00:13 - 2016-05-21 19:46 - 00000000 ____D C:\Program Files\Common Files\VST3
2017-01-08 00:13 - 2015-05-21 21:06 - 00000000 ____D C:\Program Files\VstPlugins
2017-01-08 00:12 - 2016-05-21 19:35 - 00000000 ____D C:\Users\Björn\AppData\Roaming\MeldaProduction
2017-01-07 23:49 - 2015-02-23 23:40 - 00000000 ____D C:\ProgramData\Apple
2017-01-07 23:44 - 2016-11-13 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-01-05 01:13 - 2016-01-14 22:31 - 00000000 ____D C:\Users\Björn\Documents\VirtualDJ
2016-12-31 01:26 - 2015-02-06 01:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2016-12-31 01:26 - 2015-02-06 01:18 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2016-12-30 22:18 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-12-29 21:52 - 2015-07-19 11:21 - 00000000 ____D C:\Users\Björn\AppData\Local\Dropbox
2016-12-28 14:39 - 2011-04-12 08:43 - 00831082 _____ C:\Windows\system32\perfh007.dat
2016-12-28 14:39 - 2011-04-12 08:43 - 00215454 _____ C:\Windows\system32\perfc007.dat
2016-12-28 14:39 - 2009-07-14 06:13 - 01864212 _____ C:\Windows\system32\PerfStringBackup.INI
2016-12-28 14:39 - 2009-07-14 03:36 - 00683116 _____ C:\Windows\system32\perfh009.dat
2016-12-28 14:39 - 2009-07-14 03:36 - 00134040 _____ C:\Windows\system32\perfc009.dat
2016-12-24 00:09 - 2015-07-31 17:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-23 23:53 - 2015-03-26 21:00 - 00000000 ____D C:\Users\Björn\AppData\Local\ElevatedDiagnostics
2016-12-23 23:41 - 2016-01-23 04:18 - 00000000 ____D C:\Users\Björn\AppData\Roaming\Epson
2016-12-23 23:31 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-12-23 23:03 - 2016-01-23 04:35 - 00000000 ____D C:\ProgramData\UDL
2016-12-23 23:03 - 2016-01-23 04:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2016-12-23 23:03 - 2016-01-23 04:16 - 00000000 ____D C:\Program Files (x86)\Epson Software
2016-12-23 23:02 - 2015-02-05 10:37 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-12-23 18:55 - 2015-09-27 17:56 - 00000000 ____D C:\Users\Björn\AppData\Local\Amazon Music
2016-12-23 18:37 - 2016-06-28 18:38 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-23 09:12 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-12-23 09:02 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\config\RegBack

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2010-10-22 09:14 - 2010-10-22 09:14 - 0000870 _____ () C:\Users\Björn\AppData\Roaming\smallwindows.cfg
2015-12-22 01:54 - 2016-05-22 01:59 - 0001997 _____ () C:\Users\Björn\AppData\Roaming\vidiot.ini
2016-02-21 13:33 - 2016-02-21 13:33 - 0000093 _____ () C:\Users\Björn\AppData\Local\fusioncache.dat
2016-03-02 21:45 - 2016-03-02 21:52 - 0007649 _____ () C:\Users\Björn\AppData\Local\Resmon.ResmonCfg
2016-01-25 01:15 - 2016-01-25 01:15 - 0000108 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2017-01-13 22:59 - 2017-01-13 22:59 - 0439808 _____ () C:\ProgramData\smp2.exe

Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Program Files (x86)\MyMemory\MyMemory.exe
C:\Program Files (x86)\DPower\DiskPower.exe
C:\Program Files (x86)\DPower\C3EY2HFBJH.exe
C:\ProgramData\smp2.exe
C:\Users\Björn\oklghvki.exe


Einige Dateien in TEMP:
====================
2017-01-22 01:02 - 2003-12-09 15:16 - 8100859 _____ () C:\Users\Björn\AppData\Local\Temp\Artist Drums Setup.exe
2017-01-13 23:27 - 2017-01-13 23:27 - 1233121 _____ (Cusecebe                                                    ) C:\Users\Björn\AppData\Local\Temp\B9CE.tmp.exe
2017-01-13 23:25 - 2017-01-13 23:25 - 0119745 _____ () C:\Users\Björn\AppData\Local\Temp\load.exe
2017-01-13 23:25 - 2017-01-13 23:25 - 0063131 _____ () C:\Users\Björn\AppData\Local\Temp\MMIns.exe
2017-01-13 23:25 - 2017-01-13 23:25 - 1371648 _____ (Hmdi) C:\Users\Björn\AppData\Local\Temp\SetupScreenShared.exe
2017-01-13 23:25 - 2017-01-13 23:25 - 1624171 _____ (VideoBox                                                    ) C:\Users\Björn\AppData\Local\Temp\VideoBox.exe
2017-01-13 23:00 - 2017-01-13 23:00 - 1233121 _____ (Cusecebe                                                    ) C:\Users\Björn\AppData\Local\Temp\5D1E.tmp.exe
2017-01-13 22:59 - 2017-01-13 22:59 - 0451934 _____ (WeMonetize                                                  ) C:\Users\Björn\AppData\Local\Temp\B9S6WBSE75.exe
2016-08-01 23:59 - 2016-08-01 23:59 - 1456128 _____ () C:\Users\Björn\AppData\Local\Temp\mdi064.dll

==================== Bamital & volsnap ======================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert

LastRegBack: 2016-12-23 09:02

==================== Ende von FRST.txt ============================

Addition.txt 1:

Code:

ATTFilter

ZusÃ¤tzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version: 22-01-2017
durchgefÃ¼hrt von BjÃ¶rn (22-01-2017 19:36:53)
Gestartet von C:\Users\BjÃ¶rn\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2015-12-22 00:47:29)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-427701803-4022602832-2190140502-500 - Administrator - Disabled)
ASPNET (S-1-5-21-427701803-4022602832-2190140502-1003 - Limited - Enabled)
BjÃ¶rn (S-1-5-21-427701803-4022602832-2190140502-1000 - Administrator - Enabled) => C:\Users\BjÃ¶rn
Gast (S-1-5-21-427701803-4022602832-2190140502-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-427701803-4022602832-2190140502-1007 - Limited - Enabled)

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)


==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" kÃ¶nnen in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

ÂµTorrent (HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Amazon Amazon Music) (Version: 5.3.2.1634 - Amazon Services LLC)
AMD Catalyst Install Manager (HKLM\...\{10ADF519-706B-6EC7-A1A7-A2580D920457}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
Apple Application Support (64-Bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AppTrailers - AppTrailers for Desktop (HKLM-x32\...\AppTrailers) (Version: 10.1.1amt - AppTrailers) <==== ACHTUNG
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
ASUSUpdate (HKLM-x32\...\{587178E7-B1DF-494E-9838-FA4DD36E873C}) (Version: 7.18.03 - ASUSTeK Computer Inc.)
Best Service Artist Drums (HKLM-x32\...\Best Service Artist Drums) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
COMODO Internet Security Premium (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
Compatibility Pack fÃ¼r 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
DailyBee - DailyBee for Desktop (HKLM-x32\...\DailyBee) (Version: 10.1.1cm - DailyBee)
Disk Unlocker (HKLM-x32\...\{FE73C47E-0FF8-47A6-A903-FFA827A4B43D}) (Version: 2.0.8 - ASUS)
Dojotech Spotify Recorder (HKLM-x32\...\{D149DB2E-392E-48CC-8036-88BECC09C50A}) (Version: 3.2 - Dojotech Software)
DPower version 1.0 (HKLM-x32\...\DPower_is1) (Version: 1.0 - WeMonetize) <==== ACHTUNG
Dropbox (HKLM-x32\...\Dropbox) (Version: 17.4.33 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.33 - Dropbox, Inc.) Hidden
Edirol HQ Orchestral v1.01 (HKLM-x32\...\Edirol HQ Orchestral v1.01) (Version:  - )
Edirol Super Quartet (HKLM-x32\...\Edirol Super Quartet) (Version:  - )
eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: 6.10.2.18195 - Steinberg Media Technologies GmbH)
Epson Easy Photo Print 2 (HKLM-x32\...\{07AA1C7F-E8CA-4FDC-B975-BC9EBC22B6DE}) (Version: 2.7.0.0 - SEIKO EPSON CORPORATION)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.44.00 - Seiko Epson Corporation)
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPU-4 Engine (HKLM-x32\...\{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}) (Version: 1.02.01 - )
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.0.1 - Toontrack)
EZkeys Classic Electrics 64 (HKLM\...\{2F547D3F-AB60-4319-8513-80DBD3896BA8}) (Version: 1.0.0 - Toontrack)
EZkeys Grand Piano 64 (HKLM\...\{23CA8D91-FD3B-4EE6-BBDF-B5924E7E44EB}) (Version: 1.0.2 - Toontrack)
EZkeys Upright Piano 64 (HKLM\...\{5CC4AF6E-B273-497B-BF7E-9B6E35EBB0E0}) (Version: 1.0.0 - Toontrack)
EZXCocktail (HKLM-x32\...\{147567F0-8575-4BE0-B5B3-62706C67FA5A}) (Version: 1.0 - Toontrack)
EZXDfh (HKLM-x32\...\{DB1299AF-9EE0-422B-959E-F4171B2AE0F7}) (Version: 1.0 - Toontrack)
EZXVintage (HKLM-x32\...\{430399DC-98BC-4A7F-8F8E-77981CABAE05}) (Version: 1.0 - Toontrack)
FLAC 1.2.1b (remove only) (HKLM-x32\...\FLAC) (Version: 1.2.1b - Xiph.org)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader) (Version:  - )
Free Audio Converter (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.85.518 - Digital Wave Ltd)
Free Studio (HKLM-x32\...\Free Studio_is1) (Version: 6.6.30.1215 - Digital Wave Ltd)
Free YouTube To MP3 Converter (HKLM-x32\...\Free YouTube To MP3 Converter_is1) (Version: 4.1.26.712 - Digital Wave Ltd)
GeekBuddy (HKLM\...\{7F2FC210-A909-4E0E-AF4E-8E9AF72F4C7F}) (Version: 4.22.150 - Comodo Security Solutions Inc)
Google Drive (HKLM-x32\...\{3D7AB4D4-2E45-4986-BAC5-5B3CEED21FAA}) (Version: 1.32.3592.6117 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GTFAVENUE Updater version 1.2.0.4 (HKLM-x32\...\GTFAVENUE Updater_is1) (Version: 1.2.0.4 - )
HD Tune 2.55 (HKLM-x32\...\HD Tune_is1) (Version:  - EFD Software)
HDR projects 2 (64-Bit) (HKLM\...\HDR_PROJECTS_2_2_3BF7CE82_is1) (Version: 2.26 - Franzis Verlag GmbH)
HDtracks Downloader (HKLM-x32\...\HDtracks Downloader) (Version: 18 - J. River, Inc.)
HydraVision (x32 Version: 4.2.210.0 - Advanced Micro Devices, Inc.) Hidden
iCloud (HKLM\...\{4BB313CE-D3D1-424C-8823-15CF85B00B05}) (Version: 6.1.0.30 - Apple Inc.)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Kingsoft PDF to Word SDK (2.0.1) (HKLM\...\{F0915BBA-A86F-4672-807D-30F38DFC2B44}) (Version: 2.0.1 - Zhuhai Kingsoft Office Software Co.,Ltd)
KMSpico 3.1 (HKLM\...\KMSpico v3.1_is1) (Version: 3.1 - )
Kronen-Design 1.82 (HKLM-x32\...\Kronen-Design_is1) (Version:  - )
Kronen-Design Pro 1.82b (HKLM-x32\...\Kronen-Design Pro_is1) (Version:  - )
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.9 - Thibaut Lauziere)
Live 7.0.3 (HKLM-x32\...\Live 7.0.3) (Version:  - )
MAGIX Audio Cleaning Lab 16 deluxe Download Version (HKLM-x32\...\MAGIX_MSI_mclab_16dlx) (Version: 16.0.0.0 - MAGIX AG)
MAGIX Audio Cleaning Lab 16 deluxe Download Version (x32 Version: 16.0.0.0 - MAGIX AG) Hidden
MAGIX Speed 2 (MSI) (HKLM-x32\...\{C09F1573-6262-47F2-8B90-5B2290A58B12}) (Version: 6.0.1.2 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM-x32\...\MX.{B7802BC1-5F76-48D2-A622-98195BD50B87}) (Version: 7.0.2.6 - MAGIX Software GmbH)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX Software GmbH) Hidden
Malwarebytes Version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.2 (DEU) (HKLM\...\{1DB0C90B-2A9F-3A1E-B1DF-616C5A2A1417}) (Version:  - )
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\OneDriveSetup.exe) (Version: 17.3.6743.1212 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR) (HKLM-x32\...\{E09B48B5-E141-427A-AB0C-D3605127224A}) (Version: 8.00.761 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23506 (HKLM-x32\...\{3ee5e5bb-b7cc-4556-8861-a00a82977d6c}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools fÃ¼r Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Monkey's Audio (HKLM-x32\...\Monkey's Audio_is1) (Version:  - )
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 47.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 de)) (Version: 47.0 - Mozilla)
Mozilla Firefox 50.1.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 50.1.0 (x86 de)) (Version: 50.1.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
MP3Diags 1.2.01 (HKLM-x32\...\MP3Diags) (Version: 1.2.01 - )
Mp3tag v2.79 (HKLM-x32\...\Mp3tag) (Version: v2.79 - Florian Heidenreich)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
MyMemory (HKLM-x32\...\MyMemory) (Version:  - MyMemory) <==== ACHTUNG
Native Instruments Compilation Vol. 1 (HKLM-x32\...\Native Instruments Compilation Vol. 1) (Version:  - Native Instruments)
Native Instruments FM7 v1.10.006 (HKLM-x32\...\Native Instruments FM7 v1.10.006) (Version:  - )
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS (HKLM-x32\...\Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS) (Version:  - )
Native Instruments Kore 2 (HKLM-x32\...\Native Instruments Kore 2) (Version:  - )
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
OpenDrive (HKLM\...\{4EDEB376-E384-4D60-BAEC-05BEA062B230}) (Version: 1.7.0.5 - OpenDrive, Inc.)
Open-Xchange Updater (HKLM-x32\...\{A9AC0DBD-2DBC-412D-B2E0-C735786AF86D}) (Version: 6.18.33 - OX Software GmbH)
Opera Stable 42.0.2393.137 (HKLM-x32\...\Opera 42.0.2393.137) (Version: 42.0.2393.137 - Opera Software)
Outils de vÃ©rification linguistique 2013 de Microsoft OfficeÂ*- FranÃ§ais (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
OX Drive (HKLM-x32\...\{9E422CED-B204-47F4-84C6-4B2023C9E4AD}) (Version: 2.2.0 - OX Software GmbH)
OXNotifier (HKLM-x32\...\{63884338-32F2-4D6E-BD0C-F9E974D5A60F}) (Version: 1.0.6 - Open-Xchange Inc.)
OXtender 2 for Microsoft Outlook (HKLM\...\{6D71912C-C02A-4FAA-A97B-B01A0E9EE570}) (Version: 7.2.20 - Open-Xchange AG)
PC Probe II (HKLM-x32\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.04.86 - ASUSTeK Computer Inc.)
PDF Architect 3 (HKLM-x32\...\PDF Architect 3) (Version: 3.1.1.24880 - pdfforge GmbH)
PDF Architect 3 Asian Fonts Pack (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Convert Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Create Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Edit Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Forms Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Insert Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 OCR Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Review Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 Secure Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDF Architect 3 View Module (x32 Version: 3.1.1.24851 - pdfforge GmbH) Hidden
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.1.2 - pdfforge)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Pistonsoft BPM Detector 1.0 (HKLM-x32\...\Pistonsoft BPM Detector_is1) (Version: 1.0 - Piston Software)
PreSonus FP10 driver v5.13.0.0 (HKLM-x32\...\PreSonus FP10 driver v5.13.0.0) (Version: 5.13.0.0 - PreSonus)
Protect Disc License Helper 1.0.125 (IE) (HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Protect Disc License Helper) (Version: 1.0.125 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
RAIDXpert (HKLM-x32\...\InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}) (Version: 3.2.1540.5 - AMD)
RAIDXpert (x32 Version: 3.2.1540.5 - AMD) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.52.203.2012 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.00.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6526 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Revo Uninstaller 2.0.2 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.2 - VS Revo Group, Ltd.)
SampleTank 2 (HKLM-x32\...\{6559654F-2F38-491F-8411-211517C3E635}) (Version: 2.5.2 - IK Multimedia)
Samplitude Music Studio 2013 (HKLM-x32\...\MAGIX_{C02AB3DD-D476-4EF0-B59B-D4D58A71A5F9}) (Version: 19.0.0.10 - MAGIX AG)
Samplitude Music Studio 2013 (Version: 19.0.0.10 - MAGIX AG) Hidden
Samplitude Music Studio 2013 Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden
Samplitude Music Studio 2013 Update (Version: 19.0.1.22 - MAGIX AG) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version:  - )
Sony Media Manager 2.2 (HKLM-x32\...\{71A41426-C7A4-4DCF-A9ED-C5B4B105ED1D}) (Version: 2.2.58 - Sony)
Sony Noise Reduction Plug-In 2.0e (HKLM-x32\...\{D533C9D4-ED96-4191-B9C3-279C0DD6BABA}) (Version: 2.0.444 - Sony)
Sony Sound Forge 8.0 (HKLM-x32\...\{767572FD-4D01-4FA3-B0A6-4B09FB2CFC37}) (Version: 8.0.53 - Sony)
Sony Vegas 7.0 (HKLM-x32\...\{251C3815-7A55-4607-A82D-C3B98F0FBAB8}) (Version: 7.0.115 - Sony)
SoundCloud Download (HKLM-x32\...\SoundCloud Download_is1) (Version: 2.0.8.1127 - DVDVideoSoft Ltd.)
Spotify (HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Spotify) (Version: 1.0.45.186.g3b5036d6 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.5.2 - Safer Networking Limited)
Steinberg Cubase LE AI Elements 7 64bit (HKLM\...\{67E7C608-D0EA-4273-B374-50ABE42FBE08}) (Version: 7.0.80 - Steinberg Media Technologies GmbH)
Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE 64bit (HKLM\...\{A5AB0D21-21BD-4DB8-F097-02E8FC8C486A}) (Version: 4.2.20 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Acoustic Agent (HKLM-x32\...\{F34EA13C-F078-4003-AE21-43EAB2680EC5}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Steinberg Groove Agent SE Content (HKLM-x32\...\{AFC9D1CE-F050-437C-35A5-62DEDB262DC7}) (Version: 1.2.20 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 2.0.2 - Steinberg Media Technologies GmbH)
Steinberg HALion Sonic SE Content for Cubase LE AI Elements (HKLM-x32\...\{CF45002F-2205-4116-BB51-2D015F436CAC}) (Version: 2.0.1 - Steinberg Media Technologies GmbH)
Steinberg Midi Loop Library (HKLM-x32\...\{89DE2651-6DD9-4C15-AC94-8348362D456C}) (Version: 1.0.0 - Steinberg Media Technologies GmbH)
Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH)
Steinberg Upload Manager (HKLM-x32\...\{88BBBD8F-4C19-4809-B84B-7A8F8238B48D}) (Version: 1.0.2 - Steinberg Media Technologies GmbH)
Steinberg Virtual Guitarist (HKLM-x32\...\Virtual Guitarist) (Version:  - )
Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.1 - Steinberg Media Technologies GmbH)
Studio Instruments 1.0 (HKLM\...\Cakewalk Studio Instruments_is1) (Version: 1.0 - Cakewalk Music Software)
SUPER Â© v2016.Build.69+3D+Recorder (2016/04/02) Version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft)
tlerauic (HKLM-x32\...\{fd7bad22-3721-476e-e815-8e1e74df2bcd}) (Version: 1.0.0 - tivecar) <==== ACHTUNG
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{5D2260D6-DB16-41DC-915B-A39BF4F66362}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3127934) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{670823C5-9E0F-444C-A115-E8C4F37C5707}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB3141468) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUSR_{CB85A0CF-0448-43D8-8006-173A8C84A018}) (Version:  - Microsoft)
VidsqaurE (HKLM-x32\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version: 1.4 - )
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.5.0.0 - Elaborate Bytes)
VirtualDJ 8 (HKLM-x32\...\{4D5A0E11-2E8C-4F1F-A847-CE6DA223250C}) (Version: 8.1.2770.0 - Atomix Productions)
VirtualDJ Home FREE (HKLM-x32\...\{95575578-5158-4AAE-856E-3FF9DB46A316}) (Version: 7.4.7 - Atomix Productions)
Vita 2 (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita 2 Zusatzcontent (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Bass Machine (Version: 1.0.0.0 - MAGIX AG) Hidden
Vita Electric Bass (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
Vita Jazz Drums (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
Vita Power Guitar (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
Vita Rock Drums (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
Vita Soundtrack Percussion (Version: 2.4.0.78 - MAGIX Software GmbH) Hidden
Vita World Percussion (Version: 1.0.0.0 - MAGIX AG) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WPS Office (9.1.0.5214) (HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\Kingsoft Office) (Version: 9.1.0.5214 - Kingsoft Corp.)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{00020906-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32 ->  => Keine Datei
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\wps.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{00024512-0000-0000-C000-000000000046}\InprocServer32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\refedit.dll ()
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{0002CE21-0000-0000-C000-000000000046}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\mui\default\resource\ksee\EqnEdit.exe (Design Science, Inc.)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\wpp.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 ->  => Keine Datei
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\localserver32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\et.exe (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{4D4E0078-1386-4536-BD05-3E1013F17116}\InprocServer32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\oledefaulthandler.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InprocServer32 -> C:\Users\BjÃ¶rn\AppData\Roaming\tlerauic\obtorsub.dll () <==== ACHTUNG
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\office6\qingshellext64.dll (Zhuhai Kingsoft Office Software Co.,Ltd)
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 ->  => Keine Datei
CustomCLSID: HKU\S-1-5-21-427701803-4022602832-2190140502-1000_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\BjÃ¶rn\AppData\Local\Microsoft\OneDrive\17.3.6743.1212\amd64\FileCoAuthLib64.dll (Microsoft Corporation)

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {000491C5-B3D0-421F-B7FA-12D756AAF4D5} - System32\Tasks\GoogleUpdateTaskMachineCore1d0f1e7713fd3d2 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {03445876-B843-4D56-8348-32AA20BD6706} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: {04931301-3440-45DB-90E2-2B38598DA117} - System32\Tasks\Opera scheduled Autoupdate 1472041840 => C:\Program Files (x86)\Opera\launcher.exe [2017-01-21] (Opera Software)
Task: {06259121-DDBF-4737-ADD5-E4B229019886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {16738D9F-3D60-4F43-B991-6C6717E0A78A} - System32\Tasks\{B2B07636-C2D4-46CA-B773-E4A7C4F3FE6C} => pcalua.exe -a F:\Autorun.exe -d F:\
Task: {2F83AED8-E768-4C61-8F26-0DE35AF5F966} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {36D2B4D8-9350-49E2-94D5-434DCE7EF54E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {4059E2C6-B22C-4F38-91EA-776E50699E52} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {557E4DB3-5CA7-42D0-9D9A-223D643B2787} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)
Task: {5BA3A712-8A55-46A5-BEC6-4D98C573BB1D} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.)
Task: {5F844E7C-D4E9-4DF5-AB9E-54FB5365B99F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-28] (Adobe Systems Incorporated)
Task: {647F4AD6-6480-42E1-82F5-54C2B2F82AAD} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-04-07] (Apple Inc.)
Task: {6E3C91E1-BA92-4991-B89A-33595D9945CD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {74B4FFA4-6594-497D-8279-15C3E572AD99} - System32\Tasks\ASUS\ASUS RegRun Loader => C:\Program Files (x86)\ASUS\AASP\1.01.02\AsLoader.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {A8C00928-4D79-4D40-BD59-93A72FFA5184} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AA929969-3699-4513-8C32-013F17FD973B} - System32\Tasks\WpsKtpcntrQingTask_BjÃ¶rn => C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\office6\ktpcntr.exe [2017-01-08] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {AC5FFB5E-C46C-4FF1-A939-8A8E02F0DEB1} - System32\Tasks\{AB7EBDE9-7CC4-4414-8B9A-EBDB994A057A} => pcalua.exe -a C:\Users\BJRN~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {C421A3A3-9EFC-4A0B-A274-0AFE2AD316AD} - System32\Tasks\Microsoft\Windows\Media Center\VCore => C:\ProgramData\vCore\VCore.exe [2017-01-13] () <==== ACHTUNG
Task: {C4570A52-C84C-42E3-99E1-34F06DC1897A} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-02] (COMODO)
Task: {C5A82362-22BA-447B-9293-004A2DE412CC} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {C7123BCA-5C3D-4D3A-9E17-0D59A228327B} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2016-08-02] (COMODO)
Task: {C978ED13-0A98-4FB5-BCB1-1DEC0860FB9C} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-02] (COMODO)
Task: {D8855FBC-3AAD-4388-90F8-771E6D1AA43C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-07-19] (Dropbox, Inc.)
Task: {E2C88535-5F6D-45CA-9B33-7728C8095ACC} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-11-13] (Piriform Ltd)
Task: {E72A27C9-B8F3-4073-B6BA-1483A92DBC74} - System32\Tasks\ASUS\ASUS Update Checker => C:\Program Files (x86)\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2009-12-28] (ASUSTeK Computer Inc.)
Task: {E98C0907-14F4-4EEB-8B8E-DEE90E24FEAC} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-02] (COMODO)
Task: {F12FF53D-B486-4FD8-A8F6-AA769EF701F8} - System32\Tasks\WpsUpdateTask_BjÃ¶rn => C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\wtoolex\wpsupdate.exe [2017-01-08] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {F2B005F4-DF7B-41BB-8F2A-CC536EDF2E1E} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2016-08-02] (COMODO)
Task: {F6048777-D9B9-45DD-B37F-295BDA55E027} - \Driver Booster SkipUAC (BjÃ¶rn) -> Keine Datei <==== ACHTUNG
Task: {FE5A19DC-6FCA-48C2-826E-12EB4FEA34DB} - System32\Tasks\GoogleUpdateTaskMachineUA1d0f1e77232a02e => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-07-19] (Google Inc.)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0f1e7713fd3d2.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d0f1e77232a02e.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\WpsKtpcntrQingTask_BjÃ¶rn.job => C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\10.1.0.5795\office6\ktpcntr.exe Ãƒqing 10.1.0.5795 xxx server_url=hxxp:/kdl1.cache.wps.com/ksodl/wpscfg/client/____client____html____service____bubble.html ic_server_url=hxxp:/info.kingsoftstore.com/wpsv6internet/infos.ads
Task: C:\Windows\Tasks\KMS Activation.job => C:\Program Files\KMSpico\RandomFile.exe
Task: C:\Windows\Tasks\SMW_P.job => C:\ProgramData\smp2.exe pinstall1 hxxp:/www%2dsearching.com <==== ACHTUNG
Task: C:\Windows\Tasks\SMW_UpdateTask_Time_313338343937303331332d5537375a346c2d3232345b41.job => Wscript.exe  Q/B C:\ProgramData\SearchModule\smhe.js smu.exe <==== ACHTUNG
Task: C:\Windows\Tasks\WpsNotifyTask_BjÃ¶rn.job => C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_BjÃ¶rn.job => C:\Users\BjÃ¶rn\AppData\Local\Kingsoft\WPS Office\9.1.0.5214\wtoolex\wpsupdate.exe

==================== VerknÃ¼pfungen =============================

(Die EintrÃ¤ge kÃ¶nnen gelistet werden, um sie zurÃ¼ckzusetzen oder zu entfernen.)

Shortcut: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\Online Help.lnk -> hxxp://www.virtualdj.com/wiki
Shortcut: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ\www.virtualdj.com.lnk -> hxxp://www.virtualdj.com

ShortcutWithArgument: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
ShortcutWithArgument: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
ShortcutWithArgument: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
ShortcutWithArgument: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
ShortcutWithArgument: C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epc&s=H1Dztrmbl10AU,eb88f1fc-2c0d-45e0-a539-f7e43abe2eab,

==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2011-07-28 17:44 - 2011-07-28 17:44 - 00211968 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2011-06-24 06:30 - 2011-06-24 06:30 - 00622080 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2011-06-24 06:30 - 2011-06-24 06:30 - 03641344 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2009-09-19 14:38 - 2009-09-19 14:38 - 00065536 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
2016-09-01 17:12 - 2016-09-01 17:12 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-01-15 20:44 - 2017-01-15 20:44 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-01-15 20:44 - 2017-01-15 20:44 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-01-15 20:44 - 2017-01-15 20:44 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2015-01-08 22:02 - 2016-03-16 11:25 - 00073912 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2009-09-19 14:40 - 2009-09-19 14:40 - 00122880 _____ () C:\Windows\SysWOW64\WinMsgBalloonServer.exe
2009-09-19 14:40 - 2009-09-19 14:40 - 00139264 _____ () C:\Windows\SysWOW64\WinMsgBalloonClient.exe
2017-01-13 22:57 - 2017-01-12 00:35 - 00313344 _____ () C:\Program Files (x86)\GTFAVENUE Updater\GTFAVENUE Updater.exe
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-10-04 13:07 - 2016-10-04 13:07 - 00230912 _____ () C:\Users\BjÃ¶rn\AppData\Local\Open-Xchange\OXDrive\OXDriveShellExtension_x64.dll
2009-09-07 13:54 - 2009-09-07 13:54 - 00516096 _____ () C:\Program Files (x86)\AMD\RAIDXpert\bin\libxml2.dll
2015-02-06 01:18 - 2016-12-16 19:16 - 00114664 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\zlib1.dll
2015-02-06 01:18 - 2016-12-16 19:16 - 00108008 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_filesystem-vc120-mt-1_56.dll
2015-02-06 01:18 - 2016-12-16 19:16 - 00024040 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_system-vc120-mt-1_56.dll
2015-02-06 01:18 - 2016-12-16 19:16 - 00048104 _____ () C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\boost_date_time-vc120-mt-1_56.dll
2017-01-21 21:14 - 2017-01-21 21:13 - 68769880 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\opera.dll
2017-01-21 21:14 - 2017-01-21 21:13 - 01895000 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\libglesv2.dll
2017-01-21 21:14 - 2017-01-21 21:13 - 00087128 _____ () C:\Program Files (x86)\Opera\42.0.2393.137\libegl.dll

DasPiano · 22.01.2017, 19:44

Addition.txt FORTSETZUNG:

Code:

ATTFilter

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)

AlternateDataStreams: C:\Windows\cadkasdeinst01.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\Flurry.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\IsUn0407.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\IsUninst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\WLXPGSS.SCR:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\acmigration.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aeinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aelupsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aepic.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\aitstatic.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidapi.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\appidcertstorecheck.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidpolicyconverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appidsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appinfo.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\appraiser.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiodg.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\audiosrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\auditpol.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcdedit.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\centel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\clfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\CompatTelRunner.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\conhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\consent.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\csrsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\davclnt.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\DbxSvc.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\devinv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\EBPMONB.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ECBTEGB.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\EncDump.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\evr.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\E_GCINST.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\FntCache.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\generaltel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollector.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwcollectorres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetpp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\inetppui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\invagent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\iphlpsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KBDYAK.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\localspl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\LogiLDA.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsasrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\lsass.exe:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Media Core Launcher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mfps.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msaudite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msdxm.ocx:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msimsg.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\msmmsp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\MsSpellCheckingFacility.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\netevent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\OxpsConverter.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\oxstor32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcadm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcaevts.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcalua.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcasvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\pcawrk.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\perftrack.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\powertracker.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\rstrui.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\scavengeui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\seclogon.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secproc_ssp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\secur32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\setbcdlocale.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\smss.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\srcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\sspisrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\VBoxNetFltNobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\win32k.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winload.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winresume.efi:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WinSetupUI.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\winsrv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64cpu.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wow64win.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Wpc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wpnpinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WsmSvc.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wu.upgrade.ps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuauclt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuaueng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wucltux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFCoinstaller.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFPlatform.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\WUDFx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wups2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\wwanprotdim.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\wwansvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adsmsext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\adtschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\advapi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apisetschema.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\apphelp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\appidapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioEng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AUDIOKSE.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\AudioSes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\auditpol.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\authui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\bcrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\blackbox.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdd8.obj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdd8.res.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdd8.vbx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdd8.vbx.gui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cdd8.vbx.ikw.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\certcli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\charmap.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cliconfg.728:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\credui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\crypt32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptdlg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptnet.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsp.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\cryptsvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\cryptui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3d10level9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DCompiler_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx10_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx11_43.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_31.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\d3dx9_32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\D3DX9_42.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\davclnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\defrag.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcore6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dhcpcsvc6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\diskperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dns-sd.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmmgrtn.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drmv2clt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\drvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dwmcore.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\DWrite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\dxmasf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\esent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\evr.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\explorer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ExplorerFrame.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\FlashPlayerApp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\fsutil.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gameux.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\gdi32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\GPhotos.scr:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\hlink.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ieetwproxystub.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Bmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Com.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Dxf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Effect.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Emf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7File.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Fpx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Gif.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7J2k.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Jpeg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Pcx.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Png.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Print.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Scan.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Svg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IK7SxfP21.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\IK7SxfSfc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Tiff.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7VectCom.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Ik7Wmf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\InkEd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\instnm.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\iologmsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\jscript9diag.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDBASH.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDRU1.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDTAT.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KBDYAK.DLL:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\kconvert.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kerberos.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\kernel32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\KernelBase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\logman.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Media Core Launcher.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mf.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfds.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mferror.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfplat.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfpmp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mfps.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\minimp3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\moveex.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msaudite.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\mscomct2.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msconfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdrm.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msdxm.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MSFLXGRD.OCX:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\MshtmlDac.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mshtmlmedia.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msieftp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msiexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msihnd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msimsg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msmpeg2vdec.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msnetobj.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msobjs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscntrs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msscp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssph.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssphtb.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssrch.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\mssvp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msv1_0.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml4a.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\msxml6r.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ncrypt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netcorehc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\netevent.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NI_DFD_1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\NI_IRC_1_2.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\nlsbres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntdll.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntkrnlpa.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntoskrnl.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntprint.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntshrui.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ntvdm64.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Olepau32.ax:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\olepro32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\pncrt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\poqexec.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\prevhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\qdvd.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\quartz.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\relog.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ReWire.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\REX Shared Library.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\richtx32.ocx:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\RMActivate_ssp_isv.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpchttp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rpcrt4.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\rrinstaller.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\schannel.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sdbinst.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchFilterHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchIndexer.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SearchProtocolHost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sechost.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secproc_ssp_isv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\secur32.dll:$CmdTcID [130]
AlternateDataStreams: C:\Windows\SysWOW64\setup16.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shell32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\shimeng.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SmartcardCredentialProvider.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\spwmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\srclient.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\sspicli.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\SYNSOPOS.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tdh.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\timedate.cpl:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tquery.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tracerpt.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSpkg.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\TSWorkspace.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\typeperf.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\tzres.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\ucrtbase.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\user32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\usp10.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wdigest.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WebClnt.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\webio.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WindowsCodecs.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wintrust.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmdrmsdk.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmp.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wmploc.DLL:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wow32.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\Wpc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wpdshext.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManHTTPConfig.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WSManMigrationPlugin.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmAuto.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmplpxy.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wsmprovhost.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmRes.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmSvc.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\WsmWmiPl.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapi.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuapp.exe:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wudriver.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wups.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\wuwebv.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAPOFX1_5.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\XAudio2_7.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\SysWOW64\xmllite.dll:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdsata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\amdxata.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\appid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ataport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\CFRMD.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\cng.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dbx-canary.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dbx-dev.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dbx-stable.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dfsc.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\Diskdump.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\dtsoftbus01.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\fvevol.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\FWPKCLNT.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\iaStorV.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecdd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ksecpkg.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mbae64.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mountmgr.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxdav.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb10.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\mrxsmb20.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\msiscsi.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\netio.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\ntfs.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvraid.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\nvstor.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\odminifilter.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\PEAuth.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\RNDISMP.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srv2.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\srvnet.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\storport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\stream.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tap0901.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpip.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\tcpipreg.sys:$CmdTcID [130]
AlternateDataStreams: C:\Windows\system32\Drivers\usbccgp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbehci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbhub.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbohci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbport.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\USBSTOR.SYS:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\usbuhci.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxDrv.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxNetAdp.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VBoxUSBMon.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\VClone.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFPf.sys:$CmdTcID [64]
AlternateDataStreams: C:\Windows\system32\Drivers\WUDFRd.sys:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Desktop\71u8wSrPfrL._SL1200_.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Desktop\81WTtvZLvZL._SL1425_.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Desktop\Hammerich-Gesunde-Schuhe-in-Wismar.jpg:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Desktop\LH_Zusatzmodul_Porno_klicksafe_gesamt.pdf:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\A-Ha - 03. Hunting High And Low (2015 Remastered Versio.flac:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\ESETOnlineScanner_DEU.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\ESETOnlineScanner_DEU.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\FRST64.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\FRST64.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\lightworks_v12.6.0_full_64bit_setup.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\lightworks_v12.6.0_full_64bit_setup.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\mb3-setup-consumer-3.0.5.1299.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\mb3-setup-consumer-3.0.5.1299.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\SetupVirtualCloneDrive5500.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\SetupVirtualCloneDrive5500.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\shotcut-win64-170102.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\shotcut-win64-170102.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\unetbootin-windows-613.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\unetbootin-windows-613.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\Universal-USB-Installer-1.9.6.3.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\Universal-USB-Installer-1.9.6.3.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\wps_office_free_10.1.0.5795.exe:$CmdTcID [64]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\wps_office_free_10.1.0.5795.exe:$CmdZnID [26]
AlternateDataStreams: C:\Users\BjÃ¶rn\Downloads\wps_office_free_10.2.0.5811.exe:$CmdZnID [26]

==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== VerknÃ¼pfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurÃ¼ckgesetzt oder entfernt.)


==================== Internet Explorer VertrauenswÃ¼rdig/EingeschrÃ¤nkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

Da befinden sich 7924 mehr Seiten.

IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\123simsen.com -> www.123simsen.com

Da befinden sich 7924 mehr Seiten.


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix fÃ¼r diesen Bereich.)

HKU\S-1-5-21-427701803-4022602832-2190140502-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\BjÃ¶rn\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 156.154.70.25 - 156.154.71.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv => Firewall Dienst lÃ¤uft nicht.
MpsSvc => Firewall Dienst lÃ¤uft nicht.
bfe => Firewall Dienst lÃ¤uft nicht.

==================== MSCONFIG/TASK MANAGER Deaktivierte EintrÃ¤ge ==

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: dbupdate => 2
MSCONFIG\Services: dbupdatem => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Kingsoft_WPS_UpdateService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: PDF Architect 3 => 3
MSCONFIG\Services: PDF Architect 3 CrashHandler => 3
MSCONFIG\Services: PDF Architect 3 Creator => 2
MSCONFIG\startupreg: Amazon Music => "C:\Users\BjÃ¶rn\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: OpenDrive Tray => C:\Program Files\OpenDrive\OpenDrive_Tray.exe
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Spotify => "C:\Users\BjÃ¶rn\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\BjÃ¶rn\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [{156AB84D-9650-4E42-9053-240D7300C947}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E509A730-1EEC-48CE-A87F-0A1F86D92591}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{075C305E-D423-4946-BA4A-72CED2065F96}] => C:\Users\BjÃ¶rn\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{A6378F30-8818-414B-88D3-A0407CADEF93}] => C:\Users\BjÃ¶rn\AppData\Roaming\Andy\Setup.exe
FirewallRules: [{748ED4D2-9738-4DCD-B11E-5DE2FEEF4325}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D771F47B-D7FE-40F2-BAEF-27422E6658CD}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A6986178-C206-47C8-B79E-FB769313FFB0}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{DAB9BAA1-DCCC-437F-AC36-805CDB687CE8}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BFF6CDD1-81D8-4D1F-9C65-F4C6C4AEB2B1}] => C:\Users\BjÃ¶rn\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{74029C07-B6A8-4EF6-9AD1-32AF70EB6480}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{59E2E3C7-2C04-43D1-99E4-B240086B16F7}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3F0295DA-B2BC-4FB2-A934-9E9948201295}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B95D115-3B94-41ED-AC84-BB9DCA939420}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C076FE59-0686-43FC-822C-220B5CB7500A}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4DBDF3FA-0522-434E-A594-A11E44B55813}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D05D0D3E-F095-4364-9AB6-55B845D07E0A}] => C:\Users\BjÃ¶rn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AB8606DB-8A18-4F90-B20D-4FC84575F435}] => C:\Users\BjÃ¶rn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{76B55062-367F-41FD-A342-17DFC288500A}] => C:\Users\BjÃ¶rn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F6FA2F0A-C35E-4646-8117-2355A14A69A1}] => C:\Users\BjÃ¶rn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CF685F9D-AD57-4F31-872C-FAE4E1E2D6F3}] => C:\Users\BjÃ¶rn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{99A180E5-D309-4454-A2FF-D8DB62D93829}] => C:\Users\BjÃ¶rn\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{83F8AF97-321B-4307-8B3F-A02C4D39948C}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D9FA7DBD-0C34-4A60-B022-1B0EE76A825E}] => LPort=2869
FirewallRules: [{DCD2B17D-6D2D-4CD3-A8C9-D2FB0DF9DB64}] => LPort=1900
FirewallRules: [{677A4265-50B0-47F2-9533-F6948AB5A3FE}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{7C2D7E05-2939-424C-AD2F-3E29EC4F3740}] => C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{A5779539-C663-4816-ADBF-C2FAA2C07738}] => C:\Program Files (x86)\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
FirewallRules: [{0E14E52F-0F3A-4B30-ABCA-FDD3BA944944}] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{97BE52A2-B56E-4317-A098-C97E7BF25CB1}] => C:\Program Files (x86)\Opera\42.0.2393.137\opera.exe

==================== Wiederherstellungspunkte =========================

Wiederherstellungspunkte konnten nicht aufgelistet werden
ÃœberprÃ¼fen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== Fehlerhafte GerÃ¤te im GerÃ¤temanager =============

Konnte GerÃ¤te nicht auflisten. ÃœberprÃ¼fen Sie den "winmgmt" Dienst oder reparieren Sie den WMI.


==================== FehlereintrÃ¤ge in der Ereignisanzeige: =========================

Der Dienst der Ereignisanzeige konnte nicht gestartet werden, EintrÃ¤ge konnten nicht gelesen werden.

Systemfehler 123 aufgetreten.

Die Syntax fr den Dateinamen, Verzeichnisnamen oder die Datentr„gerbezeichnung ist falsch.


==================== Speicherinformationen =========================== 

Prozessor: AMD FX(tm)-4100 Quad-Core Processor 
Prozentuale Nutzung des RAM: 55%
Installierter physikalischer RAM: 8174.12 MB
Verfügbarer physikalischer RAM: 3601.37 MB
Summe virtueller Speicher: 16346.42 MB
Verfügbarer virtueller Speicher: 10445.52 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:195.21 GB) (Free:33.78 GB) NTFS
Drive d: (Volume) (Fixed) (Total:736.2 GB) (Free:634.02 GB) NTFS
Drive f: (Artist Drums Disc 2) (CDROM) (Total:0.62 GB) (Free:0 GB) CDFS
Drive l: (MusicBackup) (Fixed) (Total:465.76 GB) (Free:291.92 GB) NTFS
Drive m: (Music Library) (Fixed) (Total:465.76 GB) (Free:25.72 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 04D66167)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=736.2 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 0008E82C)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B0109109)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== Ende von Addition.txt ============================

burningice · 22.01.2017, 20:18

Dein PC ist stark infiziert. Bitte nicht mehr an dem PC arbeiten, bis ich dir das okay dazu gebe. Aus Sicherheitsgründen bitte wichtige Passwörter von einem anderen PC oder vom Handy aus ändern.

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

DasPiano · 22.01.2017, 22:59

Wow

danke!

Kann man sagen, was es ist, oder dauert das zu lange?

TDSSKiller - Report:

Code:

ATTFilter

20:57:39.0361 0x04e0  TDSS rootkit removing tool 3.1.0.12 Nov  7 2016 07:10:01
20:57:43.0436 0x04e0  ============================================================
20:57:43.0436 0x04e0  Current date / time: 2017/01/22 20:57:43.0436
20:57:43.0436 0x04e0  SystemInfo:
20:57:43.0436 0x04e0  
20:57:43.0436 0x04e0  OS Version: 6.1.7601 ServicePack: 1.0
20:57:43.0436 0x04e0  Product type: Workstation
20:57:43.0436 0x04e0  ComputerName: MUSIC-PC
20:57:43.0436 0x04e0  UserName: Björn
20:57:43.0436 0x04e0  Windows directory: C:\Windows
20:57:43.0436 0x04e0  System windows directory: C:\Windows
20:57:43.0436 0x04e0  Running under WOW64
20:57:43.0436 0x04e0  Processor architecture: Intel x64
20:57:43.0436 0x04e0  Number of processors: 4
20:57:43.0436 0x04e0  Page size: 0x1000
20:57:43.0436 0x04e0  Boot type: Normal boot
20:57:43.0436 0x04e0  CodeIntegrityOptions = 0x00000001
20:57:43.0436 0x04e0  ============================================================
20:57:46.0302 0x04e0  KLMD registered as C:\Windows\system32\drivers\11503521.sys
20:57:46.0302 0x04e0  KLMD ARK init status: drvProperties = 0xFFF00, osBuild = 7601.23572, osProperties = 0x1
20:57:46.0847 0x04e0  System UUID: {1BE117A3-20AF-4AC4-0072-2627A07E8A52}
20:57:48.0047 0x04e0  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:57:48.0047 0x04e0  Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:57:48.0047 0x04e0  Drive \Device\Harddisk2\DR2 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:57:48.0152 0x04e0  ============================================================
20:57:48.0152 0x04e0  \Device\Harddisk0\DR0:
20:57:48.0152 0x04e0  MBR partitions:
20:57:48.0152 0x04e0  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:57:48.0152 0x04e0  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1866D800
20:57:48.0152 0x04e0  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x186A0000, BlocksNum 0x5C065800
20:57:48.0152 0x04e0  \Device\Harddisk1\DR1:
20:57:48.0153 0x04e0  MBR partitions:
20:57:48.0153 0x04e0  \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A385FF1
20:57:48.0153 0x04e0  \Device\Harddisk2\DR2:
20:57:48.0154 0x04e0  MBR partitions:
20:57:48.0154 0x04e0  \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A385000
20:57:48.0154 0x04e0  ============================================================
20:57:48.0171 0x04e0  C: <-> \Device\Harddisk0\DR0\Partition2
20:57:48.0219 0x04e0  D: <-> \Device\Harddisk0\DR0\Partition3
20:57:48.0607 0x04e0  L: <-> \Device\Harddisk2\DR2\Partition1
20:57:48.0966 0x04e0  M: <-> \Device\Harddisk1\DR1\Partition1
20:57:48.0966 0x04e0  ============================================================
20:57:48.0966 0x04e0  Initialize success
20:57:48.0966 0x04e0  ============================================================
20:58:13.0744 0x17d8  ============================================================
20:58:13.0744 0x17d8  Scan started
20:58:13.0744 0x17d8  Mode: Manual; SigCheck; TDLFS; 
20:58:13.0744 0x17d8  ============================================================
20:58:13.0744 0x17d8  KSN ping started
20:58:14.0479 0x17d8  KSN ping finished: true
20:58:22.0324 0x17d8  ================ Scan system memory ========================
20:58:22.0324 0x17d8  System memory - ok
20:58:22.0325 0x17d8  ================ Scan services =============================
20:58:24.0043 0x17d8  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
20:58:24.0316 0x17d8  1394ohci - ok
20:58:24.0459 0x17d8  [ A3769020F7E8A70FD3E824C050F33306, BAAB18DD28C753EC90E9552BD5FFC316AD8815505A7998BCE51D21448B373D86 ] acedrv11        C:\Windows\system32\drivers\acedrv11.sys
20:58:24.0522 0x17d8  acedrv11 - ok
20:58:24.0560 0x17d8  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
20:58:24.0597 0x17d8  ACPI - ok
20:58:24.0612 0x17d8  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
20:58:24.0694 0x17d8  AcpiPmi - ok
20:58:24.0866 0x17d8  [ 9BAF21BA600EC4E5FD9A66AD3E4FF5A6, 5E02E5E80557F6EC870EB7CC2DE95169D4225B87A2FE7E796736205F51C15816 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:58:24.0913 0x17d8  AdobeFlashPlayerUpdateSvc - ok
20:58:24.0984 0x17d8  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
20:58:25.0016 0x17d8  adp94xx - ok
20:58:25.0061 0x17d8  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
20:58:25.0092 0x17d8  adpahci - ok
20:58:25.0118 0x17d8  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
20:58:25.0151 0x17d8  adpu320 - ok
20:58:25.0182 0x17d8  [ 262D7C87D0AC20B96EF9877D3CA478A0, 54F7E5A5F8991C5525500C1ECCF3D3135D13F48866C366E52DF1D052DB2EE15B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
20:58:25.0213 0x17d8  AeLookupSvc - ok
20:58:25.0273 0x17d8  [ 9A4A1EEE802BF2F878EE8EAB407B21B7, 177EB7DF4B35FE4C0E45E775A0FD5D48D39B410052E3EE18BDEEC809E152D9D8 ] AFD             C:\Windows\system32\drivers\afd.sys
20:58:25.0322 0x17d8  AFD - ok
20:58:25.0336 0x17d8  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
20:58:25.0370 0x17d8  agp440 - ok
20:58:25.0415 0x17d8  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
20:58:25.0458 0x17d8  ALG - ok
20:58:25.0488 0x17d8  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
20:58:25.0513 0x17d8  aliide - ok
20:58:25.0557 0x17d8  [ A2F5BEA5B45A8E7C4776F39C25E8699D, 52BD8D15CCDD74C193F2622928CB6C2E3FCE026B19BA6318DB04900BD19C5DC6 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:58:25.0675 0x17d8  AMD External Events Utility - ok
20:58:25.0774 0x17d8  AMD FUEL Service - ok
20:58:25.0789 0x17d8  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
20:58:25.0805 0x17d8  amdide - ok
20:58:25.0821 0x17d8  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
20:58:25.0852 0x17d8  AmdK8 - ok
20:58:26.0305 0x17d8  [ 5B03217859B014B090CB5060C1D96875, CFA9110054CFAF319394BB8D567B74AFFA21791A58DC81B87A714CCC7C578F33 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
20:58:26.0611 0x17d8  amdkmdag - ok
20:58:26.0767 0x17d8  [ 35D2184A99AD4CD5D17284D6C9F382C9, 93FE4EF2489C29823ED0F9C9D91B44E531BC0A9B3B56DDDDA0F947E80568F70C ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
20:58:26.0798 0x17d8  amdkmdap - ok
20:58:26.0861 0x17d8  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
20:58:27.0079 0x17d8  AmdPPM - ok
20:58:27.0178 0x17d8  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
20:58:27.0272 0x17d8  amdsata - ok
20:58:27.0412 0x17d8  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
20:58:27.0444 0x17d8  amdsbs - ok
20:58:27.0553 0x17d8  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
20:58:27.0600 0x17d8  amdxata - ok
20:58:28.0210 0x17d8  [ 2B8D1C23D204C0E70EFF48A3FFA1C67B, 4765AB77069EDF0BB1BD216EBA5E99CA3B4A5AF431E9BFC042B117B80FAC9581 ] AMD_RAIDXpert   C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
20:58:28.0225 0x17d8  AMD_RAIDXpert - detected UnsignedFile.Multi.Generic ( 1 )
20:58:29.0099 0x17d8  Detect skipped due to KSN trusted
20:58:29.0099 0x17d8  AMD_RAIDXpert - ok
20:58:29.0162 0x17d8  [ F312FAD7DBD49ED21A194AC71B497832, C11ADF298E03B13D7B36D8AF978E866B67C252745FCC5D3642DF9B5033D9C370 ] AODDriver4.01   C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:58:30.0130 0x17d8  AODDriver4.01 - ok
20:58:30.0199 0x17d8  [ FCE5C79717A487BDC71F3DEC78A684CA, F5520F112A4EBDD10444AA5E9FDB9125219FCF768FEB95AB608BC84D60136816 ] AppID           C:\Windows\system32\drivers\appid.sys
20:58:30.0230 0x17d8  AppID - ok
20:58:30.0277 0x17d8  [ 8921E1D8AE5171691F186A7C5B98B630, 4A37313BB94D4B49D0294C9439AD0793DE328F9F4DA1C47E34E6ACEA46AF6E14 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
20:58:30.0464 0x17d8  AppIDSvc - ok
20:58:30.0542 0x17d8  [ DE23E052E557580674785CDF45B613F3, A955ADC6CC7D816BA7CE1065F911E7A3295A1908C22BE0A3C506C38CFEE8DE0D ] Appinfo         C:\Windows\System32\appinfo.dll
20:58:30.0573 0x17d8  Appinfo - ok
20:58:30.0714 0x17d8  [ 7D811EA7A2AAA49B0446D42CBC1CD338, AFECE5E44E48F756C7EB81D95C9237552AF8A9C02CBE756E0F3D3C6524DE49AD ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:58:30.0745 0x17d8  Apple Mobile Device Service - ok
20:58:30.0885 0x17d8  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
20:58:30.0916 0x17d8  arc - ok
20:58:30.0963 0x17d8  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
20:58:30.0979 0x17d8  arcsas - ok
20:58:31.0124 0x17d8  [ C6C1FBA3B599F2BFEAB467DC9E66AA5E, 23A6EEFBAB7B7DB722CD09AB9F4ACE857D64D212428BAFC3264ABD982C98CC0C ] ASDiskUnlocker  C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
20:58:31.0155 0x17d8  ASDiskUnlocker - ok
20:58:31.0186 0x17d8  [ 2921131F9A111FD6C6D2C5E1E5B6B75C, 291642E756A27B4FE010A44446192E8169F7BDE35D84BFDB3282DF0394EF908E ] ASFLTDrv.sys    C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys
20:58:31.0202 0x17d8  ASFLTDrv.sys - ok
20:58:31.0280 0x17d8  [ 22842362DF890F5492F85AA60916A697, EC01380B1C9BF4CFBA018FC314563F0785280172A2A9B51D50F088E7101951EF ] asmthub3        C:\Windows\system32\DRIVERS\asmthub3.sys
20:58:31.0311 0x17d8  asmthub3 - ok
20:58:31.0358 0x17d8  [ 08E2D77766CC05E75A0707207D9FC684, 6CF3B12B2B3375B715A3EBC66EF148CEA2248D448A3A37875B7B1BC7CDA40FDD ] asmtxhci        C:\Windows\system32\DRIVERS\asmtxhci.sys
20:58:31.0389 0x17d8  asmtxhci - ok
20:58:31.0685 0x17d8  [ 08FC11F6416923BBC614C28B4180E9A7, C829380F10E3EE92A38F2D59ED0D5B1D27B577021307E0C2C23EC901D0479006 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
20:58:31.0716 0x17d8  aspnet_state - ok
20:58:31.0763 0x17d8  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
20:58:31.0810 0x17d8  AsyncMac - ok
20:58:31.0841 0x17d8  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
20:58:31.0872 0x17d8  atapi - ok
20:58:31.0935 0x17d8  [ DBB487D09F56C674430AC454FD8BCAB9, CF6413DD5D4876CE1F65E40115994423804AA5EA5CBDEB433DB751B445C17BB8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:58:31.0966 0x17d8  AtiHDAudioService - ok
20:58:32.0013 0x17d8  [ C07A040D6B5A42DD41EE386CF90974C8, 8D47815F99C79B795504C3172B5FBBDBA6AFACC004B17AA3954A06BE713FACAE ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie.sys
20:58:32.0028 0x17d8  AtiPcie - ok
20:58:32.0091 0x17d8  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:58:32.0123 0x17d8  AudioEndpointBuilder - ok
20:58:32.0232 0x17d8  [ 67C717EC24FCAAE7B518D9E06AD036AB, F08550E4FCEC2899FACEF2A18CEE3D068D5911FFD2FF5534E4921E56FB0AEF59 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
20:58:32.0279 0x17d8  AudioSrv - ok
20:58:32.0326 0x17d8  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
20:58:32.0373 0x17d8  AxInstSV - ok
20:58:32.0404 0x17d8  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
20:58:32.0451 0x17d8  b06bdrv - ok
20:58:32.0544 0x17d8  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
20:58:32.0581 0x17d8  b57nd60a - ok
20:58:32.0621 0x17d8  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
20:58:32.0653 0x17d8  BDESVC - ok
20:58:32.0668 0x17d8  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
20:58:32.0719 0x17d8  Beep - ok
20:58:32.0770 0x17d8  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
20:58:32.0822 0x17d8  BFE - ok
20:58:32.0924 0x17d8  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
20:58:33.0059 0x17d8  BITS - ok
20:58:33.0074 0x17d8  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
20:58:33.0117 0x17d8  blbdrive - ok
20:58:33.0165 0x17d8  [ B5C2F92EE1106DFE7BB1CCE4D35B6037, E399C390687589194D8AAD385055F0CFA7D52AD9E837D8FF95008B8EB2B34E50 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:58:33.0180 0x17d8  Bonjour Service - ok
20:58:33.0905 0x17d8  [ ABA3984C822E4D3F889699912D85D6C5, 2251FA135CC290DA13DAE4743F393C7CC9E6A737C054707CB8D72C369D1FFACB ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
20:58:33.0937 0x17d8  bowser - ok
20:58:33.0952 0x17d8  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
20:58:33.0983 0x17d8  BrFiltLo - ok
20:58:34.0015 0x17d8  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
20:58:34.0046 0x17d8  BrFiltUp - ok
20:58:34.0124 0x17d8  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
20:58:34.0171 0x17d8  BridgeMP - ok
20:58:34.0358 0x17d8  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
20:58:34.0389 0x17d8  Browser - ok
20:58:34.0467 0x17d8  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
20:58:34.0514 0x17d8  Brserid - ok
20:58:34.0529 0x17d8  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
20:58:34.0576 0x17d8  BrSerWdm - ok
20:58:34.0592 0x17d8  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
20:58:34.0639 0x17d8  BrUsbMdm - ok
20:58:34.0670 0x17d8  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
20:58:34.0685 0x17d8  BrUsbSer - ok
20:58:34.0717 0x17d8  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
20:58:34.0748 0x17d8  BTHMODEM - ok
20:58:34.0763 0x17d8  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
20:58:34.0810 0x17d8  bthserv - ok
20:58:34.0841 0x17d8  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
20:58:34.0888 0x17d8  cdfs - ok
20:58:34.0919 0x17d8  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
20:58:34.0951 0x17d8  cdrom - ok
20:58:34.0997 0x17d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
20:58:35.0044 0x17d8  CertPropSvc - ok
20:58:35.0075 0x17d8  [ 7AD735DB1A9CC82D75E8854952EE8052, 662E6A07AF995AFF7E2D7817F121028078E0B04B394A29D6E62A8BC287C7A6D9 ] CFRMD           C:\Windows\system32\DRIVERS\CFRMD.sys
20:58:35.0091 0x17d8  CFRMD - detected UnsignedFile.Multi.Generic ( 1 )
20:58:35.0968 0x17d8  Detect skipped due to KSN trusted
20:58:35.0968 0x17d8  CFRMD - ok
20:58:35.0999 0x17d8  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
20:58:36.0030 0x17d8  circlass - ok
20:58:36.0124 0x17d8  [ 3D67C27DD17B254D7915FA16A5AE3573, 5B3A6C6A7F940C06362775DAF13CEADA37C7AA84A509458A57C23B4369970A90 ] CLFS            C:\Windows\system32\CLFS.sys
20:58:36.0155 0x17d8  CLFS - ok
20:58:36.0264 0x17d8  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:58:36.0295 0x17d8  clr_optimization_v2.0.50727_32 - ok
20:58:36.0311 0x17d8  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:58:36.0342 0x17d8  clr_optimization_v2.0.50727_64 - ok
20:58:36.0420 0x17d8  [ 40554ADA608F31A73BC002041BFBCED4, 8A4FB3B824EC49392A206BF14381AAE389C0E683B4ED0E89F5362746222E1FBA ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:58:36.0451 0x17d8  clr_optimization_v4.0.30319_32 - ok
20:58:36.0607 0x17d8  [ 7CD17E6A27D64F672DEA52E9D144B08E, 566CB07531BEBFB704E2BE2D33F49B5D9F962D7931B2BABC1BA2F4015C651CBE ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:58:36.0623 0x17d8  clr_optimization_v4.0.30319_64 - ok
20:58:36.0654 0x17d8  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
20:58:36.0685 0x17d8  CmBatt - ok
20:58:37.0060 0x17d8  [ 7DFC16B25788C97F3E9C42B1FCAC0A67, D729D138CAAE8295B750A48F8A9806F4C54224BEF4A5260EDDB5B1D959FC9CFF ] CmdAgent        C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:58:37.0237 0x17d8  CmdAgent - ok
20:58:37.0269 0x17d8  [ FED8C11536B9AC647D70B9D132AA4CCB, EFCDDB768526917D794EB197441B7718D33D62DB1987365EF74A7A08BC503139 ] cmderd          C:\Windows\system32\DRIVERS\cmderd.sys
20:58:37.0300 0x17d8  cmderd - ok
20:58:37.0425 0x17d8  [ CF4B7F889FA28588FFD513499271D5B1, 03A31156AB468C326E91AD81601B3F6BF2DA1F215FADF39FE3A4E27349D1A285 ] cmdGuard        C:\Windows\system32\DRIVERS\cmdguard.sys
20:58:37.0471 0x17d8  cmdGuard - ok
20:58:37.0487 0x17d8  [ 470E0EC0A1BE4F97DE616C5D13A58209, 1F45C4BC95AAF9294356838B8E9C02CC1E7CA0FB076C38E93E387B7C70158916 ] cmdHlp          C:\Windows\system32\DRIVERS\cmdhlp.sys
20:58:37.0518 0x17d8  cmdHlp - ok
20:58:37.0549 0x17d8  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
20:58:37.0565 0x17d8  cmdide - ok
20:58:37.0674 0x17d8  [ 084A29576C98C45E836CC977C1D311FD, BE01F6A181AB43590C15271E09BEC9B2CF14A011E7A8EE226CA1A2E6C874B39B ] cmdvirth        C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
20:58:37.0752 0x17d8  cmdvirth - ok
20:58:37.0799 0x17d8  [ A98CED39AD91B445E2E442A9BD67E8B4, B4189DEEF1C0EE22AE983119047B1A40FFDD8F3E163DFFABD7C2706231B0B1B0 ] CNG             C:\Windows\system32\Drivers\cng.sys
20:58:37.0846 0x17d8  CNG - ok
20:58:37.0893 0x17d8  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
20:58:37.0908 0x17d8  Compbatt - ok
20:58:37.0939 0x17d8  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
20:58:37.0971 0x17d8  CompositeBus - ok
20:58:37.0986 0x17d8  COMSysApp - ok
20:58:38.0017 0x17d8  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
20:58:38.0033 0x17d8  crcdisk - ok
20:58:38.0095 0x17d8  [ 2C6632CECFDBBE793FDA8AF9CA55A9CC, 335188515F798483660E529204A13012E4D21B0ECA489224A11C26F91A5B3CCE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
20:58:38.0127 0x17d8  CryptSvc - ok
20:58:38.0236 0x17d8  [ 5A639B2B630B572FFE9B72448A8A514D, C61C72BC85AD4E2A2AD12E1404601B5FFC26AABB0D9D9CDF48D926443FF91F50 ] DBService       C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe
20:58:38.0251 0x17d8  DBService - ok
20:58:38.0298 0x17d8  dbupdate - ok
20:58:38.0298 0x17d8  dbupdatem - ok
20:58:38.0298 0x17d8  dbx - ok
20:58:38.0345 0x17d8  [ 92DC74466983762D0976DCA6CF3183B1, 982F4F0572E0EAB824E3098E17AB79ACF845CBBB23416F4FFB5DB999F5F57AFF ] DbxSvc          C:\Windows\system32\DbxSvc.exe
20:58:38.0361 0x17d8  DbxSvc - ok
20:58:38.0423 0x17d8  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] DcomLaunch      C:\Windows\system32\rpcss.dll
20:58:38.0470 0x17d8  DcomLaunch - ok
20:58:38.0548 0x17d8  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
20:58:38.0595 0x17d8  defragsvc - ok
20:58:38.0641 0x17d8  [ 9B38580063D281A99E68EF5813022A5F, D91676B0E0A8E2A090E3E5DD340ABCFC20AE0F55B4C82869D6CFB34239BD27DA ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
20:58:38.0688 0x17d8  DfsC - ok
20:58:38.0719 0x17d8  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
20:58:38.0751 0x17d8  Dhcp - ok
20:58:38.0813 0x17d8  [ EE9954237F15BE4DD9304D12E4D305ED, F295C9BAF20F0E669B673AFCC16B4969EE31B6A3808980DAB93D9B0F167DA3C0 ] DiagTrack       C:\Windows\system32\diagtrack.dll
20:58:38.0880 0x17d8  DiagTrack - ok
20:58:39.0005 0x17d8  [ 465949FD7AF3931B415D3FE2193DB782, 4EE3881F62183EF4F9A32EBADC019DD1FB70A2FE009503130146343FA7915E36 ] DigitalWave.Update.Service C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
20:58:39.0052 0x17d8  DigitalWave.Update.Service - ok
20:58:39.0083 0x17d8  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
20:58:39.0131 0x17d8  discache - ok
20:58:39.0178 0x17d8  [ 616387BBD83372220B09DE95F4E67BBC, 5E2D5280BB775576E7CDE3FA6BDE494E183123635E5908CF7EBF1FF52966D07D ] Disk            C:\Windows\system32\drivers\disk.sys
20:58:39.0193 0x17d8  Disk - ok
20:58:39.0225 0x17d8  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
20:58:39.0256 0x17d8  Dnscache - ok
20:58:39.0303 0x17d8  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
20:58:39.0349 0x17d8  dot3svc - ok
20:58:39.0396 0x17d8  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
20:58:39.0427 0x17d8  DPS - ok
20:58:39.0505 0x17d8  [ 26FE888505E5A945B0536AF9A2A27A6F, A6B16ED498BAFE300E1F0E0A241E3D62F7A1C5973EE775904ED14F33A2BC08A6 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
20:58:39.0521 0x17d8  drmkaud - ok
20:58:39.0583 0x17d8  [ 6A0E850DDCB136AA3D2FB7234382DF12, C01863E95F45E1B74AC65C9CD12C8DC769299218255B3C94E3EBF58C4D79FEF3 ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
20:58:39.0615 0x17d8  dtsoftbus01 - ok
20:58:39.0724 0x17d8  [ 3A9D7D464BDB3B70D7ECF689ADABBD4D, B4F5B23705EA1BA453FE30791CA245E1A5F7FBEABAD026E4A8A15A9FC44E8C9C ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
20:58:39.0771 0x17d8  DXGKrnl - ok
20:58:39.0786 0x17d8  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
20:58:39.0833 0x17d8  EapHost - ok
20:58:40.0005 0x17d8  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
20:58:40.0115 0x17d8  ebdrv - ok
20:58:40.0162 0x17d8  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] EFS             C:\Windows\System32\lsass.exe
20:58:40.0193 0x17d8  EFS - ok
20:58:40.0318 0x17d8  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
20:58:40.0380 0x17d8  ehRecvr - ok
20:58:40.0411 0x17d8  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
20:58:40.0442 0x17d8  ehSched - ok
20:58:40.0583 0x17d8  [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
20:58:40.0614 0x17d8  ElbyCDIO - ok
20:58:40.0676 0x17d8  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
20:58:40.0708 0x17d8  elxstor - ok
20:58:40.0754 0x17d8  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
20:58:40.0770 0x17d8  ErrDev - ok
20:58:40.0910 0x17d8  [ 4D7F3114147C31390262F19F74E5BF07, E89F5304149B51327DFE1314AE13352923B752BC24585FF42F28EF5F00936A6A ] ESProtectionDriver C:\Windows\system32\drivers\mbae64.sys
20:58:40.0942 0x17d8  ESProtectionDriver - ok
20:58:41.0082 0x17d8  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
20:58:41.0143 0x17d8  EventSystem - ok
20:58:41.0192 0x17d8  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
20:58:41.0239 0x17d8  exfat - ok
20:58:41.0270 0x17d8  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
20:58:41.0317 0x17d8  fastfat - ok
20:58:41.0380 0x17d8  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
20:58:41.0411 0x17d8  Fax - ok
20:58:41.0442 0x17d8  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
20:58:41.0458 0x17d8  fdc - ok
20:58:41.0504 0x17d8  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
20:58:41.0551 0x17d8  fdPHost - ok
20:58:41.0567 0x17d8  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
20:58:41.0614 0x17d8  FDResPub - ok
20:58:41.0629 0x17d8  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
20:58:41.0645 0x17d8  FileInfo - ok
20:58:41.0692 0x17d8  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
20:58:41.0738 0x17d8  Filetrace - ok
20:58:41.0754 0x17d8  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
20:58:41.0785 0x17d8  flpydisk - ok
20:58:41.0816 0x17d8  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
20:58:41.0848 0x17d8  FltMgr - ok
20:58:41.0972 0x17d8  [ A3B63B22B761804C7B916F5FBC5763C2, 4F62413BD70E135C142376ACBE9CD46F7F06303B49B6AE0B9FF58FC4DF7BD86A ] FontCache       C:\Windows\system32\FntCache.dll
20:58:42.0035 0x17d8  FontCache - ok
20:58:42.0106 0x17d8  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:58:42.0123 0x17d8  FontCache3.0.0.0 - ok
20:58:42.0139 0x17d8  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
20:58:42.0154 0x17d8  FsDepends - ok
20:58:42.0186 0x17d8  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
20:58:42.0217 0x17d8  Fs_Rec - ok
20:58:42.0248 0x17d8  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
20:58:42.0264 0x17d8  fvevol - ok
20:58:42.0310 0x17d8  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
20:58:42.0326 0x17d8  gagp30kx - ok
20:58:42.0388 0x17d8  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:58:42.0404 0x17d8  GEARAspiWDM - ok
20:58:42.0529 0x17d8  [ E4AE497857409127ED57562AF913A903, 262ADD713B1FBF6200550967D1F8635B55D01BBD8FA2E753536E71A4EC87867B ] gpsvc           C:\Windows\System32\gpsvc.dll
20:58:42.0576 0x17d8  gpsvc - ok
20:58:42.0685 0x17d8  [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:58:42.0700 0x17d8  gupdate - ok
20:58:42.0716 0x17d8  [ C6FF00DA1605982E616C03BE809FFE2D, 4D9C86B9FF2FA291DC320677D28DF00C26834409F7AD94D6C07D2233ED746B19 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:58:42.0732 0x17d8  gupdatem - ok
20:58:42.0763 0x17d8  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
20:58:42.0778 0x17d8  hcw85cir - ok
20:58:42.0810 0x17d8  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
20:58:42.0841 0x17d8  HDAudBus - ok
20:58:42.0872 0x17d8  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
20:58:42.0888 0x17d8  HidBatt - ok
20:58:42.0919 0x17d8  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
20:58:42.0950 0x17d8  HidBth - ok
20:58:42.0966 0x17d8  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
20:58:42.0997 0x17d8  HidIr - ok
20:58:43.0028 0x17d8  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
20:58:43.0075 0x17d8  hidserv - ok
20:58:43.0125 0x17d8  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
20:58:43.0153 0x17d8  HidUsb - ok
20:58:43.0219 0x17d8  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
20:58:43.0265 0x17d8  hkmsvc - ok
20:58:43.0291 0x17d8  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:58:43.0322 0x17d8  HomeGroupListener - ok
20:58:43.0355 0x17d8  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:58:43.0386 0x17d8  HomeGroupProvider - ok
20:58:43.0411 0x17d8  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
20:58:43.0432 0x17d8  HpSAMD - ok
20:58:43.0531 0x17d8  [ F61634BEC53F73702A10DE69F6DCAF57, BBA7344CF3AB96A46D1A6F1D50F2758EA8D097FE558C38B4EF45C8C334AF96E1 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
20:58:43.0577 0x17d8  HTTP - ok
20:58:43.0609 0x17d8  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
20:58:43.0624 0x17d8  hwpolicy - ok
20:58:43.0640 0x17d8  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
20:58:43.0672 0x17d8  i8042prt - ok
20:58:43.0734 0x17d8  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
20:58:43.0766 0x17d8  iaStorV - ok
20:58:43.0890 0x17d8  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:58:43.0922 0x17d8  idsvc - ok
20:58:43.0937 0x17d8  IEEtwCollectorService - ok
20:58:43.0937 0x17d8  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
20:58:43.0968 0x17d8  iirsp - ok
20:58:44.0078 0x17d8  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
20:58:44.0110 0x17d8  IKEEXT - ok
20:58:44.0188 0x17d8  [ BDECEA52FAE88AD64E7BEBDE65BAEC6A, 254E5A391AE817242AAD7D8F9608CA1DA31134A220B423BCF18859D609B3BFD0 ] inspect         C:\Windows\system32\DRIVERS\inspect.sys
20:58:44.0219 0x17d8  inspect - ok
20:58:44.0890 0x17d8  [ 150AC23F21DBDBF8488408BA944B0D65, 77A3A0FB5208AA061224CFACC4D136A260132CC4BA01D105AE1532B749968708 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
20:58:45.0015 0x17d8  IntcAzAudAddService - ok
20:58:45.0046 0x17d8  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
20:58:45.0108 0x17d8  intelide - ok
20:58:45.0155 0x17d8  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
20:58:45.0171 0x17d8  intelppm - ok
20:58:45.0217 0x17d8  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
20:58:45.0264 0x17d8  IPBusEnum - ok
20:58:45.0280 0x17d8  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:58:45.0327 0x17d8  IpFilterDriver - ok
20:58:45.0373 0x17d8  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
20:58:45.0405 0x17d8  iphlpsvc - ok
20:58:45.0436 0x17d8  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
20:58:45.0451 0x17d8  IPMIDRV - ok
20:58:45.0514 0x17d8  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
20:58:45.0561 0x17d8  IPNAT - ok
20:58:45.0670 0x17d8  [ A9E19D4C0E9487544B0A87D511514DA9, 83767BA2A7EE1DE39DBF824B57D898355F8C5E3CE146CA280B0E336428837E70 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
20:58:45.0701 0x17d8  iPod Service - ok
20:58:45.0701 0x17d8  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
20:58:45.0732 0x17d8  IRENUM - ok
20:58:45.0763 0x17d8  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
20:58:45.0779 0x17d8  isapnp - ok
20:58:45.0826 0x17d8  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
20:58:45.0841 0x17d8  iScsiPrt - ok
20:58:45.0857 0x17d8  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
20:58:45.0873 0x17d8  kbdclass - ok
20:58:45.0904 0x17d8  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
20:58:45.0919 0x17d8  kbdhid - ok
20:58:45.0935 0x17d8  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] KeyIso          C:\Windows\system32\lsass.exe
20:58:45.0966 0x17d8  KeyIso - ok
20:58:45.0982 0x17d8  [ 6F5F0C6160EF237F0243C1E416EEBA98, 8BA8AA0D71350A74E294A731226B1638C6059013D645ABDE7188F7733E320FBD ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
20:58:46.0013 0x17d8  KSecDD - ok
20:58:46.0029 0x17d8  [ 05529E53B286FD60E7EF04EF138CABFD, 6C045750DCD3EE76F748582513AD4FA99C0E8E56B616725CD48DCA1068FF8923 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
20:58:46.0060 0x17d8  KSecPkg - ok
20:58:46.0075 0x17d8  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
20:58:46.0108 0x17d8  ksthunk - ok
20:58:46.0154 0x17d8  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
20:58:46.0201 0x17d8  KtmRm - ok
20:58:46.0248 0x17d8  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
20:58:46.0295 0x17d8  LanmanServer - ok
20:58:46.0435 0x17d8  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:58:46.0482 0x17d8  LanmanWorkstation - ok
20:58:46.0544 0x17d8  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
20:58:46.0591 0x17d8  lltdio - ok
20:58:46.0654 0x17d8  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
20:58:46.0700 0x17d8  lltdsvc - ok
20:58:46.0794 0x17d8  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
20:58:46.0872 0x17d8  lmhosts - ok
20:58:46.0872 0x17d8  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
20:58:46.0903 0x17d8  LSI_FC - ok
20:58:46.0919 0x17d8  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
20:58:46.0934 0x17d8  LSI_SAS - ok
20:58:46.0966 0x17d8  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
20:58:46.0981 0x17d8  LSI_SAS2 - ok
20:58:46.0981 0x17d8  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
20:58:47.0012 0x17d8  LSI_SCSI - ok
20:58:47.0028 0x17d8  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
20:58:47.0075 0x17d8  luafv - ok
20:58:47.0107 0x17d8  [ 3BEC6134F1E45AEF5E971F69F0D38510, 245D7CEEB6561166EE0472551D39A9D3CFDDA52A6BF2E924AB243CCA7FBC9009 ] MBAMChameleon   C:\Windows\system32\drivers\MBAMChameleon.sys
20:58:47.0138 0x17d8  MBAMChameleon - ok
20:58:47.0185 0x17d8  [ F3960CA85778E5D7611EE0F501972340, 0DE5C8509A9A66C8185B9FAA7EAF69C0FA9C28CD9DE84AA23E128E4FF8E06BF4 ] MBAMFarflt      C:\Windows\system32\drivers\farflt.sys
20:58:47.0216 0x17d8  MBAMFarflt - ok
20:58:47.0247 0x17d8  [ 88BD122C3A35DE63D75D382DF75554CE, ABDF59543CAD186A6ED4E66257205D9CF5047732A5DA74A96A28B468B41BC396 ] MBAMProtection  C:\Windows\system32\drivers\mbam.sys
20:58:47.0279 0x17d8  MBAMProtection - ok
20:58:47.0466 0x17d8  [ 28E521A6ABA9DE062A3719452816F495, B312A37DA052229DFB19353170CD5828582F8AC6426E857CA7C8ACA0DD91C160 ] MBAMService     C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
20:58:47.0606 0x17d8  MBAMService - ok
20:58:47.0653 0x17d8  [ ABB371D9AEF728B0489B0E6872B4A1C0, E9539A4F85FE30F5BAED742778CA74C879995728668ABE6877C37633716D8770 ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
20:58:47.0669 0x17d8  MBAMSwissArmy - ok
20:58:47.0700 0x17d8  [ 90AF4ED8A8D28C40F162DDC1ABD49C42, 32F93DD5E627097762FC42C3E211DD86D5FDA82A7FCF8DFCD81569E1D5BC680F ] MBAMWebProtection C:\Windows\system32\drivers\mwac.sys
20:58:47.0715 0x17d8  MBAMWebProtection - ok
20:58:47.0747 0x17d8  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
20:58:47.0778 0x17d8  Mcx2Svc - ok
20:58:47.0856 0x17d8  [ 11F714F85530A2BD134074DC30E99FCA, BDB5FD3B2DF4ADD19B31965B3E789768B59E872B3EA85912B1FFB32B2AF9D5D8 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
20:58:47.0887 0x17d8  MDM - ok
20:58:47.0903 0x17d8  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
20:58:47.0934 0x17d8  megasas - ok
20:58:47.0965 0x17d8  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
20:58:47.0996 0x17d8  MegaSR - ok
20:58:48.0012 0x17d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
20:58:48.0059 0x17d8  MMCSS - ok
20:58:48.0090 0x17d8  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
20:58:48.0137 0x17d8  Modem - ok
20:58:48.0168 0x17d8  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
20:58:48.0183 0x17d8  monitor - ok
20:58:48.0199 0x17d8  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
20:58:48.0215 0x17d8  mouclass - ok
20:58:48.0246 0x17d8  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
20:58:48.0261 0x17d8  mouhid - ok
20:58:48.0293 0x17d8  [ 8ADB5445B29941CB41AF2846FD5C93C7, 689582430FE29EC0845B1DB841D3CC49D5D09DE264586E3999EEFE616986D12B ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
20:58:48.0324 0x17d8  mountmgr - ok
20:58:48.0324 0x17d8  Suspicious service (Hidden): MozillaMaintenance
20:58:48.0371 0x17d8  [ E464A0A92E2E354D07DDA713D3E10DE4, D5CF213F03DF54EF9933027A7A7D4413371C1ECBFF61E4DE818D50FA72C8C5FC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:58:48.0386 0x17d8  Suspicious file ( Hidden ): C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe. md5: E464A0A92E2E354D07DDA713D3E10DE4, sha256: D5CF213F03DF54EF9933027A7A7D4413371C1ECBFF61E4DE818D50FA72C8C5FC
20:58:48.0386 0x17d8  MozillaMaintenance - detected HiddenService.Multi.Generic ( 1 )
20:58:49.0070 0x17d8  Detect skipped due to KSN trusted
20:58:49.0070 0x17d8  MozillaMaintenance - ok
20:58:49.0070 0x17d8  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
20:58:49.0101 0x17d8  mpio - ok
20:58:49.0118 0x17d8  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
20:58:49.0165 0x17d8  mpsdrv - ok
20:58:49.0212 0x17d8  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
20:58:49.0274 0x17d8  MpsSvc - ok
20:58:49.0305 0x17d8  [ 98DB1790F0A584E0A2528B92B052417F, 9AA04CA73AFE599810CD233B9CEC212E16D44DCEDF5C7D0181C7257F498068B5 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
20:58:49.0336 0x17d8  MRxDAV - ok
20:58:49.0368 0x17d8  [ 632E8A00090E4F85F304E152C92C7F2C, A3098941251A8327C95E6B1122384D54FB0ED705A9215577D968EA5B5FD88C87 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
20:58:49.0414 0x17d8  mrxsmb - ok
20:58:49.0446 0x17d8  [ 0D9C05484F2F4BD9D33A615D5DBE67EA, 1E164B631B1CD85DD5B205284CB547B189609946490AAABD22741743BFB413DF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:58:49.0492 0x17d8  mrxsmb10 - ok
20:58:49.0525 0x17d8  [ 6123E6FECC1C164022868FB1982271BE, 417E6C7AFF8B014B31AFCC202B0DCEECBDBB73205DF8C3EFC7E313664E284178 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:58:49.0544 0x17d8  mrxsmb20 - ok
20:58:49.0575 0x17d8  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
20:58:49.0590 0x17d8  msahci - ok
20:58:49.0606 0x17d8  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
20:58:49.0637 0x17d8  msdsm - ok
20:58:49.0653 0x17d8  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
20:58:49.0691 0x17d8  MSDTC - ok
20:58:49.0707 0x17d8  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
20:58:49.0753 0x17d8  Msfs - ok
20:58:49.0753 0x17d8  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
20:58:49.0800 0x17d8  mshidkmdf - ok
20:58:49.0816 0x17d8  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
20:58:49.0831 0x17d8  msisadrv - ok
20:58:49.0878 0x17d8  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
20:58:49.0925 0x17d8  MSiSCSI - ok
20:58:49.0941 0x17d8  msiserver - ok
20:58:49.0972 0x17d8  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
20:58:50.0003 0x17d8  MSKSSRV - ok
20:58:50.0019 0x17d8  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
20:58:50.0065 0x17d8  MSPCLOCK - ok
20:58:50.0097 0x17d8  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
20:58:50.0144 0x17d8  MSPQM - ok
20:58:50.0176 0x17d8  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
20:58:50.0191 0x17d8  MsRPC - ok
20:58:50.0207 0x17d8  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
20:58:50.0222 0x17d8  mssmbios - ok
20:58:50.0316 0x17d8  MSSQL$SONY_MEDIAMGR - ok
20:58:50.0363 0x17d8  [ CB7524C21727404BD3140DCA32DEB7DE, 5B1F111FADC31CD1E6F0345E2F9F989D9E63D64C9F20EFEFAC7A86BD82B8484C ] MSSQLServerADHelper C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
20:58:50.0378 0x17d8  MSSQLServerADHelper - detected UnsignedFile.Multi.Generic ( 1 )
20:58:51.0207 0x17d8  Detect skipped due to KSN trusted
20:58:51.0207 0x17d8  MSSQLServerADHelper - ok
20:58:51.0223 0x17d8  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
20:58:51.0254 0x17d8  MSTEE - ok
20:58:51.0285 0x17d8  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
20:58:51.0301 0x17d8  MTConfig - ok
20:58:51.0332 0x17d8  [ 19B006B181E3875FD254F7B67ACF1E7C, 1D68D19522E71F16B8B50F8CCFBC9D884CF2DAC40CC409BD5A40A4D4223ABC61 ] MTsensor        C:\Windows\system32\DRIVERS\ASACPI.sys
20:58:51.0348 0x17d8  MTsensor - ok
20:58:51.0379 0x17d8  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
20:58:51.0394 0x17d8  Mup - ok
20:58:51.0441 0x17d8  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
20:58:51.0488 0x17d8  napagent - ok
20:58:51.0519 0x17d8  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
20:58:51.0550 0x17d8  NativeWifiP - ok
20:58:51.0613 0x17d8  [ F7309F42555F8AAB7144A51A1F2585B0, 065277A8AFAEE3888C997A76D2F751070F92DF4C3354D16B194860B4BDAFF937 ] NDIS            C:\Windows\system32\drivers\ndis.sys
20:58:51.0644 0x17d8  NDIS - ok
20:58:51.0675 0x17d8  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
20:58:51.0722 0x17d8  NdisCap - ok
20:58:51.0738 0x17d8  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
20:58:51.0784 0x17d8  NdisTapi - ok
20:58:51.0800 0x17d8  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
20:58:51.0847 0x17d8  Ndisuio - ok
20:58:51.0878 0x17d8  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
20:58:51.0925 0x17d8  NdisWan - ok
20:58:51.0956 0x17d8  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
20:58:51.0987 0x17d8  NDProxy - ok
20:58:52.0003 0x17d8  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
20:58:52.0065 0x17d8  NetBIOS - ok
20:58:52.0143 0x17d8  [ E47D571FEC2C76E867935109AB2A770C, F349D25890B6F476B106FD75BFB081DB737CA9B224D95E44927942FFF2DF82CD ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
20:58:52.0174 0x17d8  NetBT - ok
20:58:52.0206 0x17d8  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] Netlogon        C:\Windows\system32\lsass.exe
20:58:52.0237 0x17d8  Netlogon - ok
20:58:52.0284 0x17d8  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
20:58:52.0332 0x17d8  Netman - ok
20:58:52.0364 0x17d8  [ 58EB8F52D1F17AF2F6EF9CCE7838D0F8, 6AAEA7AC36F56C7CED5DE8BA8B46716C3E8D0A418D862F4D3C84AD022659456A ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:52.0379 0x17d8  NetMsmqActivator - ok
20:58:52.0395 0x17d8  [ 58EB8F52D1F17AF2F6EF9CCE7838D0F8, 6AAEA7AC36F56C7CED5DE8BA8B46716C3E8D0A418D862F4D3C84AD022659456A ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:52.0410 0x17d8  NetPipeActivator - ok
20:58:52.0426 0x17d8  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
20:58:52.0488 0x17d8  netprofm - ok
20:58:52.0488 0x17d8  [ 58EB8F52D1F17AF2F6EF9CCE7838D0F8, 6AAEA7AC36F56C7CED5DE8BA8B46716C3E8D0A418D862F4D3C84AD022659456A ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:52.0520 0x17d8  NetTcpActivator - ok
20:58:52.0520 0x17d8  [ 58EB8F52D1F17AF2F6EF9CCE7838D0F8, 6AAEA7AC36F56C7CED5DE8BA8B46716C3E8D0A418D862F4D3C84AD022659456A ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
20:58:52.0551 0x17d8  NetTcpPortSharing - ok
20:58:52.0566 0x17d8  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
20:58:52.0582 0x17d8  nfrd960 - ok
20:58:52.0629 0x17d8  [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc          C:\Windows\System32\nlasvc.dll
20:58:52.0660 0x17d8  NlaSvc - ok
20:58:52.0676 0x17d8  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
20:58:52.0722 0x17d8  Npfs - ok
20:58:52.0754 0x17d8  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
20:58:52.0800 0x17d8  nsi - ok
20:58:52.0816 0x17d8  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
20:58:52.0863 0x17d8  nsiproxy - ok
20:58:52.0972 0x17d8  [ 47B2D0B31BDC3EBE6090228E2BA3764D, 984A4B38300954164BCBF57EC1A09C18B53779E60A26E9618B50E26016735787 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
20:58:53.0050 0x17d8  Ntfs - ok
20:58:53.0066 0x17d8  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
20:58:53.0112 0x17d8  Null - ok
20:58:53.0128 0x17d8  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
20:58:53.0159 0x17d8  nvraid - ok
20:58:53.0190 0x17d8  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
20:58:53.0206 0x17d8  nvstor - ok
20:58:53.0237 0x17d8  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
20:58:53.0253 0x17d8  nv_agp - ok
20:58:53.0268 0x17d8  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
20:58:53.0300 0x17d8  ohci1394 - ok
20:58:53.0362 0x17d8  [ 85B3D90AF13ACCF908AC4F799695BD25, D762A013ED2D2DF326ED7FDF83A1A14BA37916E03A0E54FBCB949C40FCF241F8 ] OpenDrive_minifilter C:\Program Files\OpenDrive\odminifilter.sys
20:58:53.0378 0x17d8  OpenDrive_minifilter - ok
20:58:53.0409 0x17d8  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:53.0440 0x17d8  ose - ok
20:58:53.0487 0x17d8  [ 11E0B35479C895888BA3D7F619DCFFF3, 6ED82C19898101EC00BD64A9F90595C3D20AD2D2902AA8765B740FB3B9312DDF ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:58:53.0502 0x17d8  ose64 - ok
20:58:53.0705 0x17d8  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:58:53.0861 0x17d8  osppsvc - ok
20:58:53.0924 0x17d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
20:58:53.0955 0x17d8  p2pimsvc - ok
20:58:53.0986 0x17d8  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
20:58:54.0017 0x17d8  p2psvc - ok
20:58:54.0080 0x17d8  [ B7A20E874F59E5C151C343F952E108A1, 66788788CE224224C8FAD93982B1F3969D39F37D20E210F724B005556DCC46FA ] pae_1394        C:\Windows\system32\Drivers\pae_1394_x64.sys
20:58:54.0095 0x17d8  pae_1394 - ok
20:58:54.0111 0x17d8  [ F3B330946B2EAB96754A56B2A5C2BD59, 7E7A905D1401732FB0D8D30EFC6E532FBD4A2700209274F412A65F994E136E76 ] pae_avs         C:\Windows\system32\Drivers\pae_avs_x64.sys
20:58:54.0142 0x17d8  pae_avs - ok
20:58:54.0158 0x17d8  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
20:58:54.0189 0x17d8  Parport - ok
20:58:54.0204 0x17d8  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
20:58:54.0236 0x17d8  partmgr - ok
20:58:54.0251 0x17d8  [ 3CD83692C43D87088E85E3C916146FFB, 9E812535E8FBA045FDA30F68E9EB2031132C37721D542A2DC9D4C33E2B137FCF ] PcaSvc          C:\Windows\System32\pcasvc.dll
20:58:54.0282 0x17d8  PcaSvc - ok
20:58:54.0314 0x17d8  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
20:58:54.0345 0x17d8  pci - ok
20:58:54.0360 0x17d8  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
20:58:54.0376 0x17d8  pciide - ok
20:58:54.0407 0x17d8  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
20:58:54.0423 0x17d8  pcmcia - ok
20:58:54.0438 0x17d8  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
20:58:54.0470 0x17d8  pcw - ok
20:58:54.0594 0x17d8  [ A279FC9BE4D1DA5DA3E79B5EAE0FDCF4, 0CC9A413E2BFE30421A74610300F6AD29769EF45557137F6FD7B7FAF0E0A241C ] PDF Architect 3 C:\Program Files (x86)\PDF Architect 3\ws.exe
20:58:54.0672 0x17d8  PDF Architect 3 - ok
20:58:54.0719 0x17d8  [ 29D993E6AABC958032ED9620D232C521, 68F6581BB8A856561BAD22B5EB5CAB25B3F9473228B553D133ECFB4BDCEB2A3F ] PDF Architect 3 CrashHandler C:\Program Files (x86)\PDF Architect 3\crash-handler-ws.exe
20:58:54.0766 0x17d8  PDF Architect 3 CrashHandler - ok
20:58:54.0828 0x17d8  [ 9EC3A20048C2E53B98E3617B7D6EB1DE, 8C2A11FFE65C062E8091135ECE4E392C2F18BB48C565E47DA08BF344B2587061 ] PDF Architect 3 Creator C:\Program Files (x86)\PDF Architect 3\creator-ws.exe
20:58:54.0875 0x17d8  PDF Architect 3 Creator - ok
20:58:54.0922 0x17d8  [ EA4D67448BE493D543F1730D6CD04694, 24717C5E41B7CA522F3330EF2228B6685E710A5259396E9887A1C1E7A413F8CA ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
20:58:54.0953 0x17d8  PEAUTH - ok
20:58:55.0047 0x17d8  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
20:58:55.0078 0x17d8  PerfHost - ok
20:58:55.0156 0x17d8  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
20:58:55.0234 0x17d8  pla - ok
20:58:55.0281 0x17d8  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
20:58:55.0312 0x17d8  PlugPlay - ok
20:58:55.0328 0x17d8  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
20:58:55.0359 0x17d8  PNRPAutoReg - ok
20:58:55.0374 0x17d8  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
20:58:55.0406 0x17d8  PNRPsvc - ok
20:58:55.0468 0x17d8  [ 80D6B0563ED2BF10656B1D4748331082, B7E6B5E1148B7EE537E8D5C3A65450876B61CD45A395267D08699746E98AD574 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
20:58:55.0499 0x17d8  PolicyAgent - ok
20:58:55.0562 0x17d8  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
20:58:55.0608 0x17d8  Power - ok
20:58:55.0655 0x17d8  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
20:58:55.0702 0x17d8  PptpMiniport - ok
20:58:55.0733 0x17d8  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
20:58:55.0764 0x17d8  Processor - ok
20:58:55.0796 0x17d8  [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc         C:\Windows\system32\profsvc.dll
20:58:55.0827 0x17d8  ProfSvc - ok
20:58:55.0842 0x17d8  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] ProtectedStorage C:\Windows\system32\lsass.exe
20:58:55.0858 0x17d8  ProtectedStorage - ok
20:58:55.0889 0x17d8  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
20:58:55.0936 0x17d8  Psched - ok
20:58:55.0998 0x17d8  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
20:58:56.0061 0x17d8  ql2300 - ok
20:58:56.0092 0x17d8  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
20:58:56.0108 0x17d8  ql40xx - ok
20:58:56.0154 0x17d8  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
20:58:56.0186 0x17d8  QWAVE - ok
20:58:56.0201 0x17d8  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
20:58:56.0232 0x17d8  QWAVEdrv - ok
20:58:56.0248 0x17d8  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
20:58:56.0295 0x17d8  RasAcd - ok
20:58:56.0310 0x17d8  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
20:58:56.0357 0x17d8  RasAgileVpn - ok
20:58:56.0386 0x17d8  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
20:58:56.0450 0x17d8  RasAuto - ok
20:58:56.0470 0x17d8  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
20:58:56.0520 0x17d8  Rasl2tp - ok
20:58:56.0550 0x17d8  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
20:58:56.0600 0x17d8  RasMan - ok
20:58:56.0600 0x17d8  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
20:58:56.0647 0x17d8  RasPppoe - ok
20:58:56.0663 0x17d8  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
20:58:56.0710 0x17d8  RasSstp - ok
20:58:56.0726 0x17d8  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
20:58:56.0788 0x17d8  rdbss - ok
20:58:56.0805 0x17d8  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
20:58:56.0820 0x17d8  rdpbus - ok
20:58:56.0851 0x17d8  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
20:58:56.0898 0x17d8  RDPCDD - ok
20:58:56.0914 0x17d8  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
20:58:56.0961 0x17d8  RDPENCDD - ok
20:58:56.0992 0x17d8  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
20:58:57.0039 0x17d8  RDPREFMP - ok
20:58:57.0085 0x17d8  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
20:58:57.0117 0x17d8  RDPWD - ok
20:58:57.0148 0x17d8  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
20:58:57.0179 0x17d8  rdyboost - ok
20:58:57.0226 0x17d8  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
20:58:57.0273 0x17d8  RemoteAccess - ok
20:58:57.0354 0x17d8  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
20:58:57.0421 0x17d8  RemoteRegistry - ok
20:58:57.0517 0x17d8  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
20:58:57.0572 0x17d8  RpcEptMapper - ok
20:58:57.0596 0x17d8  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
20:58:57.0623 0x17d8  RpcLocator - ok
20:58:57.0650 0x17d8  [ 622C96AFB07BB82C8650B47172137AC4, B74CEA5A3F4945E5A3EAE7AF1B1FA75F611C65C6FACE393052A512FA81B0C17C ] RpcSs           C:\Windows\system32\rpcss.dll
20:58:57.0698 0x17d8  RpcSs - ok
20:58:57.0714 0x17d8  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
20:58:57.0761 0x17d8  rspndr - ok
20:58:57.0807 0x17d8  [ 8181B5E7BFC040E0B26349C73E719335, EBB244A7E8E2CDC51041B2C2A78DCB77324F9E3746942C84902FCD928ADED897 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
20:58:57.0848 0x17d8  RTL8167 - ok
20:58:57.0860 0x17d8  [ E16B7C030A05EF649B18FAB0A93D871F, 0F532D534A93D71650E2F7AF677419A6B38CE3142C98983565F1D759E544A4ED ] RtNdPt60        C:\Windows\system32\DRIVERS\RtNdPt60.sys
20:58:57.0875 0x17d8  RtNdPt60 - ok
20:58:57.0891 0x17d8  [ 1DE78F5008120CD79B34C12394DCD493, 58C59BEEE2F1C1C6CE810BA433C0D5789B4E6F218A074868137960663CB54802 ] RTTEAMPT        C:\Windows\system32\DRIVERS\RtTeam60.sys
20:58:57.0906 0x17d8  RTTEAMPT - ok
20:58:57.0938 0x17d8  [ ED0624ED83121E1BC141F49B1316CAA0, 322CA21FE679910827F39CFCD3511400CABDA1133F5E0B5031186C94741FAF1E ] RTVLANPT        C:\Windows\system32\DRIVERS\RtVlan620.sys
20:58:57.0953 0x17d8  RTVLANPT - ok
20:58:57.0969 0x17d8  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] SamSs           C:\Windows\system32\lsass.exe
20:58:58.0000 0x17d8  SamSs - ok
20:58:58.0016 0x17d8  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
20:58:58.0031 0x17d8  sbp2port - ok
20:58:58.0126 0x17d8  [ A0C00A6265949AC72AB51B711743CA6D, FDB557CE334A94F15A4160A87B157662DACAD0D27C206607BA2722FB9EBBB0A7 ] SBSDWSCService  C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
20:58:58.0173 0x17d8  SBSDWSCService - ok
20:58:58.0204 0x17d8  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
20:58:58.0251 0x17d8  SCardSvr - ok
20:58:58.0266 0x17d8  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
20:58:58.0313 0x17d8  scfilter - ok
20:58:58.0375 0x17d8  [ 40686B59C127F0C93B4234E4A1E3472A, B2DD61CB796C6AA8AFD285D43472B94646CA6D331D282818E0FDC9DE28DDE9CF ] Schedule        C:\Windows\system32\schedsvc.dll
20:58:58.0423 0x17d8  Schedule - ok
20:58:58.0454 0x17d8  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
20:58:58.0501 0x17d8  SCPolicySvc - ok
20:58:58.0532 0x17d8  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
20:58:58.0564 0x17d8  SDRSVC - ok
20:58:58.0579 0x17d8  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
20:58:58.0595 0x17d8  secdrv - ok
20:58:58.0626 0x17d8  [ A19623BDD61E66A12AB53992002B4F3A, E351CEEC086084A417BA3BD0EEF46114D3147EC38E3EF8BE49B724F9D028CC56 ] seclogon        C:\Windows\system32\seclogon.dll
20:58:58.0657 0x17d8  seclogon - ok
20:58:58.0673 0x17d8  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
20:58:58.0735 0x17d8  SENS - ok
20:58:58.0766 0x17d8  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
20:58:58.0798 0x17d8  SensrSvc - ok
20:58:58.0829 0x17d8  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
20:58:58.0844 0x17d8  Serenum - ok
20:58:58.0860 0x17d8  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
20:58:58.0891 0x17d8  Serial - ok
20:58:58.0907 0x17d8  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
20:58:58.0922 0x17d8  sermouse - ok
20:58:58.0954 0x17d8  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
20:58:59.0000 0x17d8  SessionEnv - ok
20:58:59.0032 0x17d8  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
20:58:59.0047 0x17d8  sffdisk - ok
20:58:59.0063 0x17d8  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
20:58:59.0105 0x17d8  sffp_mmc - ok
20:58:59.0114 0x17d8  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
20:58:59.0145 0x17d8  sffp_sd - ok
20:58:59.0161 0x17d8  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
20:58:59.0192 0x17d8  sfloppy - ok
20:58:59.0223 0x17d8  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
20:58:59.0270 0x17d8  SharedAccess - ok
20:58:59.0317 0x17d8  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:58:59.0379 0x17d8  ShellHWDetection - ok
20:58:59.0395 0x17d8  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
20:58:59.0410 0x17d8  SiSRaid2 - ok
20:58:59.0426 0x17d8  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
20:58:59.0442 0x17d8  SiSRaid4 - ok
20:58:59.0457 0x17d8  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
20:58:59.0536 0x17d8  Smb - ok
20:58:59.0552 0x17d8  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
20:58:59.0583 0x17d8  SNMPTRAP - ok
20:58:59.0599 0x17d8  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
20:58:59.0614 0x17d8  spldr - ok
20:58:59.0645 0x17d8  [ B96C17B5DC1424D56EEA3A99E97428CD, AF0A85066A7983878DC1C663811CE61C6CA1912DC956184F878B7B82DB93C651 ] Spooler         C:\Windows\System32\spoolsv.exe
20:58:59.0723 0x17d8  Spooler - ok
20:58:59.0833 0x17d8  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
20:58:59.0973 0x17d8  sppsvc - ok
20:58:59.0989 0x17d8  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
20:59:00.0035 0x17d8  sppuinotify - ok
20:59:00.0130 0x17d8  SQLAgent$SONY_MEDIAMGR - ok
20:59:00.0161 0x17d8  [ EC666682FE8344CF7E6ED69E74FA9F4F, DCD2A1C046425630689E2C9A6A6E356FE5A2A6664D12C20CFE236FCB32240DF9 ] srv             C:\Windows\system32\DRIVERS\srv.sys
20:59:00.0208 0x17d8  srv - ok
20:59:00.0255 0x17d8  [ E450C0318DCE8ED28ED272C8806B8495, D2FD459F8C5E42103EF2F71421FA175A4F0821F8C2A3763093122D433D1C50FB ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
20:59:00.0302 0x17d8  srv2 - ok
20:59:00.0333 0x17d8  [ 9C12C78AD36C23D925711A4640228225, FF72C23F2A08EDF0C41BAF1EB0245AB44FF91365C5466F09C47A8F0928D20994 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
20:59:00.0364 0x17d8  srvnet - ok
20:59:00.0395 0x17d8  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
20:59:00.0442 0x17d8  SSDPSRV - ok
20:59:00.0458 0x17d8  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
20:59:00.0504 0x17d8  SstpSvc - ok
20:59:00.0520 0x17d8  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
20:59:00.0551 0x17d8  stexstor - ok
20:59:00.0598 0x17d8  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
20:59:00.0645 0x17d8  stisvc - ok
20:59:00.0660 0x17d8  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
20:59:00.0676 0x17d8  swenum - ok
20:59:00.0723 0x17d8  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
20:59:00.0801 0x17d8  swprv - ok
20:59:00.0848 0x17d8  [ BCB6AA197267D3506BE2535342FC40E0, 562154EEFEB433680C19CE07A1D0E1058977A25367775061544F2A66439F4400 ] synusb64        C:\Windows\system32\DRIVERS\synusb64.sys
20:59:00.0863 0x17d8  synusb64 - ok
20:59:00.0926 0x17d8  [ 2E730941CC5BF6200A4F56D1E9C24AAD, 758836D55DC84F3EBE9917DC6FAB8E6170A5B238FEDBCFDB6D7C5C6EA98E08B2 ] SysMain         C:\Windows\system32\sysmain.dll
20:59:00.0988 0x17d8  SysMain - ok
20:59:01.0004 0x17d8  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:59:01.0035 0x17d8  TabletInputService - ok
20:59:01.0066 0x17d8  [ 3C32FF010F869BC184DF71290477384E, 55CFCEC7F026C6E2E96A2FBE846AB513BB12BB0348735274FE1B71AF019C837B ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
20:59:01.0105 0x17d8  tap0901 - ok
20:59:01.0125 0x17d8  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
20:59:01.0191 0x17d8  TapiSrv - ok
20:59:01.0278 0x17d8  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
20:59:01.0355 0x17d8  Tcpip - ok
20:59:01.0432 0x17d8  [ B2875D7ABB82867DC3AA03D991940201, F954C33FBA912A517B59330F6438C1953F9F1D8F4D8FD25945EB836A1DB07ABB ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
20:59:01.0497 0x17d8  TCPIP6 - ok
20:59:01.0545 0x17d8  [ 7FE5586314EE7D6AA8483264A089E5AF, 4E3EA68713A45C22F1B9A1AA125E15D06D0C5E637B815537431ADFB6D7563879 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
20:59:01.0560 0x17d8  tcpipreg - ok
20:59:01.0576 0x17d8  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
20:59:01.0607 0x17d8  TDPIPE - ok
20:59:01.0638 0x17d8  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
20:59:01.0670 0x17d8  TDTCP - ok
20:59:01.0686 0x17d8  [ AA77EB517D2F07A947294F260E3ACA83, B7A5DF3066830C0C2302B059778A67419792058A0D300C471DE40AB245EA7E58 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
20:59:01.0717 0x17d8  tdx - ok
20:59:01.0733 0x17d8  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
20:59:01.0764 0x17d8  TermDD - ok
20:59:01.0795 0x17d8  [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService     C:\Windows\System32\termsrv.dll
20:59:01.0842 0x17d8  TermService - ok
20:59:01.0858 0x17d8  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
20:59:01.0889 0x17d8  Themes - ok
20:59:01.0920 0x17d8  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
20:59:01.0967 0x17d8  THREADORDER - ok
20:59:02.0014 0x17d8  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
20:59:02.0060 0x17d8  TrkWks - ok
20:59:02.0108 0x17d8  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:59:02.0155 0x17d8  TrustedInstaller - ok
20:59:02.0202 0x17d8  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
20:59:02.0233 0x17d8  tssecsrv - ok
20:59:02.0251 0x17d8  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
20:59:02.0269 0x17d8  TsUsbFlt - ok
20:59:02.0284 0x17d8  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
20:59:02.0300 0x17d8  TsUsbGD - ok
20:59:02.0331 0x17d8  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
20:59:02.0378 0x17d8  tunnel - ok
20:59:02.0393 0x17d8  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
20:59:02.0425 0x17d8  uagp35 - ok
20:59:02.0440 0x17d8  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
20:59:02.0487 0x17d8  udfs - ok
20:59:02.0518 0x17d8  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
20:59:02.0549 0x17d8  UI0Detect - ok
20:59:02.0565 0x17d8  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
20:59:02.0581 0x17d8  uliagpkx - ok
20:59:02.0627 0x17d8  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
20:59:02.0659 0x17d8  umbus - ok
20:59:02.0768 0x17d8  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
20:59:02.0783 0x17d8  UmPass - ok
20:59:03.0064 0x17d8  [ 9DC07E73A4ABB9ACF692113B36A5009F, CA7176FC219515D58DCFA66EC61880ECE5617275C9B83701BB74D8B60E733D34 ] UnlockerDriver5 C:\Program Files\Unlocker\UnlockerDriver5.sys
20:59:03.0080 0x17d8  UnlockerDriver5 - ok
20:59:03.0132 0x17d8  [ 28B81917A195B67617AF7DCF4DFE5736, 40A4D2AAE1BDE5ABA8708ED150396E913C566ECD5CDA40D6C6DB256F1B9FD4A9 ] usbccgp         C:\Windows\system32\drivers\usbccgp.sys
20:59:03.0163 0x17d8  usbccgp - ok
20:59:03.0194 0x17d8  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
20:59:03.0226 0x17d8  usbcir - ok
20:59:03.0241 0x17d8  [ B626F048318DAE65A3317F0592BE592C, 284D8FFE1D35F852EFDA182A72288AC3A10D6ED825FE2CC5812497D3FE291AF1 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
20:59:03.0257 0x17d8  usbehci - ok
20:59:03.0304 0x17d8  [ 390109E8E05BA00375DCB1ED64DC60AF, B8628502590B423BEFB6F7C8C69FAD0667AD0746FF6B444EE02016E8E1052B78 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
20:59:03.0335 0x17d8  usbhub - ok
20:59:03.0335 0x17d8  [ B4DF0F4C1D9D25DFE1DAD1D8670F1D4F, 4317C2DEDC639527B53864BAEC46CBE022D298C0503E29E1072DD1C851D92BFC ] usbohci         C:\Windows\system32\drivers\usbohci.sys
20:59:03.0366 0x17d8  usbohci - ok
20:59:03.0382 0x17d8  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
20:59:03.0397 0x17d8  usbprint - ok
20:59:03.0428 0x17d8  [ D029DD09E22EB24318A8FC3D8138BA43, C95805E8BF75ECB939520AE86420B16467B0771C161C51C9F1A37649ADFADCD0 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:59:03.0460 0x17d8  USBSTOR - ok
20:59:03.0506 0x17d8  [ CFEAAF96E666E3DCBD8F6DFF516784AE, 006218A3DB5851790CC0A7F3DCD7B3AF82F624DA679296DE507AFD36C5468317 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
20:59:03.0522 0x17d8  usbuhci - ok
20:59:03.0553 0x17d8  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
20:59:03.0600 0x17d8  UxSms - ok
20:59:03.0631 0x17d8  [ 1F9335A2C68B65E7D95985FA50968EA0, A0918C943F9CF5C6DB9440222B8E3B0DD645068B44E18253F275509550C0DF4D ] VaultSvc        C:\Windows\system32\lsass.exe
20:59:03.0647 0x17d8  VaultSvc - ok
20:59:03.0678 0x17d8  [ 9B9F3754DBEB263766D06B0F1556E2B5, A8DF441B9E92942535C0F460EA5FE7A6DD64D521610F93BDCCEEDB0115B385E2 ] VBoxNetAdp      C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
20:59:03.0694 0x17d8  VBoxNetAdp - ok
20:59:03.0772 0x17d8  [ 2CB7AEA800B614184238232FBA4430E1, 18F89E68241BE72A94AB3379141404BBE837FF5B303990DD44CF6238EE153566 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
20:59:03.0787 0x17d8  VClone - ok
20:59:03.0803 0x17d8  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
20:59:03.0834 0x17d8  vdrvroot - ok
20:59:03.0865 0x17d8  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
20:59:03.0912 0x17d8  vds - ok
20:59:03.0943 0x17d8  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
20:59:03.0974 0x17d8  vga - ok
20:59:03.0990 0x17d8  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
20:59:04.0037 0x17d8  VgaSave - ok
20:59:04.0052 0x17d8  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
20:59:04.0068 0x17d8  vhdmp - ok
20:59:04.0115 0x17d8  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
20:59:04.0131 0x17d8  viaide - ok
20:59:04.0147 0x17d8  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
20:59:04.0178 0x17d8  volmgr - ok
20:59:04.0194 0x17d8  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
20:59:04.0225 0x17d8  volmgrx - ok
20:59:04.0256 0x17d8  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
20:59:04.0273 0x17d8  volsnap - ok
20:59:04.0288 0x17d8  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
20:59:04.0320 0x17d8  vsmraid - ok
20:59:04.0382 0x17d8  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
20:59:04.0476 0x17d8  VSS - ok
20:59:04.0491 0x17d8  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
20:59:04.0522 0x17d8  vwifibus - ok
20:59:04.0538 0x17d8  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
20:59:04.0600 0x17d8  W32Time - ok
20:59:04.0616 0x17d8  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
20:59:04.0647 0x17d8  WacomPen - ok
20:59:04.0678 0x17d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
20:59:04.0725 0x17d8  WANARP - ok
20:59:04.0725 0x17d8  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
20:59:04.0772 0x17d8  Wanarpv6 - ok
20:59:04.0834 0x17d8  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
20:59:04.0897 0x17d8  wbengine - ok
20:59:04.0944 0x17d8  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
20:59:04.0975 0x17d8  WbioSrvc - ok
20:59:04.0990 0x17d8  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
20:59:05.0053 0x17d8  wcncsvc - ok
20:59:05.0068 0x17d8  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:59:05.0100 0x17d8  WcsPlugInService - ok
20:59:05.0100 0x17d8  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
20:59:05.0132 0x17d8  Wd - ok
20:59:05.0163 0x17d8  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
20:59:05.0210 0x17d8  Wdf01000 - ok
20:59:05.0225 0x17d8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost  C:\Windows\system32\wdi.dll
20:59:05.0257 0x17d8  WdiServiceHost - ok
20:59:05.0273 0x17d8  [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost   C:\Windows\system32\wdi.dll
20:59:05.0289 0x17d8  WdiSystemHost - ok
20:59:05.0336 0x17d8  [ EE841B6D1F2B9508D3ABAE52AC05A94F, F1AE981FCDBFC4672A4EABABD41382E93762EFC2EDAD96E75530E7ACA5AF1FD8 ] WebClient       C:\Windows\System32\webclnt.dll
20:59:05.0367 0x17d8  WebClient - ok
20:59:05.0398 0x17d8  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
20:59:05.0445 0x17d8  Wecsvc - ok
20:59:05.0476 0x17d8  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
20:59:05.0523 0x17d8  wercplsupport - ok
20:59:05.0570 0x17d8  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
20:59:05.0616 0x17d8  WerSvc - ok
20:59:05.0616 0x17d8  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
20:59:05.0663 0x17d8  WfpLwf - ok
20:59:05.0679 0x17d8  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
20:59:05.0694 0x17d8  WIMMount - ok
20:59:05.0741 0x17d8  WinDefend - ok
20:59:05.0757 0x17d8  WinHttpAutoProxySvc - ok
20:59:05.0804 0x17d8  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
20:59:05.0850 0x17d8  Winmgmt - ok
20:59:05.0944 0x17d8  [ EBDA1B0F15CB9B2CBCC6C94824E4E054, C51314F7D611E4903DA00EFA8EB99365414436324D256083CE0B5A8E055E8E06 ] WinRM           C:\Windows\system32\WsmSvc.dll
20:59:06.0038 0x17d8  WinRM - ok
20:59:06.0098 0x17d8  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
20:59:06.0121 0x17d8  WinUsb - ok
20:59:06.0183 0x17d8  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
20:59:06.0230 0x17d8  Wlansvc - ok
20:59:06.0339 0x17d8  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:59:06.0417 0x17d8  wlidsvc - ok
20:59:06.0433 0x17d8  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
20:59:06.0464 0x17d8  WmiAcpi - ok
20:59:06.0495 0x17d8  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
20:59:06.0527 0x17d8  wmiApSrv - ok
20:59:06.0542 0x17d8  WMPNetworkSvc - ok
20:59:06.0558 0x17d8  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
20:59:06.0573 0x17d8  WPCSvc - ok
20:59:06.0589 0x17d8  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
20:59:06.0620 0x17d8  WPDBusEnum - ok
20:59:06.0761 0x17d8  [ F34B458F9B25758E70686859A87F110F, AF2D2464952DEC9AA4B386E3BF56C5618A454FC1A878733BC0A46FF43006F268 ] wpscloudsvr     C:\Users\Björn\AppData\Local\Kingsoft\WPS Office\wpscloudsvr.exe
20:59:06.0792 0x17d8  wpscloudsvr - ok
20:59:06.0807 0x17d8  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
20:59:06.0870 0x17d8  ws2ifsl - ok
20:59:06.0885 0x17d8  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
20:59:06.0917 0x17d8  wscsvc - ok
20:59:06.0917 0x17d8  WSearch - ok
20:59:07.0041 0x17d8  [ 31F32E0C1A8BA9A37EEC23DE5F27F847, 0180832BC6172C9A4C32B5B222BB3F91EA615A5EBDA98DB79ED4FED258C2D257 ] wuauserv        C:\Windows\system32\wuaueng.dll
20:59:07.0121 0x17d8  wuauserv - ok
20:59:07.0168 0x17d8  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
20:59:09.0329 0x17d8  WudfPf - ok
20:59:09.0361 0x17d8  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
20:59:09.0376 0x17d8  WUDFRd - ok
20:59:09.0423 0x17d8  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
20:59:09.0454 0x17d8  wudfsvc - ok
20:59:09.0485 0x17d8  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
20:59:09.0517 0x17d8  WwanSvc - ok
20:59:09.0532 0x17d8  ================ Scan global ===============================
20:59:09.0595 0x17d8  [ 168EA9CD9BD6056BB6F60B57D5304BBE, 5A2F98754F042A7D80E7483842967EB362F01D57CE9720B24C7EDAA047F24C6F ] C:\Windows\system32\basesrv.dll
20:59:09.0626 0x17d8  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
20:59:09.0641 0x17d8  [ 93E5D2B763374F484918A0909724B3EB, 900F1CCAEFCF77AB678C74D542ABDDA7134CD33D7811537E2829FC69E99F2B3E ] C:\Windows\system32\winsrv.dll
20:59:09.0688 0x17d8  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
20:59:09.0735 0x17d8  [ 71C85477DF9347FE8E7BC55768473FCA, A86D6A6D1F5A0EFCD649792A06F3AE9B37158D48493D2ECA7F52DCC1CB9B6536 ] C:\Windows\system32\services.exe
20:59:09.0735 0x17d8  [ Global ] - ok
20:59:09.0735 0x17d8  ================ Scan MBR ==================================
20:59:09.0751 0x17d8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:59:10.0000 0x17d8  \Device\Harddisk0\DR0 - ok
20:59:10.0000 0x17d8  [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk1\DR1
20:59:10.0422 0x17d8  \Device\Harddisk1\DR1 - ok
20:59:10.0422 0x17d8  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:59:10.0892 0x17d8  \Device\Harddisk2\DR2 - ok
20:59:10.0892 0x17d8  ================ Scan VBR ==================================
20:59:10.0892 0x17d8  [ 1AAF324A94DD0ED792DC6D9DB119AFCE ] \Device\Harddisk0\DR0\Partition1
20:59:10.0892 0x17d8  \Device\Harddisk0\DR0\Partition1 - ok
20:59:10.0892 0x17d8  [ 7A98976A3283A1A5906D533DA68E7C11 ] \Device\Harddisk0\DR0\Partition2
20:59:10.0892 0x17d8  \Device\Harddisk0\DR0\Partition2 - ok
20:59:10.0908 0x17d8  [ 123F949A1655673C41E1707B19942D1E ] \Device\Harddisk0\DR0\Partition3
20:59:10.0908 0x17d8  \Device\Harddisk0\DR0\Partition3 - ok
20:59:10.0908 0x17d8  [ 27330940B3101F86E9342D0FBA743DB2 ] \Device\Harddisk1\DR1\Partition1
20:59:10.0908 0x17d8  \Device\Harddisk1\DR1\Partition1 - ok
20:59:10.0908 0x17d8  [ D6554733E026E14F1514705CC10779A0 ] \Device\Harddisk2\DR2\Partition1
20:59:10.0924 0x17d8  \Device\Harddisk2\DR2\Partition1 - ok
20:59:10.0924 0x17d8  ================ Scan generic autorun ======================
20:59:11.0017 0x17d8  [ 0FCF03482EA4AAA23E663E047CA48D41, 728156EEDAA37F41C11F141571F1136AD1599E151E9E11462568B3A7759DF984 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
20:59:11.0080 0x17d8  COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} - ok
20:59:11.0143 0x17d8  [ 0FCF03482EA4AAA23E663E047CA48D41, 728156EEDAA37F41C11F141571F1136AD1599E151E9E11462568B3A7759DF984 ] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
20:59:11.0190 0x17d8  COMODO Internet Security - ok
20:59:11.0237 0x17d8  [ 1710A603D1EEBF86D738D1C6283C39B3, 5427A41AB64122FC119A42D7E4954A04A650FE88BD2B7FD2D4CDD1E823433268 ] C:\Program Files\iTunes\iTunesHelper.exe
20:59:11.0268 0x17d8  iTunesHelper - ok
20:59:11.0393 0x17d8  [ 666FEA598D1776C7F8EDD7746F0F7F59, 54E330BCDBAB646B555DACC15F9CFB0AD6A05BF4E273F73C5133259EEE976C21 ] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
20:59:11.0517 0x17d8  Malwarebytes TrayApp - ok
20:59:11.0564 0x17d8  Dropbox - ok
20:59:11.0658 0x17d8  [ 6DB9A0FBDA5556B925D64651D57031D3, AE4C9196EFD61B973F93FDDAA001F7C239100EDD7E3F840927C0C07B08C69C04 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
20:59:11.0689 0x17d8  iCloudServices - ok
20:59:11.0720 0x17d8  [ 3C9A02CB0C05C96263E2193C7B728930, 4B948C9DF036228145B60BA0327F259694D0812B99F92BDBBB2CD6ED997E9A13 ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
20:59:11.0751 0x17d8  iCloudPhotos - ok
20:59:11.0798 0x17d8  GoogleDriveSync - ok
20:59:11.0939 0x17d8  [ 0C2D8CBA28E12D170FC5343F03E6D20C, 73A66AEF5D89E69E6B19172328AC043542FD7628DD44A569B23625261A0B56FB ] C:\Users\Björn\AppData\Roaming\Spotify\SpotifyWebHelper.exe
20:59:11.0985 0x17d8  Spotify Web Helper - ok
20:59:12.0142 0x17d8  [ 0B914C2DA2A66DCB90818AF39F2915AC, 4D14BAD41C0CCA32F35C962430B06E542F69AB91A7144B5622EB6C493A6D9D4E ] C:\Users\Björn\AppData\Local\Amazon Music\Amazon Music Helper.exe
20:59:12.0252 0x17d8  Amazon Music - ok
20:59:12.0408 0x17d8  [ 683C9DF0582D8EEFAA90CE1514019BC1, 62C875888029BF32C19656B13C5504016209E4553B0B93FAE21F3930149EE9CA ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
20:59:12.0517 0x17d8  DAEMON Tools Lite - ok
20:59:12.0626 0x17d8  [ 390679F7A217A5E73D756276C40AE887, 3EDFB645B2F58864E653C66516D6D48C4F9D691CFD51D91D4D88E316EE7B7177 ] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
20:59:12.0704 0x17d8  SpybotSD TeaTimer - detected UnsignedFile.Multi.Generic ( 1 )
20:59:13.0608 0x17d8  Detect skipped due to KSN trusted
20:59:13.0608 0x17d8  SpybotSD TeaTimer - ok
20:59:13.0639 0x17d8  MSConfig - ok
20:59:13.0639 0x17d8  Waiting for KSN requests completion. In queue: 124
20:59:14.0654 0x17d8  Waiting for KSN requests completion. In queue: 124
20:59:15.0686 0x17d8  AV detected via SS2: COMODO Antivirus, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61000 ( enabled : updated )
20:59:15.0733 0x17d8  AV detected via SS2: Malwarebytes, C:\Program Files\Malwarebytes\Anti-Malware\MBAMWsc.exe ( 3.0.0.134 ), 0x61000 ( enabled : updated )
20:59:15.0733 0x17d8  FW detected via SS2: COMODO Firewall, C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe ( 8.4.0.5076 ), 0x61010 ( enabled )
20:59:16.0383 0x17d8  ============================================================
20:59:16.0383 0x17d8  Scan finished
20:59:16.0383 0x17d8  ============================================================
20:59:16.0383 0x18fc  Detected object count: 0
20:59:16.0383 0x18fc  Actual detected object count: 0

kein Problem gefunden :/

burningice · 23.01.2017, 04:24

Zitat:

Kann man sagen, was es ist, oder dauert das zu lange?

da passt einiges nicht haha.

Comodo ist echt "deppat" und behindert massiv verschiedene Sachen, bitte im nächsten Schritt mit entfernen.

Schritt: 0
Lade Dir bitte von hier

Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.

Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
Klicke auf Optionen und wähle als Sprache Deutsch.
Suche im Uninstallerfeld nach den Programmen:

COMODO Internet Security Premium
Spybot - Search & Destroy
AppTrailers - AppTrailers for Desktop
DPower version 1.0
MyMemory
tlerauic
KMSpico 3.1
DailyBee
Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
Wähle anschließend den Modus "Moderat" aus.
Reste löschen:
Klicke auf dann auf und dann auf .

Hinweis: Falls bei der Deinstallation zu Beginn ein Fehler auftritt oder du den aufgerufenen Uninstaller nicht bedienen kannst, breche dieses Setup einfach ab und fahre mit der Entfernung durch Revo wie oben beschrieben fort.

Schritt 1
Lade dir folgendes Programm herunter und installiere es:

Malwarebytes Anti-Malware

Starte Malwarebytes' Anti-Malware (MBAM).
Klicke links auf Einstellungen und wechsle zum Tab Schutz.
Unter Scan-Optionen aktiviere die Option Nach Rootkits suchen
Klicke im Anschluss auf Scan, wähle den Bedrohungs-Scan aus und klicke auf Scan starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Ausgewählte Elemente in die Quarantäne verschieben.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM nach dem Neustart, klicke auf Berichte.
Wähle den neuesten Scan-Bericht aus, klicke auf Bericht anzeigen und dann auf Export.
Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 2
Downloade Dir bitte AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Werkzeuge > Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel
- "Prefetch" Dateien
- Proxy
- Winsock
- Internet Explorer Richtlinien
- Chrome Richtlinien
Bestätige die Auswahl mit Ok.
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen (auch dann wenn AdwCleaner sagt, dass nichts gefunden wurde) und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Bitte poste in deiner nächsten Antwort also:

Logfile von AdwCleaner
Logfile von Malwarebytes
Frst.txt
Addition.txt

Poste die Logs bitte so zusammenhängend wie möglich, mir ist ein Anhang lieber als eine Stückelung auf 10 verschiedene Abschnitte.

DasPiano · 23.01.2017, 22:19

Revo kann folgendes nicht finden:

AppTrailers - AppTrailers for Desktop
DPower version 1.0
MyMemory
tlerauic
KMSpico 3.1
DailyBee

mache ich trotzdem mit Malwarebytes weiter?

burningice · 23.01.2017, 22:58

jap

DasPiano · 24.01.2017, 00:23

im Anhang die Log-Files.

burningice · 24.01.2017, 15:37

Zitat:

C:\ComboFix
C:\Users\Björn\Desktop\mbar

Es fehlen ziemlich viele Einträge, die sich aus der Bereinigung von mir bislang so nicht ergeben.

Zudem hast du scheinbar ComboFix und MBAR ausgeführt. Darum, bist du wo anders auch in Bereinigung oder hast du die Tools vorher selbstständig ausgeführt?

Zitat:

Bitte kein Crossposting
Installiere oder Deinstalliere keine Software ohne Aufforderung
Bitte verwende nur die Tools, welche hier im Thread erwähnt werden und führe sie nur gemäß Anweisung aus

DasPiano · 24.01.2017, 16:16

Hallo Rafael,
Hmm... also ich habe nichts anderes ausgeführt - soweit ich das sehen kann..
aber ich habe auch nicht die Ahnung.
Aber ich habe nichts gemacht, was Du mir nicht gesagt hast

Was nun?

MfG
Björn

oh - ich hatte glaube ich vor ner Woche 'mal einen Scan durchgeführt mit AdwCleaner - ist mir wieder eingefallen. Das wart bevor ich mich hier gemeldet habe - aber wie gesagt, seit dem tat ich nichts ohne Anweisung.

burningice · 24.01.2017, 16:39

Schritt: 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

HKU\S-1-5-21-427701803-4022602832-2190140502-1000\...\MountPoints2: {002b75fa-58c0-11e6-b64e-3085a9b2fbed} - G:\Autorun.exe
BHO: Kein Name -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> Keine Datei
Toolbar: HKLM - Kein Name - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -  Keine Datei
FF Homepage: Comodo\IceDragon\Profiles\wtuu739g.default -> about:home
FF Keyword.URL: Comodo\IceDragon\Profiles\wtuu739g.default -> 
FF Extension: (DownloadHelper) - C:\Users\Björn\AppData\Roaming\Comodo\IceDragon\Profiles\wtuu739g.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2016-11-13]
S3 dbx; system32\DRIVERS\dbx.sys [X]
2017-01-23 00:02 - 2017-01-23 00:02 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2017-01-13 23:27 - 2017-01-22 19:25 - 00000000 ____D C:\Program Files\PGJI1B91QZ
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Windows\system32\sstmp
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Program Files\SULLKZKAMA
2017-01-13 23:27 - 2017-01-13 23:27 - 00000000 ____D C:\Program Files\SDO6FMCT8C
2017-01-13 23:26 - 2017-01-13 23:37 - 00000000 ____D C:\Windows\system32\SSL
2017-01-13 23:25 - 2017-01-13 23:29 - 00000000 ____D C:\Program Files\Shotcut
2017-01-13 23:25 - 2017-01-13 23:25 - 00000000 ____D C:\Program Files\SYFNUMAUQ0
2017-01-12 19:23 - 2017-01-13 23:26 - 02811062 _____ C:\Windows\d19929662c14651c527e51411bd6b271.exe
2017-01-23 23:13 - 2015-07-19 12:30 - 00000000 ____D C:\ProgramData\Comodo
Task: {06259121-DDBF-4737-ADD5-E4B229019886} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Keine Datei <==== ACHTUNG
Task: {16738D9F-3D60-4F43-B991-6C6717E0A78A} - System32\Tasks\{B2B07636-C2D4-46CA-B773-E4A7C4F3FE6C} => pcalua.exe -a F:\Autorun.exe -d F:\
Task: {2F83AED8-E768-4C61-8F26-0DE35AF5F966} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Keine Datei <==== ACHTUNG
Task: {4059E2C6-B22C-4F38-91EA-776E50699E52} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Keine Datei <==== ACHTUNG
Task: {6E3C91E1-BA92-4991-B89A-33595D9945CD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Keine Datei <==== ACHTUNG
Task: {A8C00928-4D79-4D40-BD59-93A72FFA5184} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Keine Datei <==== ACHTUNG
Task: {AC5FFB5E-C46C-4FF1-A939-8A8E02F0DEB1} - System32\Tasks\{AB7EBDE9-7CC4-4414-8B9A-EBDB994A057A} => pcalua.exe -a C:\Users\BJRN~1\AppData\Local\Temp\jre-8u45-windows-au.exe -d C:\Windows\SysWOW64 -c /installmethod=jau FAMILYUPGRADE=1 <==== ACHTUNG
Task: {F6048777-D9B9-45DD-B37F-295BDA55E027} - \Driver Booster SkipUAC (BjÃ¶rn) -> Keine Datei <==== ACHTUNG

ManualProxies: 
RemoveProxy: 
Hosts:
EmptyTemp:
cmd: reg query HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters /v DataBasePath

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Schritt: 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hinweis: Dieser Scan kann schon einmal mehrere Stunden dauern...

Schritt: 3
Bitte starte wieder FRST, setze den Haken bei Addition und drücke auf Untersuchen. Poste bitte wieder die beiden Textdateien, die so entstehen.

Hast du noch irgendwelche Probleme mit deinem Rechner?

DasPiano · 24.01.2017, 16:45

danke! bin noch auf Arbeit und werde es später am Abend durchführen.
Andere Probleme habe ich nicht.
Ich bräuchte höchstens einen Tipp welches "Schutzprogramm" ich benutzen sollte - wenn nicht Comodo

burningice · 24.01.2017, 20:10

klar doch

Kommt alles

Malwarebytes meldet Warnung bei Browsernutzung (...\windows\systemWOW64\svchost.exe) - VIREN?

Plagegeister aller Art und deren Bekämpfung: Malwarebytes meldet Warnung bei Browsernutzung (...\windows\systemWOW64\svchost.exe) - VIREN?