Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Installation jeglicher programme nicht möglich. Windows Defender wurde deaktiviert. Normale Programme wie firefox oder Word laufen. (https://www.trojaner-board.de/184560-installation-jeglicher-programme-moeglich-windows-defender-wurde-deaktiviert-normale-programme-firefox-word-laufen.html)

anti398 27.02.2017 21:00
Installation jeglicher programme nicht möglich. Windows Defender wurde deaktiviert. Normale Programme wie firefox oder Word laufen.
 
Hallo zusammen,

Ich habe freeware heruntergeladen und bemerkt das diese eine reihe zusatzprogramme installiert hat welche Ich sofort deinstalliert habe.
Da Ich kurz davor aber auch in der regestry von windows wegen eines fehlers dateien in der HKEYlocalMachine geändert habe, bin Ich mir nicht sicher ob es sich hier um eine besonders bösartige Schadware Handelt oder ob ich die fehler durch eine falsche änderung in der Regstry selbst verursacht habe.

Diverse Programmme wie Origin, Teamspeak lassen sich nicht mehr öffnen, neue Programme sich nicht installieren. Der Windows defender wurde ohne mein zutun deaktiviert und lässt sich nicht mehr aktivieren.

Ich habe einen Beitrag hier gefunden der ähnliche probleme beschreibt.
Einer der admins damals sagte dem Nutzer er soll Combo fix nutzen was ich auch tat aber keine besserung des zustandes zur folge hat.

Hier der combo fix log:

Code:
ComboFix 17-02-24.01 - anti 27.02.2017  19:56:11.1.12 - x64 NETWORK
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.16307.14577 [GMT 1:00]
ausgeführt von:: c:\users\anti\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
c:\users\anti\AppData\Roaming\poclbm
c:\users\anti\AppData\Roaming\poclbm\poclbm.ini
c:\windows\SysWow64\DEBUG.log
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeUpdateService
.
.
(((((((((((((((((((((((  Dateien erstellt von 2017-01-27 bis 2017-02-27  ))))))))))))))))))))))))))))))
.
.
2017-02-27 18:51 . 2017-02-27 18:51        --------        d-----w-        c:\users\anti\AppData\Roaming\FileOpenerWindows
2017-02-27 18:12 . 2017-02-27 18:12        --------        d-----w-        c:\program files\WinZip Registry Optimizer
2017-02-27 18:12 . 2017-02-27 18:12        --------        d-----w-        c:\programdata\WinZip
2017-02-27 18:12 . 2017-02-27 18:12        --------        d-----w-        c:\program files\WinZip Smart Monitor
2017-02-27 18:10 . 2017-02-27 18:34        --------        d-----w-        c:\programdata\Norton
2017-02-27 17:28 . 2017-02-27 17:28        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2017-02-27 16:50 . 2017-02-27 17:03        --------        d-----w-        c:\program files (x86)\Origin
2017-02-27 16:46 . 2017-02-27 16:46        --------        d-----w-        c:\users\anti\AppData\Local\Origin
2017-02-27 14:21 . 2017-02-27 14:21        --------        d-----w-        c:\users\anti\AppData\Roaming\Ckevuly
2017-02-27 14:20 . 2017-02-27 16:38        --------        d-----w-        c:\programdata\Microleaves
2017-02-27 14:18 . 2017-02-27 14:18        --------        d-----w-        c:\users\anti\AppData\Roaming\uTorrent
2017-02-27 14:17 . 2017-02-27 16:43        --------        d-----w-        c:\program files (x86)\Microleaves
2017-02-27 14:17 . 2017-02-27 16:43        --------        d-----w-        c:\program files (x86)\QForlLgs0EYm
2017-02-27 14:17 . 2017-02-27 14:17        --------        d-----w-        c:\windows\SysWow64\sstmp
2017-02-27 14:17 . 2017-02-27 14:17        --------        d-----w-        c:\windows\system32\sstmp
2017-02-27 14:17 . 2017-02-27 14:18        --------        d-----w-        c:\users\Default\AppData\Local\AdvinstAnalytics
2017-02-27 14:17 . 2017-02-27 14:18        --------        d-----w-        c:\users\anti\AppData\Roaming\Microleaves
2017-02-27 14:14 . 2017-02-27 16:43        --------        d-----w-        c:\program files (x86)\Codtheraternity
2017-02-27 14:14 . 2017-02-27 14:14        --------        d-----w-        c:\users\anti\AppData\Roaming\Profiles
2017-02-27 14:14 . 2017-02-27 14:14        --------        d-----w-        c:\users\anti\AppData\Local\Drertu
2017-02-26 20:14 . 2017-02-26 20:14        --------        d-----w-        c:\programdata\rgt
2017-02-26 20:13 . 2017-02-26 20:13        --------        d-----w-        c:\programdata\Sony
2017-02-26 20:13 . 2017-02-26 20:13        --------        d-----w-        c:\program files\Common Files\Red Giant
2017-02-26 18:13 . 2017-02-26 18:13        --------        d-----w-        c:\users\anti\AppData\Local\BitLord
2017-02-26 18:13 . 2017-02-26 18:13        --------        d-----w-        c:\users\anti\.BitLord
2017-02-26 18:13 . 2017-02-26 18:13        --------        d-----w-        c:\users\anti\AppData\Roaming\BitLord
2017-02-26 18:12 . 2017-02-26 18:13        --------        d-----w-        c:\program files (x86)\BitLord
2017-02-25 22:25 . 2017-02-25 22:25        --------        d-----w-        c:\users\anti\AppData\Roaming\Red Giant
2017-02-25 22:25 . 2017-02-25 22:25        --------        d-----w-        c:\programdata\Red Giant
2017-02-25 22:25 . 2017-02-25 22:25        --------        d-----w-        c:\program files (x86)\Red Giant Link
2017-02-25 22:24 . 2017-02-25 22:24        --------        d-----w-        c:\program files (x86)\LooksBuilder
2017-02-25 22:24 . 2016-10-25 14:55        63957504        ----a-w-        c:\windows\system32\MBLooks4UI_x64.dll
2017-02-25 22:24 . 2017-02-26 20:13        --------        d-----w-        c:\program files\Red Giant
2017-02-25 22:24 . 2016-10-25 12:46        5528064        ----a-w-        c:\windows\system32\Noesis.dll
2017-02-25 22:24 . 2016-10-25 12:46        14733824        ----a-w-        c:\windows\system32\UniChooser.dll
2017-02-25 22:24 . 2016-10-25 12:46        13150720        ----a-w-        c:\windows\system32\Gpu_Shader_Engine_x64.dll
2017-02-25 22:24 . 2017-02-26 20:13        --------        d-----w-        c:\program files (x86)\Red Giant
2017-02-25 22:23 . 2017-02-26 20:13        --------        d-----w-        c:\programdata\RedGiant
2017-02-25 12:17 . 2017-02-25 12:17        --------        d-----w-        c:\programdata\Xerox
2017-02-25 12:17 . 2014-05-14 18:42        43520        ----a-w-        c:\windows\system32\Spool\prtprocs\x64\sxk5mpc.dll
2017-02-25 12:13 . 2017-02-25 12:13        --------        d-----w-        c:\users\anti\AppData\Local\ElevatedDiagnostics
2017-02-24 07:33 . 2017-02-09 23:54        12654400        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{706925AE-0B7E-4A56-980F-C7F59C463D54}\mpengine.dll
2017-02-23 19:47 . 2017-02-23 19:47        --------        d-----w-        c:\program files (x86)\Lame For Audacity
2017-02-23 13:11 . 2017-02-23 13:11        --------        d-----w-        c:\users\anti\AppData\Local\My Games
2017-02-22 07:36 . 2017-02-02 16:32        1285632        ----a-w-        c:\windows\system32\aeinv.dll
2017-02-22 07:36 . 2016-12-31 15:36        233984        ----a-w-        c:\windows\system32\aepic.dll
2017-02-22 07:36 . 2016-12-31 15:36        1609216        ----a-w-        c:\windows\system32\appraiser.dll
2017-02-22 07:36 . 2017-02-02 16:36        84712        ----a-w-        c:\windows\system32\CompatTelRunner.exe
2017-02-22 07:36 . 2017-02-02 14:06        650752        ----a-w-        c:\windows\system32\generaltel.dll
2017-02-22 07:36 . 2016-12-31 15:36        335360        ----a-w-        c:\windows\system32\invagent.dll
2017-02-22 07:36 . 2016-12-31 15:36        556544        ----a-w-        c:\windows\system32\devinv.dll
2017-02-22 07:36 . 2016-12-31 15:36        293376        ----a-w-        c:\windows\system32\centel.dll
2017-02-22 07:36 . 2016-12-31 15:36        133632        ----a-w-        c:\windows\system32\acmigration.dll
2017-02-21 15:33 . 2017-02-21 15:33        --------        d-----w-        c:\program files (x86)\VB
2017-02-20 02:38 . 2017-02-20 02:40        --------        d-----w-        c:\program files (x86)\Google
2017-02-20 02:38 . 2017-02-20 02:40        --------        d-----w-        c:\users\anti\AppData\Local\Google
2017-02-19 23:38 . 2017-02-19 23:38        --------        d-----w-        c:\users\anti\AppData\Roaming\.mono
2017-02-19 23:38 . 2017-02-19 23:38        --------        d-----w-        c:\programdata\.mono
2017-02-19 23:38 . 2017-02-19 23:38        --------        d-----w-        c:\users\anti\AppData\Local\Colossal Order
2017-02-19 23:38 . 2017-02-19 23:38        --------        d-----w-        c:\users\anti\AppData\Roaming\Steam
2017-02-19 23:30 . 2017-02-19 23:30        --------        d-----w-        c:\program files (x86)\Elaborate Bytes
2017-02-19 12:45 . 2017-02-19 12:45        --------        d-----w-        c:\users\anti\AppData\Local\MEGAsync
2017-02-19 12:13 . 2017-02-19 12:13        --------        d-----w-        c:\program files\WinRAR
2017-02-19 02:34 . 2017-02-27 16:20        --------        d-----w-        c:\windows\system32\appmgmt
2017-02-16 14:29 . 2017-02-16 14:29        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsigne9f39acabe4622aa
2017-02-16 14:25 . 2017-02-16 14:25        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign3e156e0abafd6d87
2017-02-16 14:25 . 2017-02-16 14:25        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign3a3fa4e307996630
2017-02-15 23:27 . 2017-02-15 23:27        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign611740d2d7e5286c
2017-02-15 22:00 . 2017-02-26 20:34        --------        d-----w-        c:\programdata\boost_interprocess
2017-02-15 21:41 . 2017-02-15 21:41        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsignbfa39ca96cd06f35
2017-02-15 21:41 . 2017-02-15 21:41        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign086424c9583320b4
2017-02-15 21:37 . 2017-02-15 21:37        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsignd5004310552a6418
2017-02-15 21:37 . 2017-02-15 21:37        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign5036ac9a2986ab7b
2017-02-15 21:17 . 2017-02-20 04:20        --------        d-----w-        c:\users\anti\AppData\Local\Ori and the Blind Forest DE
2017-02-15 19:53 . 2017-02-15 19:53        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign1a834ba2f452429f
2017-02-15 19:46 . 2017-02-15 19:46        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign7526a6b52f1e737e
2017-02-15 19:46 . 2017-02-15 19:46        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign2ccdd9689ee8fee4
2017-02-15 19:36 . 2017-02-15 19:36        --------        d-----w-        c:\users\anti\AppData\Local\Mega Limited
2017-02-15 19:30 . 2017-02-15 19:30        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsignb1e1c22cb8887cc6
2017-02-15 19:30 . 2017-02-15 19:30        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign9c47974ee0336d2c
2017-02-15 19:30 . 2017-02-15 19:30        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign19174d91785b9038
2017-02-15 19:16 . 2017-02-15 19:16        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign748ce8ef420d9774
2017-02-15 19:14 . 2017-02-15 19:14        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsignee72d0e56644d94e
2017-02-15 19:14 . 2017-02-15 19:14        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign8301f8b5d4e1fc89
2017-02-15 19:10 . 2017-02-15 19:10        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsignf66f1ca8f1329796
2017-02-15 19:10 . 2017-02-15 19:10        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign40cb60e9230b7c42
2017-02-15 19:10 . 2017-02-15 19:10        --------        d-----w-        c:\users\anti\AppData\Local\Tempzxpsign0ed1b168521c91c8
2017-02-15 19:10 . 2017-02-15 19:10        --------        d-----w-        c:\programdata\regid.1986-12.com.adobe
2017-02-15 19:00 . 2017-02-15 19:05        --------        d-----w-        c:\program files (x86)\Common Files\Adobe
2017-02-14 18:51 . 2017-02-14 18:51        --------        d--h--w-        c:\program files\Common FilesEAInstaller
2017-02-13 18:05 . 2017-02-20 06:53        --------        d-----w-        c:\users\anti\AppData\Local\Pluralinput
2017-02-13 17:47 . 2017-02-13 17:47        --------        d-----w-        c:\users\anti\AppData\Local\DicoLab
2017-02-13 17:46 . 2017-02-13 17:46        --------        d-----w-        c:\program files (x86)\DicoLab
2017-02-13 17:12 . 2017-02-13 17:12        --------        d-----w-        c:\users\anti\AppData\Local\IsolatedStorage
2017-02-13 17:12 . 2017-02-13 17:12        41368        ----a-w-        c:\windows\system32\drivers\pimou.sys
2017-02-13 17:12 . 2017-02-13 17:12        40344        ----a-w-        c:\windows\system32\drivers\pikbd.sys
2017-02-13 17:12 . 2017-02-13 17:12        1721576        ----a-w-        c:\windows\system32\WdfCoInstaller01009.dll
2017-02-13 17:12 . 2017-02-13 18:05        --------        d-----w-        c:\users\anti\AppData\Local\SquirrelTemp
2017-02-13 16:24 . 2016-09-30 00:11        69104        ----a-w-        c:\windows\system32\vsocklib.dll
2017-02-13 16:24 . 2016-09-30 00:11        65008        ----a-w-        c:\windows\SysWow64\vsocklib.dll
2017-02-13 16:24 . 2016-09-30 00:11        93248        ----a-w-        c:\windows\system32\drivers\vsock.sys
2017-02-13 16:24 . 2016-11-11 22:16        88128        ----a-w-        c:\windows\system32\drivers\vmx86.sys
2017-02-13 15:51 . 2017-02-27 18:59        --------        d-----w-        c:\programdata\VMware
2017-02-13 15:50 . 2017-02-13 16:23        --------        d-----w-        c:\program files (x86)\Common Files\VMware
2017-02-12 16:41 . 2017-02-12 16:41        --------        d-----w-        c:\program files (x86)\MSXML 4.0
2017-02-11 00:36 . 2017-02-11 00:36        --------        d-----w-        c:\programdata\For Honor
2017-02-10 19:11 . 2017-02-10 19:11        --------        d-----w-        c:\users\anti\FormatFactory
2017-02-10 18:46 . 2017-02-10 18:46        --------        d-----w-        c:\programdata\Age of Empires 3
2017-02-04 14:17 . 2017-02-04 14:18        --------        d-----w-        c:\users\anti\AppData\Roaming\Apple Computer
2017-02-04 14:17 . 2017-02-04 14:17        --------        d-----w-        c:\users\anti\AppData\Local\Apple Computer
2017-02-04 14:16 . 2017-02-04 14:16        --------        d-----w-        c:\programdata\Apple Computer
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\users\anti\AppData\Local\Apple
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\program files (x86)\Apple Software Update
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\program files\Bonjour
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\program files (x86)\Bonjour
2017-02-04 14:15 . 2017-02-21 17:51        --------        d-----w-        c:\programdata\DigitalWave.ApplicationUpdater_files
2017-02-04 14:15 . 2017-02-19 12:18        --------        d-----w-        c:\program files\Common Files\Apple
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\program files (x86)\FreeCodecPack
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft
2017-02-04 14:15 . 2017-02-04 14:15        --------        d-----w-        c:\program files (x86)\DVDVideoSoft
2017-02-04 14:14 . 2017-02-24 22:29        --------        d-----w-        c:\users\anti\AppData\Roaming\DVDVideoSoft
2017-02-04 14:14 . 2017-02-04 14:15        --------        d-----w-        c:\programdata\Apple
2017-02-04 14:14 . 2017-02-04 14:15        --------        d-----w-        c:\program files (x86)\Common Files\Apple
2017-01-30 01:47 . 2017-02-24 17:25        --------        d-----w-        c:\users\anti\AppData\Roaming\Audacity
2017-01-30 01:47 . 2017-01-30 01:47        --------        d-----w-        c:\users\anti\AppData\Local\Audacity
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-02-27 18:36 . 2016-11-27 04:03        138020592        -c--a-w-        c:\windows\system32\MRT.exe
2017-02-27 13:34 . 2016-11-28 21:08        226168        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2017-02-27 13:34 . 2016-11-28 21:08        214392        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2017-02-26 16:45 . 2016-12-19 02:58        348360        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2017-02-21 10:31 . 2016-12-18 23:20        76152        ----a-w-        c:\windows\system32\PnkBstrA.exe
2017-02-21 06:11 . 2016-11-28 21:08        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2017-02-14 20:08 . 2016-12-19 00:21        802904        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2017-02-14 20:08 . 2016-12-19 00:21        144472        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2017-01-23 23:04 . 2017-01-04 14:26        1600056        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll
2017-01-20 18:39 . 2016-11-27 15:37        1872320        ----a-w-        c:\windows\system32\nvspcap64.dll
2017-01-20 18:39 . 2016-11-27 15:37        1755072        ----a-w-        c:\windows\system32\nvspbridge64.dll
2017-01-20 18:39 . 2016-11-27 15:37        1464768        ----a-w-        c:\windows\SysWow64\nvspcap.dll
2017-01-20 18:39 . 2016-11-27 15:37        1317312        ----a-w-        c:\windows\SysWow64\nvspbridge.dll
2017-01-20 18:39 . 2016-11-27 15:37        120256        ----a-w-        c:\windows\system32\NvRtmpStreamer64.dll
2017-01-20 16:36 . 2016-11-27 15:35        4065808        ----a-w-        c:\windows\system32\nvapi64.dll
2017-01-20 16:36 . 2016-11-27 15:35        3585120        ----a-w-        c:\windows\SysWow64\nvapi.dll
2017-01-20 16:36 . 2016-11-27 15:35        19092912        ----a-w-        c:\windows\system32\nvwgf2umx.dll
2017-01-20 16:36 . 2016-11-27 04:01        512960        ----a-w-        c:\windows\system32\OpenCL.dll
2017-01-20 16:36 . 2016-11-27 04:01        420408        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2017-01-20 16:36 . 2016-09-23 21:36        16491120        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2017-01-20 15:13 . 2016-11-27 04:21        6401984        ----a-w-        c:\windows\system32\nvcpl.dll
2017-01-20 15:13 . 2016-11-27 04:21        2479160        ----a-w-        c:\windows\system32\nvsvc64.dll
2017-01-20 15:13 . 2016-11-27 04:21        83512        ----a-w-        c:\windows\system32\nv3dappshextr.dll
2017-01-20 15:13 . 2016-11-27 04:21        69568        ----a-w-        c:\windows\system32\nvshext.dll
2017-01-20 15:13 . 2016-11-27 04:21        548800        ----a-w-        c:\windows\system32\nv3dappshext.dll
2017-01-20 15:13 . 2016-11-27 04:21        393784        ----a-w-        c:\windows\system32\nvmctray.dll
2017-01-20 15:13 . 2016-11-27 04:21        1762752        ----a-w-        c:\windows\system32\nvsvcr.dll
2017-01-20 13:36 . 2016-12-16 21:55        1951        ----a-w-        c:\windows\NvTelemetryContainerRecovery.bat
2017-01-18 12:57 . 2016-11-27 04:21        7755067        ----a-w-        c:\windows\system32\nvcoproc.bin
2017-01-06 01:10 . 2017-01-20 12:38        47672        ----a-w-        c:\windows\system32\drivers\nvvad64v.sys
2017-01-06 01:10 . 2017-01-20 12:38        158264        ----a-w-        c:\windows\system32\nvaudcap64v.dll
2017-01-06 01:10 . 2017-01-20 12:38        126008        ----a-w-        c:\windows\SysWow64\nvaudcap32v.dll
2017-01-05 18:55 . 2017-01-10 21:12        95464        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2017-01-05 18:55 . 2017-01-10 21:12        154856        ----a-w-        c:\windows\system32\drivers\ksecpkg.sys
2017-01-05 18:52 . 2017-01-10 21:12        210432        ----a-w-        c:\windows\system32\wdigest.dll
2017-01-05 18:52 . 2017-01-10 21:12        86528        ----a-w-        c:\windows\system32\TSpkg.dll
2017-01-05 18:52 . 2017-01-10 21:12        28672        ----a-w-        c:\windows\system32\sspisrv.dll
2017-01-05 18:52 . 2017-01-10 21:12        135680        ----a-w-        c:\windows\system32\sspicli.dll
2017-01-05 18:52 . 2017-01-10 21:12        345600        ----a-w-        c:\windows\system32\schannel.dll
2017-01-05 18:52 . 2017-01-10 21:12        28160        ----a-w-        c:\windows\system32\secur32.dll
2017-01-05 18:52 . 2017-01-10 21:12        190464        ----a-w-        c:\windows\system32\rpchttp.dll
2017-01-05 18:52 . 2017-01-10 21:12        1212928        ----a-w-        c:\windows\system32\rpcrt4.dll
2017-01-05 18:52 . 2017-01-10 21:12        312320        ----a-w-        c:\windows\system32\ncrypt.dll
2017-01-05 18:52 . 2017-01-10 21:12        60416        ----a-w-        c:\windows\system32\msobjs.dll
2017-01-05 18:52 . 2017-01-10 21:12        316928        ----a-w-        c:\windows\system32\msv1_0.dll
2017-01-05 18:52 . 2017-01-10 21:12        146432        ----a-w-        c:\windows\system32\msaudite.dll
2017-01-05 18:52 . 2017-01-10 21:12        730624        ----a-w-        c:\windows\system32\kerberos.dll
2017-01-05 18:52 . 2017-01-10 21:12        1460736        ----a-w-        c:\windows\system32\lsasrv.dll
2017-01-05 18:52 . 2017-01-10 21:12        43520        ----a-w-        c:\windows\system32\cryptbase.dll
2017-01-05 18:52 . 2017-01-10 21:12        22016        ----a-w-        c:\windows\system32\credssp.dll
2017-01-05 18:52 . 2017-01-10 21:12        690688        ----a-w-        c:\windows\system32\adtschema.dll
2017-01-05 18:52 . 2017-01-10 21:12        463872        ----a-w-        c:\windows\system32\certcli.dll
2017-01-05 18:52 . 2017-01-10 21:12        123904        ----a-w-        c:\windows\system32\bcrypt.dll
2017-01-05 17:43 . 2017-01-10 21:12        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll
2017-01-05 17:43 . 2017-01-10 21:12        82944        ----a-w-        c:\windows\SysWow64\bcrypt.dll
2017-01-05 17:43 . 2017-01-10 21:12        666112        ----a-w-        c:\windows\SysWow64\rpcrt4.dll
2017-01-05 17:43 . 2017-01-10 21:12        172032        ----a-w-        c:\windows\SysWow64\wdigest.dll
2017-01-05 17:43 . 2017-01-10 21:12        65536        ----a-w-        c:\windows\SysWow64\TSpkg.dll
2017-01-05 17:43 . 2017-01-10 21:12        254464        ----a-w-        c:\windows\SysWow64\schannel.dll
2017-01-05 17:43 . 2017-01-10 21:12        22016        ----a-w-        c:\windows\SysWow64\secur32.dll
2017-01-05 17:43 . 2017-01-10 21:12        141312        ----a-w-        c:\windows\SysWow64\rpchttp.dll
2017-01-05 17:43 . 2017-01-10 21:12        60416        ----a-w-        c:\windows\SysWow64\msobjs.dll
2017-01-05 17:43 . 2017-01-10 21:12        261120        ----a-w-        c:\windows\SysWow64\msv1_0.dll
2017-01-05 17:43 . 2017-01-10 21:12        223232        ----a-w-        c:\windows\SysWow64\ncrypt.dll
2017-01-05 17:43 . 2017-01-10 21:12        146432        ----a-w-        c:\windows\SysWow64\msaudite.dll
2017-01-05 17:43 . 2017-01-10 21:12        553472        ----a-w-        c:\windows\SysWow64\kerberos.dll
2017-01-05 17:43 . 2017-01-10 21:12        17408        ----a-w-        c:\windows\SysWow64\credssp.dll
2017-01-05 17:43 . 2017-01-10 21:12        342528        ----a-w-        c:\windows\SysWow64\certcli.dll
2017-01-05 17:42 . 2017-01-10 21:12        690688        ----a-w-        c:\windows\SysWow64\adtschema.dll
2017-01-05 17:32 . 2017-01-10 21:12        64000        ----a-w-        c:\windows\system32\auditpol.exe
2017-01-05 17:25 . 2017-01-10 21:12        159744        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2017-01-05 17:24 . 2017-01-10 21:12        291328        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2017-01-05 17:24 . 2017-01-10 21:12        129536        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2017-01-05 17:24 . 2017-01-10 21:12        30720        ----a-w-        c:\windows\system32\lsass.exe
2017-01-05 17:23 . 2017-01-10 21:12        50176        ----a-w-        c:\windows\SysWow64\auditpol.exe
2017-01-05 17:19 . 2017-01-10 21:12        36352        ----a-w-        c:\windows\SysWow64\cryptbase.dll
2017-01-04 14:26 . 2017-01-04 14:26        1964600        ----a-w-        c:\windows\system32\nvdispco6437653.dll
2017-01-04 14:26 . 2017-01-04 14:26        1600056        ----a-w-        c:\windows\system32\nvdispgenco6437653.dll
2016-12-16 00:33 . 2016-12-16 00:33        273696        ----a-w-        c:\windows\SysWow64\vulkan-1-1-0-37-0.dll
2016-12-16 00:33 . 2016-12-16 00:33        111392        ----a-w-        c:\windows\SysWow64\vulkaninfo-1-1-0-37-0.exe
2016-12-16 00:33 . 2016-12-16 00:33        266528        ----a-w-        c:\windows\system32\vulkan-1-1-0-37-0.dll
2016-12-16 00:32 . 2016-12-16 00:32        125728        ----a-w-        c:\windows\system32\vulkaninfo-1-1-0-37-0.exe
2016-12-12 02:37 . 2016-12-30 21:05        1953336        ----a-w-        c:\windows\system32\nvdispco6437633.dll
2016-12-12 02:37 . 2016-12-30 21:05        1586744        ----a-w-        c:\windows\system32\nvdispgenco6437633.dll
2016-11-29 21:34 . 2016-11-29 21:34        28352        ----a-w-        c:\windows\SysWow64\aspnet_counters.dll
2016-11-29 21:34 . 2016-11-29 21:34        19112        ----a-w-        c:\windows\SysWow64\msvcr110_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34        19112        ----a-w-        c:\windows\SysWow64\msvcr100_clr0400.dll
2016-11-29 21:34 . 2016-11-29 21:34        19112        ----a-w-        c:\windows\SysWow64\msvcp110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27        30400        ----a-w-        c:\windows\system32\aspnet_counters.dll
2016-11-29 21:27 . 2016-11-29 21:27        19112        ----a-w-        c:\windows\system32\msvcr110_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27        19112        ----a-w-        c:\windows\system32\msvcr100_clr0400.dll
2016-11-29 21:27 . 2016-11-29 21:27        19112        ----a-w-        c:\windows\system32\msvcp110_clr0400.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.18231_none_3b457059383c66e6\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.22414_none_3be7afc0514717fa\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[-] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
.
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7600.16385_none_f3435f7ff2a9f325\kbdclass.sys
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\drivers\kbdclass.sys
[-] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
.
[-] 2015-10-13 . F7309F42555F8AAB7144A51A1F2585B0 . 950720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.19030_none_05d3592832c2ab5e\ndis.sys
[-] 2015-10-12 . 901D1BE3F8567B5D02747B1174FF708F . 949184 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.23235_none_0661f94b4bdbc702\ndis.sys
[-] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[-] 2012-08-22 . 5E74508FCB5820B29EEAFE24E6035BCF . 950128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.22097_none_06232d534c0a8d67\ndis.sys
[-] 2010-11-20 . 79B47FD40D9A817E932F9D26FAC0A81C . 951680 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_05ed313632ae9759\ndis.sys
[-] 2009-07-14 . CAD515DBD07D082BB317D9928CE8962C . 947776 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_03bc1d6e35c013bf\ndis.sys
[-] 2015-10-13 . F7309F42555F8AAB7144A51A1F2585B0 . 950720 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[-] 2016-01-11 . 47B2D0B31BDC3EBE6090228E2BA3764D . 1684416 . . [6.1.7601.19116] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.19116_none_0498fa9833899528\ntfs.sys
[-] 2016-01-08 . 3ABD1BD4844C446FF1423B983566EB47 . 1683904 . . [6.1.7601.23318] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.23318_none_052499dd4ca564c7\ntfs.sys
[-] 2013-04-12 . B98F8C6E31CD07B2E6F71F7F648E38C0 . 1656680 . . [6.1.7601.18127] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.18127_none_048f41be3390b0cf\ntfs.sys
[-] 2013-04-12 . 91127EC56F7BA2182EA1340DC00F98E5 . 1679208 . . [6.1.7600.21499] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.21499_none_02e8d2a34fbedaf2\ntfs.sys
[-] 2013-04-12 . 9A6089B056EA1B83B36424FC9D0A300E . 1653096 . . [6.1.7600.17281] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.17281_none_0262018e36a05758\ntfs.sys
[-] 2013-04-12 . A6AE4551BF8EED09FA3B6FCDF472F3E1 . 1686888 . . [6.1.7601.22297] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22297_none_04cd2f154ce71430\ntfs.sys
[-] 2011-03-11 . A2F74975097F52A00745F9637451FDD8 . 1659776 . . [6.1.7601.17577] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_0459508233b9177f\ntfs.sys
[-] 2011-03-11 . 867C1395F0100CBE9ACD73B1C2741149 . 1685888 . . [6.1.7600.20921] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_032ca00d4f8d24c5\ntfs.sys
[-] 2011-03-11 . 378E0E0DFEA67D98AE6EA53ADBBD76BC . 1657216 . . [6.1.7600.16778] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_0273f3c63691c4ea\ntfs.sys
[-] 2011-03-11 . 87B104128D4D3BA3C13098BAEBF38082 . 1659776 . . [6.1.7601.21680] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_04d11b5b4ce521d9\ntfs.sys
[-] 2010-11-20 . 05D78AA5CB5F3F5C31160BDB955D0B7C . 1659776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_04972f2c338b23d4\ntfs.sys
[-] 2009-07-14 . 356698A13C4630D5B31C37378D469196 . 1659984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_02661b64369ca03a\ntfs.sys
[-] 2016-01-11 . 47B2D0B31BDC3EBE6090228E2BA3764D . 1684416 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[-] 2016-07-07 . B2875D7ABB82867DC3AA03D991940201 . 1896168 . . [6.1.7601.23496] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.23496_none_117904649662b62b\tcpip.sys
[-] 2014-04-05 . 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E . 1903552 . . [6.1.7601.18438] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[-] 2014-04-05 . 4F80944B03112F486212DC20BE166079 . 1897408 . . [6.1.7601.22648] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22648_none_11b12f2896383dd1\tcpip.sys
[-] 2013-09-08 . 40AF23633D197905F03AB5628C558C51 . 1903552 . . [6.1.7601.18254] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_1118bb977d265d27\tcpip.sys
[-] 2013-09-07 . 75F9106B74585D38C8FF6BB5CAD262D7 . 1896896 . . [6.1.7601.22444] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22444_none_11ad2a34963bde27\tcpip.sys
[-] 2012-10-03 . 37608401DFDB388CAF66917F6B2D6FB0 . 1914248 . . [6.1.7601.17964] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17964_none_110e0fbd7d2e4b88\tcpip.sys
[-] 2012-10-03 . D5707FC2300AA5B04B7BFE86D40C0133 . 1902472 . . [6.1.7601.22124] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.22124_none_11c2c45a962baed0\tcpip.sys
[-] 2010-11-20 . 509383E505C973ED7534A06B3D19688D . 1924480 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_114417c17d05cb37\tcpip.sys
[-] 2009-07-14 . 912107716BAB424C7870E8E6AF5E07E1 . 1898576 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_0f1303f98017479d\tcpip.sys
[-] 2016-07-07 . B2875D7ABB82867DC3AA03D991940201 . 1896168 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[-] 2016-11-27 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe
[-] 2016-11-27 . C842D8DC6E5BCD750FA50E4083CBBBEB . 5552064 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe
[-] 2016-10-11 . A4BEE5EE486E2C458B0B3FF19167D1F9 . 5547752 . . [6.1.7601.23572] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23572_none_ca9cf448e412e786\ntoskrnl.exe
[-] 2016-10-07 . 92C29FF58CF827692A72FA122854EB29 . 5547752 . . [6.1.7601.23569] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23569_none_caaec63ae4047cf6\ntoskrnl.exe
[-] 2016-09-02 . 72D9FC1995B11D65FDAACF23C9607E85 . 5548264 . . [6.1.7601.23539] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23539_none_cacf35fee3ec2923\ntoskrnl.exe
[-] 2016-03-17 . ADFFC3B4418247A562E8727C66DE4428 . 5551336 . . [6.1.7601.23392] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_ca8750a4e423251a\ntoskrnl.exe
[-] 2016-03-16 . 906A6FFFA12555264622F17DA2E6CD2E . 5551336 . . [6.1.7601.23391] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23391_none_ca86505ae4240bc3\ntoskrnl.exe
[-] 2016-01-22 . CA87600D56F8A59B7D831109907239C4 . 5552576 . . [6.1.7601.23338] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23338_none_cace31e8e3ed157e\ntoskrnl.exe
[-] 2016-01-22 . DDC8747E8EA0D44C1DCB14B872F07AD8 . 5573056 . . [6.1.7601.19135] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19135_none_ca419259cad22c88\ntoskrnl.exe
[-] 2015-07-23 . 0F97C5BD7D2FCBA9F2E6A69CBAEC389E . 5568960 . . [6.1.7601.18939] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_ca45b979cace617b\ntoskrnl.exe
[-] 2015-07-22 . AD9888FF818F16FF30F788B579A7C4EE . 5550528 . . [6.1.7601.23142] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_cabd5c74e3fa9f17\ntoskrnl.exe
[-] 2015-07-15 . B9A07A9807A4BAC067498CC8D77F3D4D . 5568960 . . [6.1.7601.18933] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_ca3fb7bdcad3c971\ntoskrnl.exe
[-] 2015-07-15 . E8D0557D278E38133E638805EE1B48AB . 5550528 . . [6.1.7601.23136] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_cacc2d88e3eee882\ntoskrnl.exe
[-] 2015-07-15 . D1EF413551B6A324E260E34856B765C3 . 5550528 . . [6.1.7601.23126] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_cad6fd74e3e6cc91\ntoskrnl.exe
[-] 2015-07-15 . E85C3F602B11BF95D0EF7BBCF9D35FF4 . 5568960 . . [6.1.7601.18923] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_ca4a87a9cacbad80\ntoskrnl.exe
[-] 2015-05-25 . 345B487FB5966EB56C41338154E28A4A . 5550528 . . [6.1.7601.23072] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_ca9ceacae412f5c3\ntoskrnl.exe
[-] 2015-05-25 . 9E2A2028228645DD57EF45A02CAC0CCE . 5569984 . . [6.1.7601.18869] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_ca2547cfcae6b827\ntoskrnl.exe
[-] 2015-03-19 . 5D0903BED77868F03E04D0A0BAA21540 . 5473720 . . [6.1.7600.21980] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21980_none_c8a9e156e6f6458a\ntoskrnl.exe
[-] 2015-03-19 . 684D76120BC1FD90BFCCB64D069C003B . 5503416 . . [6.1.7600.17795] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17795_none_c81a742bcddc433d\ntoskrnl.exe
[-] 2015-01-14 . 12A78796FFF4D5B8B15A2BC4B13650A4 . 5553080 . . [6.1.7601.22923] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22923_none_cad4228ee3e95023\ntoskrnl.exe
[-] 2015-01-14 . 9819614CA9EFB5A96493B379170B9D89 . 5554112 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18717_none_ca5954f1cabffc9d\ntoskrnl.exe
[-] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe
[-] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
[-] 2012-04-02 . 9579F84C40B3BE205C9FD4CCDD99B6B7 . 5504880 . . [6.1.7600.16988] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_c8285f89cdd153fe\ntoskrnl.exe
[-] 2012-03-31 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[-] 2012-03-31 . 5E6017E5814B3BC366A5A7A88538D0FC . 5473136 . . [6.1.7600.21179] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_c8bda4ace6e62470\ntoskrnl.exe
[-] 2012-03-31 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[-] 2011-04-09 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[-] 2011-04-09 . 240D89BBE5BCD168D748D6C12B6FE884 . 5475712 . . [6.1.7600.20941] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_c8d63818e6d4d57c\ntoskrnl.exe
[-] 2011-04-09 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[-] 2011-04-09 . E03A9AC0273182895DCB3693A36785C9 . 5509504 . . [6.1.7600.16792] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_c8178a15cddedd97\ntoskrnl.exe
[-] 2010-11-20 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[-] 2009-07-14 . 9E722B768E33D26AD8FA7D642E707443 . 5511248 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_c8255347cdd4190f\ntoskrnl.exe
[-] 2016-10-11 . A4BEE5EE486E2C458B0B3FF19167D1F9 . 5547752 . . [6.1.7601.23572] .. c:\windows\system32\ntoskrnl.exe
.
[-] 2016-11-27 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[-] 2016-11-27 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[-] 2016-10-11 . D7206CB1BCAD3FFA2C8233517AB70F19 . 4000488 . . [6.1.7601.23572] .. c:\windows\SysWOW64\ntkrnlpa.exe
[-] 2016-10-11 . D7206CB1BCAD3FFA2C8233517AB70F19 . 4000488 . . [6.1.7601.23572] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23572_none_6e7e58c52bb57650\ntkrnlpa.exe
[-] 2016-10-07 . 3BAB11E3100E91D322BB2968E4288721 . 4000488 . . [6.1.7601.23569] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23569_none_6e902ab72ba70bc0\ntkrnlpa.exe
[-] 2016-09-02 . 6C776DB52210002932F3C97C29FDE894 . 4000488 . . [6.1.7601.23539] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23539_none_6eb09a7b2b8eb7ed\ntkrnlpa.exe
[-] 2016-03-17 . 5C47821CC760ED48EA66A28465BD35E4 . 3998952 . . [6.1.7601.23392] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_6e68b5212bc5b3e4\ntkrnlpa.exe
[-] 2016-03-16 . D2FEB9B33C8475AD3A9C7584ED92287C . 3998952 . . [6.1.7601.23391] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23391_none_6e67b4d72bc69a8d\ntkrnlpa.exe
[-] 2016-01-22 . 8D8374FD723FEB2800305A8A66CD1ABA . 3993536 . . [6.1.7601.19135] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19135_none_6e22f6d61274bb52\ntkrnlpa.exe
[-] 2016-01-22 . B5C9AEAC853853872DE608ABE64A7706 . 3998656 . . [6.1.7601.23338] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23338_none_6eaf96652b8fa448\ntkrnlpa.exe
[-] 2015-07-23 . EDE7D6D205B86DE1C7362D198C3018F8 . 3995584 . . [6.1.7601.23142] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_6e9ec0f12b9d2de1\ntkrnlpa.exe
[-] 2015-07-22 . 7798C39730CA28B18F8CC45EDBB479DC . 3989952 . . [6.1.7601.18939] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_6e271df61270f045\ntkrnlpa.exe
[-] 2015-07-15 . 6C95D6264810F816E92780E7DB81F7B1 . 3989952 . . [6.1.7601.18933] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_6e211c3a1276583b\ntkrnlpa.exe
[-] 2015-07-15 . 4DCAB20257F5272950EECB4DB96815CC . 3995584 . . [6.1.7601.23136] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_6ead92052b91774c\ntkrnlpa.exe
[-] 2015-07-15 . 2EDEDA680B11D41A01992C7CD2ADE28C . 3995584 . . [6.1.7601.23126] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_6eb861f12b895b5b\ntkrnlpa.exe
[-] 2015-07-15 . BB50127AACB467F56DDDAF0E1E434B33 . 3989952 . . [6.1.7601.18923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_6e2bec26126e3c4a\ntkrnlpa.exe
[-] 2015-05-25 . 4AA0A6FDBAD338FBE8550FA68A465E17 . 3994560 . . [6.1.7601.23072] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_6e7e4f472bb5848d\ntkrnlpa.exe
[-] 2015-05-25 . 641A14E6AC492ED45BC68815E2E2F566 . 3989440 . . [6.1.7601.18869] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_6e06ac4c128946f1\ntkrnlpa.exe
[-] 2015-03-19 . AFF8F0B3B8830CFC87C9C610108D58E6 . 3963320 . . [6.1.7600.17795] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17795_none_6bfbd8a8157ed207\ntkrnlpa.exe
[-] 2015-03-19 . D5A823033A3C07C675168F73E5B57EDB . 3976120 . . [6.1.7600.21980] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21980_none_6c8b45d32e98d454\ntkrnlpa.exe
[-] 2015-01-14 . 4997B61D205698D53420B877B8F76622 . 3977656 . . [6.1.7601.22923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22923_none_6eb5870b2b8bdeed\ntkrnlpa.exe
[-] 2015-01-14 . 62C93E47A424A8EC79F3CF1719A2DCC6 . 3972544 . . [6.1.7601.18717] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18717_none_6e3ab96e12628b67\ntkrnlpa.exe
[-] 2014-03-04 . FB18FE03DEC1297107946C4D597797C3 . 3974080 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe
[-] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntkrnlpa.exe
[-] 2012-04-02 . 9D19079820928D72A5708A668B5B62AE . 3958128 . . [6.1.7600.16988] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntkrnlpa.exe
[-] 2012-03-31 . C6D1D128DE4148E35B6C04B6892EB71A . 3970928 . . [6.1.7600.21179] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntkrnlpa.exe
[-] 2012-03-31 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[-] 2012-03-31 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[-] 2011-04-09 . 83515CDDB47B08F65F1EC7451778C3CD . 3967360 . . [6.1.7600.20941] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntkrnlpa.exe
[-] 2011-04-09 . EEDB427EAC109E0711642B65C229BC59 . 3957632 . . [6.1.7600.16792] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntkrnlpa.exe
[-] 2011-04-09 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[-] 2011-04-09 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[-] 2010-11-20 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
[-] 2009-07-14 . E2A8596576873BC5D509031DECD8C95D . 3954768 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntkrnlpa.exe
.
[-] 2016-11-27 . F2831268EC600225F611DC02166EACF0 . 815304 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17843_none_85394e6bf752dae9\iexplore.exe
[-] 2016-11-14 . EE79D654A04333F566DF07EBDE217928 . 815312 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.18537_none_855864abf73bd16a\iexplore.exe
[-] 2016-10-28 . 9D2F4943A1127CAC62011A185DE78F48 . 815304 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.18524_none_8557a8b9f73c6b30\iexplore.exe
[-] 2016-09-01 . 4CAF56618E7FA3EAEC06672C6810DBA7 . 815304 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.18449_none_85640751f7330212\iexplore.exe
[-] 2015-12-10 . 87D1537D9EBA9BEAC6243252436CA9B2 . 677024 . . [8.00.7601.19104] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.19104_none_1bf5ee166fc02f42\iexplore.exe
[-] 2015-12-10 . 9A1D012F7754B072DA3368FDDC7DC5F5 . 677024 . . [8.00.7601.23301] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.23301_none_1c7c8be988e0802e\iexplore.exe
[-] 2010-11-20 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[-] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_19ba3f8a72d988f3\iexplore.exe
.
.
[-] 2016-11-27 . 813A7F5A2D6D366EB3FFB643B851BCE5 . 3914176 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntoskrnl.exe
[-] 2016-11-27 . 998141EB656327F13B8EEC01BAADC5D4 . 3918272 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntoskrnl.exe
[-] 2016-10-11 . CA53F14726F15B1B50A5197DBEED2FEC . 3944680 . . [6.1.7601.23572] .. c:\windows\SysWOW64\ntoskrnl.exe
[-] 2016-10-11 . CA53F14726F15B1B50A5197DBEED2FEC . 3944680 . . [6.1.7601.23572] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23572_none_6e7e58c52bb57650\ntoskrnl.exe
[-] 2016-10-07 . 04B9CB2F81994A2E3A32DCC3E297C647 . 3944680 . . [6.1.7601.23569] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23569_none_6e902ab72ba70bc0\ntoskrnl.exe
[-] 2016-09-02 . C7F9A2FBB73D75191FBF88ACB2563765 . 3944680 . . [6.1.7601.23539] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23539_none_6eb09a7b2b8eb7ed\ntoskrnl.exe
[-] 2016-03-17 . F1CA4530A435A6741346A1ECF3FE10E9 . 3943144 . . [6.1.7601.23392] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23392_none_6e68b5212bc5b3e4\ntoskrnl.exe
[-] 2016-03-16 . 9DE9DB4F59114217D8750CB953FFBFFC . 3943144 . . [6.1.7601.23391] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23391_none_6e67b4d72bc69a8d\ntoskrnl.exe
[-] 2016-01-22 . A9AE21C45FBF6CE1E6B5C5FEBB38004C . 3938752 . . [6.1.7601.19135] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19135_none_6e22f6d61274bb52\ntoskrnl.exe
[-] 2016-01-22 . 42E32E87E4B4CC8BA6329A6CD52B9973 . 3943360 . . [6.1.7601.23338] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23338_none_6eaf96652b8fa448\ntoskrnl.exe
[-] 2015-07-23 . EBA077FC13F9CCD445A8B0DD1B9C760E . 3939776 . . [6.1.7601.23142] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_6e9ec0f12b9d2de1\ntoskrnl.exe
[-] 2015-07-22 . B83B25734C88C16026DFA483C5FE2107 . 3934656 . . [6.1.7601.18939] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_6e271df61270f045\ntoskrnl.exe
[-] 2015-07-15 . DC18FFFF3175376ABD38E6D48309F7F9 . 3934656 . . [6.1.7601.18933] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_6e211c3a1276583b\ntoskrnl.exe
[-] 2015-07-15 . 4555F0C9CFDB8158C7A9E462F6FCD053 . 3939776 . . [6.1.7601.23136] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_6ead92052b91774c\ntoskrnl.exe
[-] 2015-07-15 . ECBD9B1FF41E554971D98DF2F7B8A52D . 3939776 . . [6.1.7601.23126] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_6eb861f12b895b5b\ntoskrnl.exe
[-] 2015-07-15 . D2D535ADD20A3D9340539336E46DDB20 . 3934656 . . [6.1.7601.18923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_6e2bec26126e3c4a\ntoskrnl.exe
[-] 2015-05-25 . DEF4491FB75633A4EB4648F68B7DF8C2 . 3939776 . . [6.1.7601.23072] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_6e7e4f472bb5848d\ntoskrnl.exe
[-] 2015-05-25 . 583FFF12D2F0D6E1A8746462C433895F . 3934144 . . [6.1.7601.18869] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_6e06ac4c128946f1\ntoskrnl.exe
[-] 2015-03-19 . 1F787C654972CF059E0074DBD48747EA . 3908024 . . [6.1.7600.17795] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.17795_none_6bfbd8a8157ed207\ntoskrnl.exe
[-] 2015-03-19 . 4CECB6264955361C44F436F72CE32650 . 3920824 . . [6.1.7600.21980] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21980_none_6c8b45d32e98d454\ntoskrnl.exe
[-] 2015-01-14 . BFCA109D2F65A57389E03D63B0F86EE3 . 3921848 . . [6.1.7601.22923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22923_none_6eb5870b2b8bdeed\ntoskrnl.exe
[-] 2015-01-14 . 6D227897A458DA8A9518DACDC88F1947 . 3917760 . . [6.1.7601.18717] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18717_none_6e3ab96e12628b67\ntoskrnl.exe
[-] 2014-03-04 . A3EBCBBE7EFF3F736ADC532A6C73E775 . 3918784 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntoskrnl.exe
[-] 2014-03-04 . 31FA2485DFC773F1E718A4D19F443FA9 . 3914176 . . [6.1.7601.18409] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntoskrnl.exe
[-] 2012-04-02 . 678AD0F9DB55F9127851CD631456F483 . 3902320 . . [6.1.7600.16988] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16988_none_6c09c4061573e2c8\ntoskrnl.exe
[-] 2012-03-31 . D909EAFA618BC9DB2615303DA3D9C830 . 3915632 . . [6.1.7600.21179] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21179_none_6c9f09292e88b33a\ntoskrnl.exe
[-] 2012-03-31 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[-] 2012-03-31 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[-] 2011-04-09 . 0F4A148499CC6FA5D84A0F1587869051 . 3911552 . . [6.1.7600.20941] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.20941_none_6cb79c952e776446\ntoskrnl.exe
[-] 2011-04-09 . D9FD1D6337F15AAF2012C69909615DB5 . 3901824 . . [6.1.7600.16792] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16792_none_6bf8ee9215816c61\ntoskrnl.exe
[-] 2011-04-09 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[-] 2011-04-09 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[-] 2010-11-20 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[-] 2009-07-14 . B9D673F7707219DFD264891A26C21ECB . 3899472 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16385_none_6c06b7c41576a7d9\ntoskrnl.exe
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Pending)]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-10-31 19:43        564736        ----a-w-        c:\users\anti\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Synced)]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-10-31 19:43        564736        ----a-w-        c:\users\anti\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Syncing)]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-10-31 19:43        564736        ----a-w-        c:\users\anti\AppData\Local\MEGAsync\ShellExtX32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"THPanel"="g:\programme\Thunder Master\THPanel.exe" [2016-10-26 2030424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2013-03-10 88984]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"script_fcbd"="c:\program files (x86)\Ubisoft\Ubisoft Game Launcher\games\Far Cry 3 Blood Dragon\fcbd.bat" [2016-12-25 351]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
fcbd.bat [2016-12-25 351]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R0 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 NVIDIA Wireless Controller Service;NVIDIA Wireless Controller Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe;c:\program files (x86)\Futuremark\SystemInfo\FMSISvc.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LGBusEnum;Logitech Gaming Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
R3 LGJoyXlCore;Logitech Translation Layer Driver (LGS);c:\windows\system32\drivers\LGJoyXlCore.sys;c:\windows\SYSNATIVE\drivers\LGJoyXlCore.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 NvContainerNetworkService;NVIDIA NetworkService Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
R3 NvStreamKms;NVIDIA KMS;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 pikbd;Pluralinput Keyboard 1.0;c:\windows\system32\DRIVERS\pikbd.sys;c:\windows\SYSNATIVE\DRIVERS\pikbd.sys [x]
R3 pimou;Pluralinput Mouse 1.0;c:\windows\system32\DRIVERS\pimou.sys;c:\windows\SYSNATIVE\DRIVERS\pimou.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
S0 nvme;nvme;c:\windows\system32\DRIVERS\nvme.sys;c:\windows\SYSNATIVE\DRIVERS\nvme.sys [x]
S0 nvmeF;nvmeF;c:\windows\system32\DRIVERS\nvmeF.sys;c:\windows\SYSNATIVE\DRIVERS\nvmeF.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Virtual Machine Communication Interface Sockets driver;c:\windows\system32\DRIVERS\vsock.sys;c:\windows\SYSNATIVE\DRIVERS\vsock.sys [x]
S1 vmkbd3;VMware Input Filter and Injection Driver (vmkbd);c:\windows\system32\DRIVERS\vmkbd.sys;c:\windows\SYSNATIVE\DRIVERS\vmkbd.sys [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 chip1click;chip 1-click download service;c:\program files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe;c:\program files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 DigitalWave.Update.Service;Digital Wave Update Service;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe;c:\program files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 NvContainerLocalSystem;NVIDIA LocalSystem Container;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe;c:\program files\NVIDIA Corporation\NvContainer\nvcontainer.exe [x]
S2 NvTelemetryContainer;NVIDIA Telemetry Container;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe;c:\program files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 nvvhci;NVVHCI Enumerator Service;c:\windows\system32\DRIVERS\nvvhci.sys;c:\windows\SYSNATIVE\DRIVERS\nvvhci.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr QWAVE wcncsvc
WinSAPSvc        REG_MULTI_SZ          WinSAPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2017-02-26 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-14 20:08]
.
2017-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-12-19 20:08]
.
2017-02-27 c:\windows\Tasks\Start WinZip Registry Optimizer for anti-PC@anti(logon).job
- c:\program files\WinZip Registry Optimizer\RegistryOptimizer.exe [2016-08-17 13:25]
.
2017-02-27 c:\windows\Tasks\Start WinZip Registry Optimizer with delay for anti-PC@anti.job
- c:\program files\WinZip Registry Optimizer\RegistryOptimizer.exe [2016-08-17 13:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Pending)]
@="{056D528D-CE28-4194-9BA3-BA2E9197FF8C}"
[HKEY_CLASSES_ROOT\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}]
2016-10-31 19:45        592384        ----a-w-        c:\users\anti\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Synced)]
@="{05B38830-F4E9-4329-978B-1DD28605D202}"
[HKEY_CLASSES_ROOT\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}]
2016-10-31 19:45        592384        ----a-w-        c:\users\anti\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ MEGA (Syncing)]
@="{0596C850-7BDD-4C9D-AFDF-873BE6890637}"
[HKEY_CLASSES_ROOT\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}]
2016-10-31 19:45        592384        ----a-w-        c:\users\anti\AppData\Local\MEGAsync\ShellExtX64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2016-06-10 00:41        491184        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2016-06-10 00:41        491184        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2016-06-10 00:41        491184        ----a-w-        c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2017-01-20 1872320]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2015-06-18 14021336]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
LSP: %windir%\system32\vsocklib.dll
TCP: Interfaces\{0FEC2B8E-5D63-4A2C-9121-1BB68D97D7ED}: NameServer = 8.8.8.8
TCP: Interfaces\{745345BE-9BE4-4020-A91F-72C0225398F2}: NameServer = 8.8.8.8
TCP: Interfaces\{846ee342-7039-11de-9d20-806e6f6e6963}: NameServer = 8.8.8.8
TCP: Interfaces\{88E9477E-7EA5-47B0-B344-9F51F1FD8B8A}: NameServer = 8.8.8.8
FF - ProfilePath - c:\users\anti\AppData\Roaming\Mozilla\Firefox\Profiles\ogafsetr.default-1484082323028\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-MBAMService
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\PnkBstrA.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\windows\SysWOW64\vmnat.exe
g:\virtuelle maschine\vmware-authd.exe
c:\program files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
c:\program files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2017-02-27  20:02:33 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2017-02-27 19:02
.
Vor Suchlauf: 30 Verzeichnis(se), 19.774.431.232 Bytes frei
Nach Suchlauf: 4.473.344.000 Bytes frei
.
- - End Of File - - 2847534D41FE20AFCBBBD51E676CED6A
A36C5E4F47E84449FF07ED3517B43A31

cosinus 27.02.2017 21:08
Hi,

da steht auch, dass du CF nicht ohne Anweisung ausführen sollst! :pfui:


Zitat:
Da Ich kurz davor aber auch in der regestry von windows wegen eines fehlers dateien in der HKEYlocalMachine geändert habe
Mit anderen Worten: du hast dir die Basis selbst zerstört.
Eine Bereinigung entfernt Schädlinge, repariert aber keine selbst herbeigeführten Zerstörungen in der Registry. Wenn du kein Backup hast hilft nur eine Neuinstallation von Windows.

anti398 27.02.2017 21:51
Gibts denn keine möglichkeit etwas zu reparieren ?
Ich kann mit dem PC immerhin hier diesen Foreneintrag schreiben.

cosinus 27.02.2017 21:58
Zitat:
Ich kann mit dem PC immerhin hier diesen Foreneintrag schreiben.
Das hat nun wirklich nix mit deinem beschriebenen Problem zu tun.
Es macht auch keinen Sinn ein mutwillig zerstörtes System zu bereinigen um dann hinterher zu hören, dass die Probleme immer noch da sind. Also nochmal, bereinigen ja geht, ist möglich. Aber man kann eine Registry nicht wieder gesund zaubern.

Und nu rate mal warum wir auch von jeglichen Registry-Reinigern DRINGEND abraten.


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:17 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132