Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden (https://www.trojaner-board.de/184753-windows-firewall-win10-deaktiviert-mal-maus-aktiviert.html)

rudi1949 13.03.2017 14:10
Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden
 
Hallo!
Ich bin neu hier und hoffe auf eine Antwort (Lösung) von Problemen, bei denen ich nicht ausschließen kann, daß eventuell Viren o.ä. die Ursachen sind.
1. Problem: Offenbar beim Herunterfahren oder beim Starten deaktiviert sich bei mir die Windows Firewall. ich bekomme nach einigen Minuten PC-lauf dann die Meldung (unten rechts) eingeblendet, das Die WFW deaktiviert ist und ich sie durch klicken auf diese Meldung aktivieren muß.
Ich benutze Panda Antivirus und dort zeigt ein Scan nichts Ungewöhnliches. habe auch schon Malwarebytes und ADW-Cleaner laufen lassen - ebenfalls ohne Ergebnis. Kann die Ursache trotzdem Schadsoftware sein?
Auch falls es kein Fall für dieses Forum ist, kann mir vielleicht trotzdem jemand einen Hinweis geben, wie ich die Firewall permanent ab Start aktiv halten kann.
Vielen Dank schon im Voraus.

Rudi

cosinus 13.03.2017 14:17
Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)




Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

rudi1949 14.03.2017 08:49
Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden
 
Danke!
Hier ist das erste File

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-03-2017
Ran by Rudi (administrator) on RUDI-PC (14-03-2017 08:18:34)
Running from Z:\Aktuelle Downloads
Loaded Profiles: Rudi (Available Profiles: Rudi & Administrator & DefaultAppPool)
Platform: Windows 10 Pro Version 1607 (X64) Language: Englisch (Vereinigte Staaten)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) D:\Program Files\Sandboxie\SbieSvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Computer, Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(New Softwares.net) C:\Windows\SysWOW64\WinFLService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(HP) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
() D:\Program Files\Atomic Alarm Clock\timeserv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Acronis International GmbH) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Panda Security, S.L.) D:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Panda Security, S.L.) D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Apache Software Foundation) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Ascora GmbH) D:\Program Files (x86)\StartupStar\StartupStar.exe
(Apache Software Foundation) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
Failed to access process -> FreemakeUtilsService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
( New Softwares.net) C:\Windows\SysWOW64\WinFLTray.exe
() D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
(Celartem, Inc., doing business as Extensis.) D:\Program Files (x86)\Extensis Suitcase Fusion\FMCore.exe
(Panda Security, S.L.) D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Bartels Media GmbH) D:\Program Files (x86)\PhraseExpress\phraseexpress.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Harry Stahl Software) D:\Program Files (x86)\Timonize\TRemind.EXE
() C:\ProgramData\Abelssoft\AntiRansomware\Program\AntiRansomware.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
() C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.17012.10301.0_x64__8wekyb3d8bbwe\Video.UI.exe
((C) LINE Corporation) D:\WindowsApps\NAVER.LINEwin8_5.4.7.0_x64__8ptj331gd3tyt\LINE_APP.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-14] (NVIDIA Corporation)
HKLM\...\Run: [*Restore] => C:\WINDOWS\System32\rstrui.exe [268288 2016-07-16] (Microsoft Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-07] (Microsoft Corporation)
HKLM-x32\...\Run: [PSUAMain] => D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [107520 2016-03-18] (Panda Security, S.L.)
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-07] (Dropbox, Inc.)
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Run: [SkinClock] => D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe [4287488 2011-10-25] ()
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Run: [FMCore.exe] => D:\Program Files (x86)\Extensis Suitcase Fusion\FMCore.exe [10760192 2014-10-16] (Celartem, Inc.,)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
ShellIconOverlayIdentifiers: [    AcronisDrive] -> {5D74FD4B-4EFB-4586-8022-8637BBE40970} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] ()
ShellIconOverlayIdentifiers: [    AcronisSyncError] -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] ()
ShellIconOverlayIdentifiers: [    AcronisSyncInProgress] -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] ()
ShellIconOverlayIdentifiers: [    AcronisSyncOk] -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll [2017-01-12] ()
ShellIconOverlayIdentifiers: [  DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [  IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} =>  -> No File
ShellIconOverlayIdentifiers: ["11CloudOverlayIcon"] -> {7287689B-8C79-4D52-A8C7-CC11D4D8ECE3} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] ()
ShellIconOverlayIdentifiers: ["12CloudOverlayIcon"] -> {75804F50-7528-4089-91DC-ABD7144EC960} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] ()
ShellIconOverlayIdentifiers: ["13CloudOverlayIcon"] -> {8B680D9E-7971-4ED5-BC1D-C0B7CA89B5A6} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] ()
ShellIconOverlayIdentifiers: ["14CloudOverlayIcon"] -> {2FFEFB84-A51D-4FAC-B125-17E44C87BC84} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] ()
ShellIconOverlayIdentifiers: ["15CloudOverlayIcon"] -> {D0F0E8F3-5536-4A04-80A1-40FB42B296EC} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] ()
ShellIconOverlayIdentifiers: ["16CloudOverlayIcon"] -> {5B3DEF8D-36B5-4A0C-AF95-BB774BE05E8F} => D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll [2015-11-18] ()
ShellIconOverlayIdentifiers-x32: [  DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [  DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2017-02-15] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PhraseExpress.lnk [2017-02-15]
ShortcutTarget: PhraseExpress.lnk -> D:\Program Files (x86)\PhraseExpress\phraseexpress.exe (Bartels Media GmbH)
Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2017-03-13]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRemind.EXE.lnk [2015-09-24]
ShortcutTarget: TRemind.EXE.lnk -> D:\Program Files (x86)\Timonize\TRemind.EXE (Harry Stahl Software)
Startup: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WF.msc - Verknüpfung.lnk [2017-02-28]
ShortcutTarget: WF.msc - Verknüpfung.lnk -> C:\Windows\System32\WF.msc ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
GroupPolicy\User: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{72c20bae-8251-48ad-b79c-f22df13eacaa}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9158bc68-ff9c-47ef-8194-53b98366daf8}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://th.search.yahoo.com/yhs/web?hspart=itm&hsimp=yhs-001&type=jmb_dnldastr_16_09&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dth%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzutDtDtByDtBtB0CtA0C0E0F0CzytA0FyBtN0D0Tzu0StCyDtBtBtN1L2XzutAtFtCyBtFtCtCtFyCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyEzytDzyyCtB0E0DtGtD0CtD0FtGtDzytD0FtGtCzz0BtCtGtByDtByEtC0F0CtDzz0B0ByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyD0BtB0B0C0AzyzztGtByCtCzytGyEtCyEzytG0AzzyDtBtGtDzztCyB0AyBtA0ByByC0AtC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyDzyyE%26cr%3D1173861011%26a%3Djmb_dnldastr_16_09%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {26C3165B-FC58-4910-802D-250B2E68A04E} -> No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Promt IE Helper -> {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} -> D:\Program Files (x86)\PRMT12\PRMTIE\prmtie.dll [2014-02-07] (PROMT Ltd.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default [2017-03-05]
FF NewTab: Mozilla\Firefox\Profiles\08i3m0cl.default -> about:newtab
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\08i3m0cl.default -> Yahoo! Powered
FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\08i3m0cl.default -> Bing
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\08i3m0cl.default -> Yahoo! Powered
FF Homepage: Mozilla\Firefox\Profiles\08i3m0cl.default -> hxxp://www.google.de/
FF Keyword.URL: Mozilla\Firefox\Profiles\08i3m0cl.default -> user_pref("keyword.URL", true);
FF Extension: (LastPass) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\support@lastpass.com [2017-02-10]
FF Extension: (YesScript) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\yesscript@userstyles.org.xpi [2016-08-05]
FF Extension: (Video DownloadHelper) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-01-05]
FF Extension: (Adblock Plus) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-12-10]
FF Extension: (BetterPrivacy) - C:\Users\Rudi\AppData\Roaming\Mozilla\Firefox\Profiles\08i3m0cl.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2017-03-05]
FF ProfilePath: C:\Users\Rudi\AppData\Roaming\bitmedia\Contentlauncher\Profiles\16bfeq6a.default [2017-02-25]
FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-11-14]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 15\spmplugin3 => not found
FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: (SmartPrintButton) - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn [2016-12-23]
FF HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Firefox\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manage\idmmzcc2.xpi
FF Extension: (IDM integration) - D:\Program Files (x86)\Internet Download Manage\idmmzcc2.xpi [2016-08-03]
FF HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Rudi\AppData\Roaming\IDM\idmmzcc5
FF Extension: (IDM CC) - C:\Users\Rudi\AppData\Roaming\IDM\idmmzcc5 [2016-10-29] [not signed]
FF HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\SeaMonkey\Extensions: [mozilla_cc2@internetdownloadmanager.com] - D:\Program Files (x86)\Internet Download Manage\idmmzcc2.xpi
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-29] (LastPass)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-12-09] (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1225195.dll [2016-09-20] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> D:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-11-09] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-01-23] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files (x86)\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-07-28] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Program Files (x86)\LastPass\nplastpass64.dll [2016-08-29] (LastPass)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [No File]
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-11-14] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2014-08-24] ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 -> C:\Program Files (x86)\TabletPlugins\npwacom.dll [2011-04-21] (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: @webex.com/npatgpc -> D:\ProgramData\WebEx\npatgpc.dll [2016-10-20] (Cisco WebEx LLC)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll [2016-10-01] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-12-09] (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin HKU\.DEFAULT: @protectdisc.com/NPPDLicenseHelper -> C:\Windows\system32\config\systemprofile\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [No File]
FF Plugin HKU\S-1-5-21-595107073-3459872703-1893278198-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rudi\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2016-11-09] (Citrix Online)
FF Plugin HKU\S-1-5-21-595107073-3459872703-1893278198-1000: @protectdisc.com/NPPDLicenseHelper -> C:\Users\Rudi\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll [2009-06-25] ( )
FF Plugin HKU\S-1-5-21-595107073-3459872703-1893278198-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-24] (Wacom)
StartMenuInternet: FIREFOX.EXE - D:\Program Files\Mozilla Firefox\firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=de-de
CHR StartupUrls: Default -> "hxxps://www.google.de/?gws_rd=ssl"
CHR Profile: C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default [2017-03-14]
CHR Extension: (ProxFlow) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek [2017-01-24]
CHR Extension: (uBlock Origin) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Copay) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnidaodnidkbaplmghlelgikaiejfhja [2017-02-19]
CHR Extension: (Adobe Acrobat) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-03-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2017-02-25]
CHR Extension: (OkayFreedom) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfnbbbkabnehoejfhcbbhdicagcoobji [2016-07-03]
CHR Extension: (Proxy for Chrome) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\iilpibhiihokecnbdkaminemnmecjfed [2016-08-09]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-02-09]
CHR Extension: (Video DownloadHelper) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjnegcaeklhafolokijcfjliaokphfk [2016-12-21]
CHR Extension: (Video download helper) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\mngdadkapbemiekajhhalpakdpleogfn [2016-10-29]
CHR Extension: (Chrome Web Store-Zahlungen) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Proxy List - Free Proxies for everyone) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\omihnninlhneakfglooiofgdbpmnhjgn [2016-06-27]
CHR Extension: (Proxy SwitchyOmega) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\padekgcemlokbadohgkifijomclgjgif [2017-03-12]
CHR Extension: (Chrome Media Router) - C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-02-07]
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-595107073-3459872703-1893278198-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - D:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-10]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - D:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AcronisActiveProtectionService; C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe [1175976 2017-01-16] (Acronis International GmbH)
S4 AcrSch2Svc; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [1276464 2017-01-18] ()
S4 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [6086232 2017-01-28] ()
S4 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 AtomicAlarmClock; D:\Program Files\Atomic Alarm Clock\timeserv.exe [2062336 2011-10-25] () [File not signed]
S4 Avira Secure Backup Crawler; C:\Program Files\Avira Secure Backup\Avira Secure BackupCrawler.exe [4121960 2013-06-24] () [File not signed]
S4 becldr3Service; C:\Program Files (x86)\BCL Technologies\easyConverter SDK 3\Common\becldr.exe [225280 2012-08-01] () [File not signed]
S4 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [87336 2012-01-12] (CyberLink Corp.)
S4 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-12-23] (Creative Labs) [File not signed]
S4 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [75048 2012-01-12] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [296232 2012-01-12] (CyberLink)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-26] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-08-26] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [104448 2017-01-24] (Freemake) [File not signed]
R2 FreemakeVideoCapture; D:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2017-01-24] (Ellora Assets Corp.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-14] (NVIDIA Corporation)
R2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-01-23] (Intel Corporation)
R2 MBAMScheduler; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 mmsminisrv; C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe [4679576 2016-12-20] (Acronis International GmbH)
S3 mobile_backup_server; C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe [2908352 2017-01-06] (Acronis International GmbH)
S3 mobile_backup_status_server; C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe [1611368 2017-01-18] ()
R2 NanoServiceMain; D:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [150528 2016-03-18] (Panda Security, S.L.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-14] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-14] (NVIDIA Corporation)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [73176 2016-02-22] (Panda Security, S.L.)
R2 PSUAService; D:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2016-03-17] (Panda Security, S.L.)
R2 SbieSvc; D:\Program Files\Sandboxie\SbieSvc.exe [197264 2016-09-23] (Sandboxie Holdings, LLC)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-16] (Microsoft Corporation)
S3 ss_conn_service; D:\Program Files\Kies\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 syncagentsrv; C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [7013704 2016-12-21] ()
R2 ThemlerApache; C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe [20992 2015-07-13] (Apache Software Foundation) [File not signed]
R2 ThemlerMySql; C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe [8148480 2015-07-13] () [File not signed]
S4 UPSmonitor; D:\Program Files (x86)\MonitorSoftware\monitor.exe [114688 2013-03-29] (Macrovision) [File not signed]
S4 UPSRMI; D:\Program Files (x86)\MonitorSoftware\wpRMI.exe [114688 2013-03-29] (Macrovision) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [53248 2007-05-31] (Tablet Driver) [File not signed]
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2013-09-12] (Zemana Ltd.)
S4 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [53816 2009-03-02] (Samsung Electronics Co., Ltd.)
S4 DgiVecp; C:\Windows\SysWOW64\Drivers\DgiVecp.sys [41984 2004-08-12] (Samsung Electronics Co., Ltd.) [File not signed]
R1 eusk2par; C:\Windows\system32\Drivers\eusk2par-amd64.sys [32336 2008-12-18] (Aladdin Knowledge Systems Ltd.)
R1 Eve; C:\WINDOWS\system32\DRIVERS\eve.sys [41304 2014-04-10] ()
R2 file_protector; C:\WINDOWS\System32\DRIVERS\file_protector.sys [447328 2017-01-28] (Acronis International GmbH)
R0 file_tracker; C:\WINDOWS\System32\DRIVERS\file_tracker.sys [375136 2017-01-28] (Acronis International GmbH)
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [34056 2014-11-17] (Paragon Software Group)
R3 LVPr2M64; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\WINDOWS\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2017-03-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R1 MpKsl0a5bf91f; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{725266B7-095B-4D5A-A803-53D716526B4C}\MpKsl0a5bf91f.sys [44928 2017-03-14] (Microsoft Corporation)
S3 mvusbews; C:\WINDOWS\System32\Drivers\mvusbews.sys [20480 2012-09-26] (Marvell Semiconductor, Inc.)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R1 NNSALPC; C:\WINDOWS\system32\DRIVERS\NNSALPC.sys [103856 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTP; C:\WINDOWS\system32\DRIVERS\NNSHTTP.sys [210864 2015-12-10] (Panda Security, S.L.)
R1 NNSHTTPS; C:\WINDOWS\system32\DRIVERS\NNSHTTPS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSIDS; C:\WINDOWS\system32\DRIVERS\NNSIDS.sys [120240 2015-12-10] (Panda Security, S.L.)
R1 NNSNAHSL; C:\WINDOWS\system32\DRIVERS\NNSNAHSL.sys [58616 2015-06-19] (Panda Security, S.L.)
R1 NNSPICC; C:\WINDOWS\system32\DRIVERS\NNSPICC.sys [112560 2015-12-10] (Panda Security, S.L.)
R1 NNSPIHSW; C:\WINDOWS\system32\DRIVERS\NNSPIHSW.sys [82864 2016-03-17] (Panda Security, S.L.)
R1 NNSPOP3; C:\WINDOWS\system32\DRIVERS\NNSPOP3.sys [133552 2015-12-10] (Panda Security, S.L.)
R1 NNSPROT; C:\WINDOWS\system32\DRIVERS\NNSPROT.sys [309680 2015-12-10] (Panda Security, S.L.)
R1 NNSPRV; C:\WINDOWS\system32\DRIVERS\NNSPRV.sys [179632 2016-02-18] (Panda Security, S.L.)
R1 NNSSMTP; C:\WINDOWS\system32\DRIVERS\NNSSMTP.sys [122800 2015-12-10] (Panda Security, S.L.)
R1 NNSSTRM; C:\WINDOWS\system32\DRIVERS\NNSSTRM.sys [267184 2016-02-18] (Panda Security, S.L.)
R1 NNSTLSC; C:\WINDOWS\system32\DRIVERS\NNSTLSC.sys [115632 2015-12-10] (Panda Security, S.L.)
R2 npf; C:\WINDOWS\System32\drivers\npf.sys [35344 2011-02-12] (CACE Technologies, Inc.)
R2 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [82928 2011-10-27] (Cyberlink Corp.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-14] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [38032 2015-10-14] (NVIDIA Corporation)
S3 OSFMount; D:\Program Files\OSFMount\OSFMount.sys [540224 2012-05-09] (PassMark Software)
R2 PSINAflt; C:\WINDOWS\system32\DRIVERS\PSINAflt.sys [174000 2016-02-18] (Panda Security, S.L.)
R2 PSINFile; C:\WINDOWS\System32\DRIVERS\PSINFile.sys [129456 2016-02-18] (Panda Security, S.L.)
R1 PSINKNC; C:\WINDOWS\system32\DRIVERS\PSINKNC.sys [207280 2016-02-18] (Panda Security, S.L.)
R2 PSINProc; C:\WINDOWS\System32\DRIVERS\PSINProc.sys [133552 2016-02-18] (Panda Security, S.L.)
R2 PSINProt; C:\WINDOWS\system32\DRIVERS\PSINProt.sys [146864 2016-02-24] (Panda Security, S.L.)
R2 PSINReg; C:\WINDOWS\system32\DRIVERS\PSINReg.sys [117168 2016-02-18] (Panda Security, S.L.)
S3 PSKMAD; C:\WINDOWS\System32\DRIVERS\PSKMAD.sys [62080 2015-06-16] (Panda Security, S.L.)
R0 PxHlpa64; C:\WINDOWS\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S3 RSUSBCCID; C:\WINDOWS\system32\DRIVERS\RtsUCcid.sys [56936 2015-12-27] (Realtek Semiconductor Corp.)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [404184 2015-12-27] (Realsil Semiconductor Corporation)
R3 SbieDrv; D:\Program Files\Sandboxie\SbieDrv.sys [204944 2016-09-23] (Sandboxie Holdings, LLC)
R1 SLEE_19_DRIVER; C:\WINDOWS\Sleen1964.sys [117848 2014-10-24] (Softwareentwicklung Remus - ArchiCrypt - )
R3 Spyder3; C:\WINDOWS\System32\drivers\Spyder3.sys [15360 2008-09-08] ()
R0 tib; C:\WINDOWS\System32\DRIVERS\tib.sys [1310560 2017-01-28] (Acronis International GmbH)
R2 tib_mounter; C:\WINDOWS\system32\DRIVERS\tib_mounter.sys [214360 2017-01-28] (Acronis International GmbH)
S3 tnd; C:\WINDOWS\system32\DRIVERS\tnd.sys [688864 2017-01-28] (Acronis International GmbH)
R1 UimBus; C:\WINDOWS\System32\drivers\UimBus.sys [92848 2016-08-08] ()
R1 Uim_DEVIM; C:\WINDOWS\System32\drivers\uim_devim.sys [26800 2016-08-08] ()
R1 Uim_IM; C:\WINDOWS\System32\drivers\uim_im.sys [484528 2016-08-08] ()
R1 veracrypt; C:\WINDOWS\System32\drivers\veracrypt.sys [467368 2017-02-28] (IDRIX)
R2 virtual_file; C:\WINDOWS\System32\DRIVERS\virtual_file.sys [324448 2017-01-28] (Acronis International GmbH)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WsAudio_Device; C:\WINDOWS\System32\drivers\VirtualAudio.sys [31080 2013-03-25] (Wondershare)
R1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [203680 2016-12-20] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-12-20] (Zemana Ltd.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [146928 2012-01-11] (CyberLink Corp.)
S3 dbx; system32\DRIVERS\dbx.sys [X]
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-12 14:05 - 2017-03-14 08:12 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-12 14:04 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-12 14:04 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2017-03-10 12:57 - 2017-03-10 13:04 - 435513784 _____ (ON1) C:\Users\Rudi\Downloads\ON1_Effects_10.5.1_Free.exe
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\ zAnti Ransomeware Honeypot
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Roaming\ zAnti Ransomeware Honeypot
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Roaming\ ! Anti Ransomeware Honeypot
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Local\ zAnti Ransomeware Honeypot
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\AppData\Local\ ! Anti Ransomeware Honeypot
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ___HD C:\Users\Rudi\ ! Anti Ransomeware Honeypot
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ____D C:\WINDOWS\System32\Tasks\Abelssoft
2017-03-10 10:50 - 2017-03-10 10:50 - 00000000 ____D C:\ProgramData\Abelssoft
2017-03-10 07:17 - 2017-03-10 07:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-09 11:48 - 2017-03-09 11:53 - 00000000 ____D C:\Users\Rudi\Desktop\7
2017-03-07 20:30 - 2017-03-07 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Professional
2017-03-07 12:42 - 2017-03-07 12:42 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Affinity
2017-03-07 12:42 - 2017-03-07 12:42 - 00000000 ____D C:\ProgramData\Affinity
2017-03-07 12:40 - 2017-03-07 12:40 - 00000836 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Affinity Photo Trial.lnk
2017-03-07 12:39 - 2017-03-07 12:39 - 00000000 ____D C:\Program Files\Affinity
2017-03-07 03:50 - 2017-03-07 03:50 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-06 21:01 - 2017-03-06 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiBit HD
2017-03-04 16:15 - 2017-03-04 16:15 - 00003254 _____ C:\WINDOWS\System32\Tasks\{9E502815-3FB8-422D-934C-BEAC4F7F61A3}
2017-03-04 15:27 - 2017-03-10 10:39 - 00001824 _____ C:\Users\Rudi\Desktop\Bridge17.lnk
2017-03-03 18:11 - 2017-03-04 14:12 - 00001086 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CC 2017.lnk
2017-02-28 19:12 - 2017-02-28 19:12 - 00467368 _____ (IDRIX) C:\WINDOWS\system32\Drivers\veracrypt.sys
2017-02-28 19:12 - 2017-02-28 19:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-02-27 14:32 - 2017-02-27 14:32 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2017-02-27 14:32 - 2017-02-27 14:32 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\chc
2017-02-26 16:53 - 2017-02-26 16:53 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RUDI-PC-Windows-10-Pro-(64-bit).dat
2017-02-26 16:53 - 2017-02-26 16:53 - 00000000 ____D C:\RegBackup
2017-02-26 16:04 - 2017-03-04 16:06 - 00000000 __SHD C:\Users\Rudi\xncenz
2017-02-26 16:03 - 2017-02-26 16:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2017-02-26 16:02 - 2017-02-26 16:03 - 00174775 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2017-02-26 16:02 - 2017-02-26 16:02 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2017-02-23 15:30 - 2017-02-23 15:33 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\RGS Fotokalender
2017-02-23 15:30 - 2017-02-23 15:30 - 00000000 ____D C:\Users\Rudi\Documents\RGS Fotokalender
2017-02-23 15:30 - 2017-02-23 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RGS Fotokalender (64-bit)
2017-02-22 12:00 - 2017-02-22 12:00 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2017-02-21 21:30 - 2017-02-21 21:30 - 00000098 _____ C:\ProgramData\.SF170
2017-02-21 18:03 - 2017-02-21 18:03 - 00000010 _____ C:\Users\Rudi\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2017-02-21 18:03 - 2017-02-21 18:03 - 00000010 _____ C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822
2017-02-21 16:43 - 2017-02-21 21:24 - 00000000 ____D C:\Users\Rudi\AppData\Local\Extensis
2017-02-21 16:43 - 2017-02-21 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Extensis
2017-02-19 17:56 - 2017-02-19 17:57 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\your-app
2017-02-19 17:56 - 2017-02-19 17:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZXPInstaller
2017-02-19 17:56 - 2017-02-19 17:56 - 00000000 ____D C:\Program Files (x86)\ZXPInstaller
2017-02-17 19:09 - 2017-02-17 19:09 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Bitcoin
2017-02-17 17:01 - 2017-02-17 17:01 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\contentlauncher
2017-02-17 17:01 - 2017-02-17 17:01 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\bitmedia
2017-02-17 17:01 - 2017-02-17 17:01 - 00000000 ____D C:\Users\Rudi\AppData\Local\bitmedia
2017-02-17 14:58 - 2017-02-17 14:58 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin Core
2017-02-15 15:01 - 2017-02-16 15:15 - 00000000 ____D C:\Users\Rudi\Desktop\8
2017-02-15 14:29 - 2017-02-15 14:29 - 05188646 _____ C:\Users\Rudi\Documents\AutoRuns2.arn
2017-02-15 13:18 - 2017-03-13 17:23 - 00000000 ____D C:\Users\Rudi\Documents\PhraseExpress
2017-02-15 13:18 - 2017-02-15 14:30 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\PhraseExpress
2017-02-15 11:07 - 2017-02-15 12:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress
2017-02-15 11:07 - 2017-02-15 11:07 - 00000874 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhraseExpress.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-14 08:19 - 2016-10-01 16:08 - 00097857 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2017-03-14 08:19 - 2016-08-03 16:07 - 00138054 _____ C:\WINDOWS\ZAM.krnl.trace
2017-03-14 08:03 - 2015-07-23 16:51 - 00000000 ____D C:\Users\Rudi\Desktop\Foto
2017-03-14 07:52 - 2016-10-31 11:22 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-14 07:28 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-14 07:28 - 2016-07-16 18:47 - 00000000 ____D C:\Program Files\WindowsApps
2017-03-14 07:25 - 2016-11-01 02:15 - 00759728 _____ C:\WINDOWS\system32\perfh007.dat
2017-03-14 07:25 - 2016-11-01 02:15 - 00154462 _____ C:\WINDOWS\system32\perfc007.dat
2017-03-14 07:25 - 2016-10-31 11:24 - 01757026 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-03-14 07:22 - 2013-01-31 19:35 - 00000788 _____ C:\Users\Rudi\AppData\Roaming\AtomicAlarmClock.ini
2017-03-14 07:21 - 2016-10-31 11:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-14 07:21 - 2016-10-31 11:23 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-14 07:21 - 2016-01-28 19:53 - 00000000 _____ C:\WINDOWS\system32\Drivers\lvuvc.hs
2017-03-13 20:42 - 2016-07-16 13:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2017-03-13 19:09 - 2016-12-28 20:23 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-13 12:45 - 2017-01-30 17:11 - 00000000 ____D C:\Users\Rudi\Desktop\9
2017-03-12 20:47 - 2016-10-31 11:22 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2017-03-12 14:38 - 2012-12-23 17:30 - 00000000 ____D C:\Users\Rudi\Desktop\Utilities
2017-03-12 14:36 - 2017-01-10 09:31 - 00000000 ____D C:\Program Files\CCleaner
2017-03-12 14:36 - 2016-10-31 11:25 - 00000000 ____D C:\Users\Rudi
2017-03-12 14:36 - 2012-12-26 04:13 - 00000000 ____D C:\ProgramData\Ashampoo
2017-03-12 14:30 - 2017-01-17 13:04 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\krb
2017-03-12 14:29 - 2016-12-22 20:35 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Google Chrome
2017-03-12 14:04 - 2013-02-26 05:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-12 13:41 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-12 11:24 - 2012-12-23 18:28 - 00000000 ____D C:\Users\Rudi\Desktop\1
2017-03-10 10:50 - 2016-09-17 14:04 - 00000000 ____D C:\Users\Rudi\AppData\Local\Abelssoft
2017-03-10 07:17 - 2016-08-26 13:00 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-09 12:18 - 2013-02-02 08:17 - 00000000 ____D C:\Users\Rudi\AppData\Local\ElevatedDiagnostics
2017-03-08 08:58 - 2012-12-24 11:48 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\vlc
2017-03-08 08:51 - 2017-02-09 11:19 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\dvdcss
2017-03-07 20:33 - 2015-09-30 19:49 - 00000000 ____D C:\ProgramData\TEMP
2017-03-07 13:36 - 2016-07-09 08:25 - 00000000 ____D C:\Users\Rudi\Desktop\Internet
2017-03-07 07:34 - 2012-12-23 17:30 - 00000000 ____D C:\Users\Rudi\Desktop\Favoriten
2017-03-06 15:27 - 2012-12-31 09:23 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\calibre
2017-03-05 18:06 - 2015-04-18 06:51 - 00000000 ____D C:\AdwCleaner
2017-03-05 17:58 - 2017-01-01 14:26 - 00000000 ____D C:\Users\Rudi\AppData\LocalLow\Mozilla
2017-03-04 16:26 - 2015-07-18 07:55 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\962C492D-EA7D-4B2D-AEBD-797E18FE960A
2017-03-04 16:22 - 2016-08-20 10:01 - 00000000 ____D C:\Users\Rudi\Desktop\Media
2017-03-04 16:14 - 2012-12-25 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Topaz Labs
2017-03-04 16:14 - 2012-12-25 14:25 - 00000000 ____D C:\Program Files\Common Files\Topaz Labs
2017-03-04 15:48 - 2016-08-12 09:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2017-03-04 15:48 - 2016-08-12 09:56 - 00000000 ____D C:\ProgramData\Freemake
2017-03-03 18:11 - 2012-12-25 05:26 - 00000000 ____D C:\Program Files\Common Files\Adobe
2017-03-01 06:42 - 2016-10-31 11:22 - 06072576 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-02-27 14:32 - 2016-12-20 21:16 - 00000000 ____D C:\Users\Public\Documents\Adobe
2017-02-27 14:29 - 2016-09-27 09:39 - 00063042 _____ C:\Users\Rudi\Documents\MuseLog.txt
2017-02-26 17:51 - 2011-04-12 15:28 - 00000000 ____D C:\WINDOWS\CSC
2017-02-26 17:50 - 2016-07-16 18:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-26 16:33 - 2016-12-21 15:03 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2017-02-26 15:28 - 2016-12-28 11:53 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{70873BFD-9BBF-42E9-BD13-632471A738CD}
2017-02-25 16:35 - 2016-07-16 18:45 - 00000000 ____D C:\WINDOWS\INF
2017-02-23 18:51 - 2012-12-24 13:01 - 00000000 ____D C:\Users\Rudi\Desktop\Drucken
2017-02-22 16:35 - 2017-01-27 08:21 - 00003272 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2017-02-22 16:35 - 2016-01-28 20:42 - 00002425 _____ C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-02-22 16:35 - 2016-01-28 20:42 - 00000000 ___RD C:\Users\Rudi\OneDrive
2017-02-20 21:19 - 2016-11-01 02:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-02-20 21:19 - 2016-07-16 18:47 - 00000000 ____D C:\WINDOWS\Globalization
2017-02-19 12:27 - 2016-06-18 10:01 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps
2017-02-19 10:23 - 2012-12-23 13:45 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2017-02-15 14:31 - 2016-11-09 04:55 - 00000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000.job
2017-02-15 14:31 - 2016-11-09 04:55 - 00000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000.job
2017-02-15 14:31 - 2016-08-26 13:00 - 00001226 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2017-02-15 14:19 - 2017-02-01 07:57 - 00002636 _____ C:\WINDOWS\System32\Tasks\waygyehb
2017-02-15 14:19 - 2016-11-09 04:55 - 00003322 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000
2017-02-15 14:18 - 2017-01-10 09:32 - 00002278 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2017-02-15 14:18 - 2016-11-09 04:55 - 00003226 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000
2017-02-15 14:18 - 2016-10-31 11:42 - 00003800 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2017-02-15 12:56 - 2017-02-01 07:57 - 00000000 __SHD C:\Users\Rudi\waygyehb
2017-02-15 12:56 - 2016-12-28 20:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phase One
2017-02-15 12:56 - 2016-10-31 11:25 - 00000000 ____D C:\Users\DefaultAppPool
2017-02-15 12:56 - 2016-10-31 11:25 - 00000000 ____D C:\Users\Administrator
2017-02-15 12:56 - 2012-12-26 15:44 - 00000000 ____D C:\ProgramData\Xara
2017-02-15 12:56 - 2012-12-26 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xara
2017-02-15 12:50 - 2017-02-11 13:06 - 00000000 ____D C:\Users\Rudi\AppData\Roaming\Phase One Media Pro
2017-02-15 12:50 - 2017-02-11 13:04 - 00000000 ____D C:\Program Files (x86)\Phase One
2017-02-15 12:50 - 2013-01-26 09:35 - 00000000 ____D C:\ProgramData\ABBYY
2017-02-15 12:50 - 2012-12-25 16:11 - 00000000 ____D C:\Users\Rudi\AppData\Local\Xara
2017-02-12 11:44 - 2014-09-17 13:32 - 00000000 ____D C:\Users\Rudi\AppData\Local\ABBYY

==================== Files in the root of some directories =======

2011-01-12 02:00 - 2011-01-12 02:00 - 0146944 _____ () C:\Program Files (x86)\Common Files\dsfFLACDecoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0221184 _____ () C:\Program Files (x86)\Common Files\dsfFLACEncoder.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0204800 _____ () C:\Program Files (x86)\Common Files\dsfNativeFLACSource.dll
2012-05-11 14:16 - 2012-05-11 14:16 - 0171520 _____ () C:\Program Files (x86)\Common Files\dsfOggDemux2.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0240128 _____ () C:\Program Files (x86)\Common Files\dsfVorbisDecoder.dll
2016-08-29 09:13 - 2016-08-29 09:13 - 21874200 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2009-07-11 23:08 - 2009-07-11 23:08 - 0001860 _____ () C:\Program Files (x86)\Common Files\Microsoft.VC90.CRT.manifest
2011-04-18 22:51 - 2011-04-18 22:51 - 0569680 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCP90.dll
2011-04-18 22:51 - 2011-04-18 22:51 - 0653136 _____ (Microsoft Corporation) C:\Program Files (x86)\Common Files\MSVCR90.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0412672 _____ (Google) C:\Program Files (x86)\Common Files\vp8decoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0701440 _____ (Google) C:\Program Files (x86)\Common Files\vp8encoder.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0302592 _____ (Google) C:\Program Files (x86)\Common Files\webmmux.dll
2010-12-16 21:39 - 2010-12-16 21:39 - 0292352 _____ (Google) C:\Program Files (x86)\Common Files\webmsplit.dll
2011-01-12 02:00 - 2011-01-12 02:00 - 0030208 _____ () C:\Program Files (x86)\Common Files\wmpinfo.dll
2013-01-31 19:56 - 2016-08-03 18:45 - 0000000 _____ () C:\Users\Rudi\AppData\Roaming\alarms.ini
2013-01-31 19:35 - 2017-03-14 07:22 - 0000788 _____ () C:\Users\Rudi\AppData\Roaming\AtomicAlarmClock.ini
2015-08-13 16:02 - 2015-08-13 16:02 - 5082084 _____ (The Public) C:\Users\Rudi\AppData\Roaming\Avisynth.exe
2015-08-13 16:03 - 2015-08-13 16:03 - 5243208 _____ (                                                            ) C:\Users\Rudi\AppData\Roaming\AvsP.exe
2013-10-06 14:46 - 2013-10-06 15:01 - 0008605 _____ () C:\Users\Rudi\AppData\Roaming\ContactSheetII.log
2016-11-10 11:39 - 2016-11-10 11:39 - 0937776 _____ (AutoIt Team) C:\Users\Rudi\AppData\Roaming\FhcV.exe
2013-07-01 08:38 - 2013-07-01 08:38 - 0000010 _____ () C:\Users\Rudi\AppData\Roaming\hhxprot5
2016-02-28 09:17 - 2016-02-28 09:17 - 0000010 _____ () C:\Users\Rudi\AppData\Roaming\hhxprot6
2014-06-08 10:05 - 2016-01-20 21:38 - 0002937 _____ () C:\Users\Rudi\AppData\Roaming\Image Processor Pro.log
2014-11-09 20:56 - 2016-01-20 21:38 - 0002180 _____ () C:\Users\Rudi\AppData\Roaming\Image Processor Pro.xml
2015-08-13 16:02 - 2015-08-13 16:02 - 2169915 _____ (LIGHTNING UK!) C:\Users\Rudi\AppData\Roaming\Imgburn.exe
2012-12-26 03:20 - 2012-12-26 03:20 - 0012971 _____ () C:\Users\Rudi\AppData\Roaming\Kommagetrennte Werte (DOS).CAL
2013-08-31 18:03 - 2016-03-19 12:52 - 0009320 _____ () C:\Users\Rudi\AppData\Roaming\Kommagetrennte Werte (DOS).EML
2013-10-06 14:46 - 2013-10-06 15:01 - 0000684 _____ () C:\Users\Rudi\AppData\Roaming\Kontaktabzug II.xml
2015-08-13 16:03 - 2015-08-13 16:03 - 1357348 _____ () C:\Users\Rudi\AppData\Roaming\MatroskaSplitter.exe
2015-09-29 19:03 - 2016-03-19 12:52 - 0009317 _____ () C:\Users\Rudi\AppData\Roaming\Microsoft Excel 97-2003.EML
2016-07-06 12:14 - 2016-07-06 12:14 - 0000032 _____ () C:\Users\Rudi\AppData\Roaming\New text document.txt
2015-02-08 11:10 - 2016-12-18 22:02 - 0000166 _____ () C:\Users\Rudi\AppData\Roaming\PLGComp.ini
2015-09-19 09:52 - 2015-09-27 16:37 - 0000622 _____ () C:\Users\Rudi\AppData\Roaming\PS13_panel.log
2012-12-25 17:47 - 2015-06-02 14:21 - 0002910 _____ () C:\Users\Rudi\AppData\Roaming\RUDI-PC.MTBF.txt
2015-08-13 16:03 - 2015-08-13 16:03 - 7760687 _____ (Boraxsoft) C:\Users\Rudi\AppData\Roaming\SetupGFD.exe
2012-12-24 15:07 - 2013-02-08 05:45 - 0001158 _____ () C:\Users\Rudi\AppData\Roaming\ShiftN.ini
2013-07-01 08:40 - 2013-07-03 14:45 - 0000018 _____ () C:\Users\Rudi\AppData\Roaming\sys386ll.dat
2016-02-28 09:20 - 2016-02-28 09:20 - 0000018 _____ () C:\Users\Rudi\AppData\Roaming\sys386ln.dat
2013-01-07 00:23 - 2013-01-07 08:42 - 0001386 ___SH () C:\Users\Rudi\AppData\Roaming\systemFP.$dk
2016-03-03 11:09 - 2016-08-12 11:11 - 0000176 _____ () C:\Users\Rudi\AppData\Roaming\WB.CFG
2016-12-01 16:25 - 2016-12-01 16:25 - 1141760 _____ () C:\Users\Rudi\AppData\Roaming\WinWord.exe
2015-08-13 16:02 - 2015-08-13 16:03 - 0117723 _____ () C:\Users\Rudi\AppData\Roaming\yuvcodecs-1.3.exe
2012-12-25 17:47 - 2015-01-09 10:42 - 0000672 _____ () C:\Users\Rudi\AppData\Roaming\__AvidCloudManager.log
2012-12-25 17:47 - 2015-01-09 10:35 - 0000672 _____ () C:\Users\Rudi\AppData\Roaming\__AvidCloudManagerPrevious.log
2017-02-21 18:03 - 2017-02-21 18:03 - 0000010 _____ () C:\Users\Rudi\AppData\Local\.DG212F11-EC8C-210D-DE1E-D9584D18D740
2015-12-02 18:08 - 2016-11-13 13:22 - 0001078 _____ () C:\Users\Rudi\AppData\Local\297ee9cad53a5fc00aaa2013a9c17a85
2013-02-26 14:03 - 2016-12-17 09:05 - 0001456 _____ () C:\Users\Rudi\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2015-10-25 19:43 - 2016-11-14 14:26 - 0001078 _____ () C:\Users\Rudi\AppData\Local\d63cb09e00919dacd631ce4510c7086d
2012-12-25 17:59 - 2015-05-31 07:22 - 0013312 _____ () C:\Users\Rudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-04-10 05:39 - 2013-04-10 05:39 - 0000393 _____ () C:\Users\Rudi\AppData\Local\HamsterVideoConverterSettings.cfg
2013-02-20 17:19 - 2013-02-20 17:19 - 0000218 _____ () C:\Users\Rudi\AppData\Local\recently-used.xbel
2015-01-09 19:08 - 2015-07-18 08:57 - 0007625 _____ () C:\Users\Rudi\AppData\Local\Resmon.ResmonCfg
2013-02-02 03:12 - 2013-02-03 10:40 - 0212992 _____ () C:\Users\Rudi\AppData\Local\SageThumbs.db3
2013-01-07 09:02 - 2017-01-06 14:28 - 0000620 ___SH () C:\Users\Rudi\AppData\Local\settingsFL.dat
2013-01-07 08:59 - 2017-01-30 20:43 - 0001906 ___SH () C:\Users\Rudi\AppData\Local\win_fldb_sys.dat
2016-05-11 06:43 - 2017-01-30 20:41 - 0011781 ___SH () C:\Users\Rudi\AppData\Local\win_flfiles_sys.dat
2013-01-07 08:59 - 2017-01-30 20:41 - 0003465 ___SH () C:\Users\Rudi\AppData\Local\win_stlthdb_sys.dat
2014-10-22 19:54 - 2014-10-22 19:56 - 0000000 _____ () C:\Users\Rudi\AppData\Local\{333EDD24-946E-4FFE-BEAA-B16E439B8AEF}
2017-02-21 18:03 - 2017-02-21 18:03 - 0000010 _____ () C:\ProgramData\.D6E5339F-CB2B-32C1-CD2D-C0295C19C822
2017-02-21 21:30 - 2017-02-21 21:30 - 0000098 _____ () C:\ProgramData\.SF170
2015-12-05 16:48 - 2015-12-05 16:48 - 0004934 _____ () C:\ProgramData\mtbjfghn.xbe
2017-02-06 21:18 - 2012-08-31 14:08 - 0024772 _____ () C:\ProgramData\P1100DEF.css
2017-02-06 21:18 - 2017-02-06 21:18 - 0004174 _____ () C:\ProgramData\P1100OS.HTM
2017-02-06 21:18 - 2012-08-31 14:08 - 0002944 _____ () C:\ProgramData\P1100SIG.GIF
2015-03-02 10:16 - 2017-01-30 20:41 - 0002568 ___SH () C:\ProgramData\win_mpwd_sys.dat

Files to move or delete:
====================
C:\ProgramData\win_mpwd_sys.dat


Some files in TEMP:
====================
2017-03-11 17:09 - 2017-03-11 17:09 - 0040448 ____N () C:\Users\Rudi\AppData\Local\Temp\proxy_vole977337317339029466.dll
2017-02-27 07:27 - 2017-02-27 07:27 - 0307200 _____ (Eclipse Foundation) C:\Users\Rudi\AppData\Local\Temp\swt-win32-3347.dll
2015-02-13 23:38 - 2015-02-13 23:38 - 7188536 ____R (Microsoft Corporation) C:\Users\Rudi\AppData\Local\Temp\vcredist_x64.exe
2015-02-13 23:38 - 2015-02-13 23:38 - 6498200 ____R (Microsoft Corporation) C:\Users\Rudi\AppData\Local\Temp\vcredist_x86.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-08 17:30

==================== End of FRST.txt ============================
--- --- ---

--- --- ---

rudi1949 14.03.2017 08:50
Windows Firewall (Win10) deaktiviert sich und muß jedes mal mit der Maus aktiviert werden
 
Hier ist das 2. File

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Rudi (14-03-2017 08:19:56)
Running from Z:\Aktuelle Downloads
Windows 10 Pro Version 1607 (X64) (2016-10-31 04:43:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-595107073-3459872703-1893278198-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-595107073-3459872703-1893278198-503 - Limited - Disabled)
Guest (S-1-5-21-595107073-3459872703-1893278198-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-595107073-3459872703-1893278198-1003 - Limited - Enabled)
postgres (S-1-5-21-595107073-3459872703-1893278198-1005 - Limited - Enabled)
Rudi (S-1-5-21-595107073-3459872703-1893278198-1000 - Administrator - Enabled) => C:\Users\Rudi

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3D Sound Back Beta0.1 (HKLM-x32\...\{39DB116F-E088-486F-B13C-8925ECE7A6E5}) (Version: 0.1 - Realtek Semiconductor Corp.)
4Videosoft MKV Video Converter 5.0.8 (HKLM-x32\...\{D78503CE-97C0-4751-9DCC-F73222EB571E}_is1) (Version:  - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AAA Logo 2014 v4.11 FULL (HKLM-x32\...\AAA Logo 2014_is1) (Version:  - SWGSoft)
ABBYY FineReader 12 Professional (HKLM-x32\...\{F12000FE-0001-0000-0000-074957833700}) (Version: 12.0.501 - ABBYY Production LLC)
ACDSee Ultimate 9 (64-bit) (HKLM\...\{97EE2327-B39E-429C-970B-0DB6CBBEC8E1}) (Version: 9.3.0.674 - ACD Systems International Inc.)
Acronis True Image (HKLM-x32\...\{6C68FFAD-90B3-4DE1-B64A-3073CFFCCA70}Visible) (Version: 21.0.6116 - Acronis)
Acronis True Image (x32 Version: 21.0.6116 - Acronis) Hidden
Adobe Acrobat DC (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0C0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 23.0.0.257 - Adobe Systems Incorporated)
Adobe Audition CC 2017 (HKLM-x32\...\AUDT_10_0_1) (Version: 10.0.1 - Adobe Systems Incorporated)
Adobe Bridge CC (64 Bit) (HKLM-x32\...\{359F8007-6486-429C-A8C5-D67F6897C88C}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.9.5.353 - Adobe Systems Incorporated)
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2017 (HKLM-x32\...\DRWV_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 22 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe InDesign CC 2015 (HKLM-x32\...\{DBFD0312-6E55-1014-8952-E78D43BC0147}) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Installer 3.9.0.327 (HKLM-x32\...\Adobe Installer 3.9.0.327) (Version: 3.9.0.327 - Adobe Systems Incorporated)
Adobe Muse CC 2015 (HKLM-x32\...\MUSE_2015_2_1) (Version: 2015.2.1.21 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015.5 (HKLM-x32\...\PHSP_17_0_1) (Version: 17.0.1 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.7.1 64-bit (HKLM\...\{BC86B82C-8C0E-4408-9AC1-6B0F2D636963}) (Version: 5.7.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.5.195 - Adobe Systems, Inc.)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 8.0 - PainteR)
Adobe® Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 3.4.3 - Adobe Systems, Incorporated)
Affinity Photo Trial (HKLM\...\{8FD1B683-89C5-4E7D-838A-9AADE52734F5}) (Version: 1.5.1.54 - Serif (Europe) Ltd)
AIS Aircard Connection (HKLM-x32\...\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}) (Version: 1.0.0.1 - )
Alien Skin Exposure 7 (HKLM\...\Alien Skin Exposure 7) (Version:  - Alien Skin)
AllDup 3.4.13 (HKLM-x32\...\AllDup_is1) (Version: 3.4.13 - Michael Thummerer Software Design)
Amberlight (HKLM\...\Amberlight_is1) (Version: 1.2.1 - Escape Motions, s.r.o)
android converter 2 (x32 Version: 2.0.5380.18781 - Engelmann Media GmbH) Hidden
android converter 2 Free (HKLM-x32\...\{c41dcb09-3536-484f-b555-4d8a1c8becde}) (Version: 2.0.5380.18832 - Engelmann Media GmbH)
ANIWZCS2 Service (HKLM-x32\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Anti Ransomware 2017 (HKLM-x32\...\AbAppId-82_is1) (Version: 17.04 - Abelssoft)
AntiBrowserSpy (HKLM-x32\...\{F78B5B4F-075A-4C81-AA27-E707861EB5B7}_is1) (Version: 173 - Abelssoft)
AntiLogger (HKLM-x32\...\AntiLogger) (Version:  - Zemana Ltd.)
AntiLogger (x32 Version: 1.9.3.502 - Zemana Ltd.) Hidden
AnvSoft Photo Slideshow Maker Platinum 5.53 (HKLM-x32\...\AnvSoft Photo Slideshow Maker Platinum) (Version: 5.53 - AnvSoft, Inc.)
AnySend 1.0.18.0 (x64) (HKLM\...\{7203C44E-08F7-471D-8C9B-349A0D17506F}) (Version: 1.0.18.0 - ClickMeIn Limited)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AquaSoft DiaShow 7 Blue Net (HKLM-x32\...\AquaSoft DiaShow 7 Blue Net) (Version: 7.7.11 - AquaSoft)
AquaSoft DiaShow 7 Blue Net (x32 Version: 7.7.11 - AquaSoft) Hidden
Artensoft Photo Collage Maker 1.3.74 RePack (HKLM\...\Artensoft Photo Collage Maker_is1) (Version: 1.3.74 - Artensoft)
Artensoft Photo Mosaic Wizard (HKLM\...\Artensoft Photo Mosaic Wizard_is1) (Version: 1.6 - Artensoft)
Artensoft Tilt Shift Generator (HKLM\...\Artensoft Tilt Shift Generator_is1) (Version: 1.2 - Artensoft)
Artisteer 4 (HKLM-x32\...\Artisteer 4) (Version: 4.3 - Extensoft)
ArtRage Studio Pro (HKLM-x32\...\{FFEFA415-4970-4575-A87B-41123B08B680}) (Version: 3.5.0 - Ambient Design)
Ashampoo Burning Studio 18 (HKLM-x32\...\{91B33C97-AF35-C3DC-976E-8A253D817482}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Ashampoo Burning Studio 2017 (HKLM-x32\...\{91B33C97-C878-6579-69BA-23E5405C7AAB}_is1) (Version: 18.0.0 - Ashampoo GmbH & Co. KG)
Atomic Alarm Clock 5.91 (HKLM\...\Atomic Alarm Clock_is1) (Version:  - Drive Software Company)
Aurora 3D Text & Logo Maker version 12.08.31 (HKLM-x32\...\{4F6B6582-B9F6-42B2-AAFC-48E097D07837}_is1) (Version: 12.08.31 - Aurora3D Software)
Ausschneiden 3.0 (HKLM-x32\...\{829CAB57-8D17-49F8-A5B0-302B501FCEC2}) (Version: 7.03.0 - InPixio)
Auto FX Free (HKLM\...\{CA3BE898-945B-4E25-AA73-22557338BF4B}) (Version: 3.1.0 - Auto FX Software)
Avanquest Message (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\{20573C69-4A68-4BEF-A23D-365CB66924CE}) (Version: 2.06.0 - Avanquest Software)
Avid Studio (HKLM-x32\...\{B35DC076-CEF2-4631-9EF7-45380E27C841}) (Version: 1.0.0.2804 - Avid)
Avira Secure Backup 1.0.0 (HKLM\...\Avira Secure Backup) (Version: 1.0.0 - Avira Secure Backup)
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
BenVista PhotoZoom Pro 6.0.4 (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\PhotoZoom Pro 6) (Version: 6.0.4 - BenVista Ltd.)
BenVista PhotoZoom Pro 7.0.2 (HKLM\...\PhotoZoom Pro 7) (Version: 7.0.2 - BenVista Ltd.)
Bitcoin Core (64-bit) (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Bitcoin Core (64-bit)) (Version: 0.13.2 - Bitcoin Core project)
Blackmagic Fusion (HKLM\...\{8DF42D7E-19AA-4057-80CE-1E667ED39839}) (Version: 8.2 - Blackmagic Design)
BusinessCards MX (HKLM-x32\...\{0D5B5ED2-3E38-4585-B1F3-64B2A9EA95D6}_is1) (Version: 4.93 - MOJOSOFT)
calibre (HKLM-x32\...\{FDE8FDFF-7B95-4235-BB3F-AE63397864C9}) (Version: 0.8.46 - Kovid Goyal)
Camtasia Studio 7 (HKLM-x32\...\{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}) (Version: 7.1.1 - TechSmith Corporation)
Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version:  - )
Canon RAW Codec (HKLM-x32\...\Canon RAW Codec) (Version: 1.7.0.56 - Canon Inc.)
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Capture One 10.0 (HKLM\...\CaptureOne10_is1) (Version: 10.0.0.225 - Phase One A/S)
CCleaner (HKLM\...\CCleaner) (Version: 5.23 - Piriform)
Chief Architect Interiors X5 Trial Version (HKLM-x32\...\{386D72CE-8916-4364-83B3-382039106DA3}) (Version: 15.2.1.0 - Chief Architect)
Cisco WebEx Meetings (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\ActiveTouchMeetingClient) (Version:  - Cisco WebEx LLC)
Citrix Online Launcher (HKLM-x32\...\{75FCE33E-4E0C-4CE1-ADF0-75F258DF27A0}) (Version: 1.0.445 - Citrix)
Color Cone 1.1 (HKLM\...\{9206FF92-3C83-4808-ADE7-0B3FDE55FF04}_is1) (Version: 1.1 - Picture Instruments)
Color Efex Pro 3.0 Standard (HKLM-x32\...\Color Efex Pro 3.0 Stand-Alone Standard) (Version: 3.1.0.9 - Nik Software, Inc.)
Color Efex Pro 4 (HKLM-x32\...\Color Efex Pro 4) (Version: 4.0.0.0 - Nik Software, Inc.)
COLOR projects professional (64-Bit) (HKLM\...\COLOR_PROJECTS_1_3_C935FDA1_is1) (Version: 1.13 - Franzis Verlag GmbH)
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
concept/design onlineTV 8 (HKLM-x32\...\{D2AC7034-15AC-4F62-85BD-1E48021E45D6}_is1) (Version: 8.5.0.10 - concept/design GmbH)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
Coolmuster Android Assistant (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\Coolmuster Android Assistant) (Version: 1.9.72 - Coolmuster)
Corel Graphics - Windows Shell Extension (HKLM\...\_{3CAAE169-6001-48ED-B2C6-5B6F511552FD}) (Version: 18.0.0.448 - Corel Corporation)
CorelDRAW Graphics Suite X7 (64-Bit) (HKLM\...\_{5CB73140-806C-42C6-A05A-1AFD0E92DEB5}) (Version: 17.1.0.572 - Corel Corporation)
Creative Audio-Systemsteuerung (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
Creative Pack Volume 1 (HKLM-x32\...\{05181A78-3BA6-4B63-BCE8-888A4BCAACFA}) (Version: 3.0.0 - Avid Technology, Inc.)
Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version:  - )
Creative Systeminformationen (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
CutOut 5.0 professional (HKLM\...\CutOut 5 professional_is1) (Version: 5.0 - Franzis.de)
CyberLink PhotoDirector 6 (HKLM-x32\...\{6B684CDB-7255-4e46-9AB1-1D2F2D5540B3}) (Version: 6.0.7307.0 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1312.54 - CyberLink Corp.)
DATA BECKER CD-DVD Druckerei 7 (HKLM-x32\...\CD-DVD Druckerei 7_is1) (Version: 7.50.0.30 - DATA BECKER GmbH & Co. KG)
DENOISE projects professional (64-Bit) (HKLM\...\DENOISE_PROJECTS_1_3_FBC348A0_is1) (Version: 1.17 - Franzis Verlag GmbH)
DesignPro 5 (x32 Version: 5.0.1056 - Avery Dennison) Hidden
Dfine 2.0 (HKLM-x32\...\Dfine 2.0) (Version: 2.002 - Nik Software, Inc.)
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC)
D-Link Wireless G DWA-110 (HKLM-x32\...\{5F753314-628E-4C13-B8AE-BFA7FD514CBE}) (Version:  - D-Link)
Driver Magician 4.9 (HKLM-x32\...\Driver Magician_is1) (Version:  - GoldSolution Software, Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Duden-Bibliothek (HKLM-x32\...\{5C81B189-5456-40C4-9313-7FE6FA6DD64C}) (Version: 5.1.0 - Bibliographisches Institut GmbH)
DxO OpticsPro 11.0.0.11397 (HKLM-x32\...\DxO OpticsPro 11.0.0.11397) (Version: 11.0.0.11397 - dxo)
DxO ViewPoint 2 (HKLM\...\{5602DC38-848F-42BD-B764-4BE48E9E7623}) (Version: 2.1.39.0 - DxO Labs)
Etiketten DruckStudio (HKLM-x32\...\{7638B473-70B0-4A08-8B98-A3E5BDDBDDB3}_is1) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.115 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.115 - Etron Technology) Hidden
Extensis Suitcase Fusion 6 (HKLM-x32\...\{A93F43E0-9811-48FA-91C7-58FA3069961C}) (Version: 17.0.0 - 2014 Celartem, Inc. d.b.a Extensis All rights reserved)
Eye4 1.3.0.85 (HKLM-x32\...\{DE24BB52-3A46-4ED1-8E57-41E724F6BC74}_is1) (Version:  - Shenzhen VStarcam Technology Co., Ltd)
FaxMail for Windows (HKLM-x32\...\FaxMail for Windows) (Version:  - ElectraSoft)
ffdshow x64 v1.3.4500 [2013-01-06] (HKLM\...\ffdshow64_is1) (Version: 1.3.4500.0 - )
FileZilla Client 3.21.0 (HKLM-x32\...\FileZilla Client) (Version: 3.21.0 - Tim Kosse)
Filmmaker's Toolkit for Studio (HKLM-x32\...\InstallShield_{4CF172C5-F121-41FA-B0B0-0D49840BF003}) (Version: 1.00.0000 - Red Giant)
Filmmaker's Toolkit for Studio (x32 Version: 1.00.0000 - Red Giant) Hidden
FinePrint (HKLM\...\FinePrint) (Version:  - )
FixFoto 3.00 (HKLM-x32\...\FixFoto_is1) (Version:  - Joachim Koopmann Software)
Focus Magic 4.02 (HKLM-x32\...\Focus Magic_is1) (Version: 4.02 - Acclaim Software Ltd)
FOCUS projects 3 professional (64-Bit) (HKLM\...\FOCUS_PROJECTS_3_3_EDC5B478_is1) (Version: 3.25 - Franzis Verlag GmbH)
FOCUS projects professional (64-Bit) (HKLM\...\FOCUS_PROJECTS_1_3_EDC5B478_is1) (Version: 1.15 - Franzis Verlag GmbH)
FontExpert 2014 Font Manager (HKLM-x32\...\FontExpert 2014) (Version: 12.0.0.2 - Proxima Software)
FotoBeschriften 5.3.5.435 (HKLM-x32\...\FotoBeschriften_is1) (Version: 5.3.5.435 - SpeedySoft)
FRANZIS onlineTV 8 (HKLM-x32\...\{CBC88F0E-1960-4AC3-8C38-8BAD44E3F6E3}_is1) (Version: FRANZIS onlineTV 8 - FRANZIS Verlag GmbH)
Free Monitor for Google 2.5 (HKLM-x32\...\Free Monitor for Google_is1) (Version:  - CleverStat)
Freemake Video Converter Version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
freenet Cloud (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\freenet Cloud) (Version: 1.00.00.81 - freenet cloud)
GeoSetter 3.4.16 (HKLM-x32\...\GeoSetter_is1) (Version:  - Friedemann Schmidt)
Ghostscript GPL 8.64 (Msi Setup) (HKLM-x32\...\_{06CD45E6-FF5E-4D8E-BC01-B276A90DADF2}) (Version: 8.64 - Corel Corporation)
Ghostscript GPL 8.64 (Msi Setup) (x32 Version: 8.64 - Corel Corporation) Hidden
Gmail Notifier Pro (HKLM-x32\...\{E0A41B1B-8D69-40C5-BAEA-1ADC11281E89}) (Version: 4.6.2.0 - IntelliBreeze Software)
GnuCash 2.4.11 (HKLM-x32\...\GnuCash_is1) (Version:  - GnuCash Development Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
GoToMeeting 7.27.0.5922 (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\GoToMeeting) (Version: 7.27.0.5922 - CitrixOnline)
GUI for dvdauthor 1.07 (HKLM-x32\...\GUI for dvdauthor) (Version: 1.07 - Boraxsoft)
Hallmark Card Studio 2015 Bonus Pack (HKLM-x32\...\{2C69ABC9-55B7-410E-89AB-4CBD84D8D37B}) (Version: 1.0.0.1 - Creative Home)
Hallmark Card Studio 2015 Deluxe (HKLM-x32\...\{F2117332-1A36-4D3B-854D-A8D10735B4DF}) (Version: 16.0.0.11 - Creative Home)
Hamster Free Video Converter (HKLM\...\{7E350663-86D3-466A-AB79-28156A9ABF6E}_is1) (Version: 2.5.8.11 - Hamster Soft)
Helix YUV Codecs (remove only) (HKLM-x32\...\HelixYUVCodecs) (Version:  - )
Hetman FAT Recovery 2.1 (HKLM-x32\...\Hetman FAT Recovery) (Version:  - )
Hollywood FX Volumes 1-3 (HKLM-x32\...\{E3D181F8-246B-497F-945E-6DB98CBA6677}) (Version: 2.0.0 - Avid Technology, Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{3A1CB1B8-8646-41A0-B496-35DC48916904}) (Version: 12.4.18.7 - HP)
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Human Anatomy Atlas 3.0.1 (HKLM-x32\...\Human Anatomy Atlas 3.0.1) (Version:  - )
Image Trends' ShineOff Plug-In 1.0.2 (HKLM-x32\...\{022B0C16-18C9-464A-8BC6-2B2CC6342E5F}) (Version: 1.0.2 - Image Trends, Inc. )
Imagenomic Portraiture 2 Plug-in (build 2342) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Imagenomic Professional Plugin Suite (build 1409) (HKLM\...\ImagenomicNoisewarePlugin) (Version:  - )
IMatch 3.6 (HKLM-x32\...\{7AD57513-275F-458A-B1ED-C38049C318D2}) (Version: 3.36.50 - photools.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
INCENDIA EX VI (HKLM\...\12031B46-075F-4028-A7B6-CA6218BB65E2_is1) (Version:  - Incendia.Net)
Incomedia WebSite X5 v12 - Evolution (HKLM-x32\...\{B7B23A06-AD7B-4ADE-809C-E8E34676EE13}_is1) (Version: 12.0.9.30 - Incomedia s.r.l.)
Incomedia WebSite X5 v12 - Professional (HKLM-x32\...\{042C2A1D-2A0B-46E0-BAA1-60D62E33DB23}_is1) (Version: 12.0.5.22 - Incomedia s.r.l.)
InstaCards (HKLM-x32\...\{58259C24-7B5E-4977-93B0-E9EEA1B884CE}) (Version: 1.6.1 - Avanquest Software)
Intel(R) C++ Redistributables for Windows* on Intel(R) 64 (HKLM-x32\...\{D2437C5C-2D8C-40D2-8059-689AD7239FA3}) (Version: 11.1.048 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Chipsatz-Gerätesoftware (x32 Version: 10.1.1.14 - Intel(R) Corporation) Hidden
Internet Download Manager installer 6, 25, 25, 1 (HKLM-x32\...\Internet Download Manager installer 6, 25, 25, 1) (Version: 6, 25, 25, 1 - Tonec Inc.)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 101 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180101F0}) (Version: 8.0.1010.13 - Oracle Corporation)
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Kosmos Himmelsjahr 2017 (HKLM-x32\...\{0DDB261B-5B1A-45E2-81E5-31F0ADF506C3}) (Version: 1.0 - )
KronosFaktura 8.04 (HKLM-x32\...\KronosFaktura_is1) (Version:  - Kro4Pro)
L&H TTS3000 Deutsch (HKLM-x32\...\LHTTSGED) (Version:  - )
L&H TTS3000 Español (HKLM-x32\...\LHTTSSPE) (Version:  - )
L&H TTS3000 Français (HKLM-x32\...\LHTTSFRF) (Version:  - )
L&H TTS3000 Russian (HKLM-x32\...\LHTTSRUR) (Version:  - )
LastPass (Nur deinstallieren) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Lernout & Hauspie TruVoice American English TTS Engine (HKLM-x32\...\tv_enua) (Version:  - )
Livebrush Mini (HKLM-x32\...\com.livebrush.2205ABAA7E8202CDC1251B1FA1E879364B7BAB52.1) (Version: 1.5 - MoreMeYou)
Livebrush Mini (x32 Version: 1.5 - MoreMeYou) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7259) - Logitech Inc..)
Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.)
Logo Design Studio Pro (HKLM-x32\...\Logo Design Studio Pro 1.7.3) (Version: 1.7.3 - Summitsoft)
Logo Design Studio Pro (x32 Version: 1.7.3 - Summitsoft) Hidden
Logosmartz Logo Maker Software 10.0 (HKLM-x32\...\Logosmartz Logo Maker Software 10.0) (Version:  - )
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MAGIX Fotos auf DVD 2013 Deluxe (HKLM-x32\...\MAGIX_{57F4B170-E76D-47F9-B6BA-F3D4FB7445B6}) (Version: 12.0.0.75 - MAGIX AG)
MAGIX Fotos auf DVD 2013 Deluxe (Version: 12.0.0.75 - MAGIX AG) Hidden
MAGIX Fotostory easy (HKLM-x32\...\MX.{22455877-9905-429B-819A-57829CE55FDB}) (Version: 2.0.0.35 - MAGIX Software GmbH)
MAGIX Fotostory easy (Version: 2.0.0.35 - MAGIX Software GmbH) Hidden
MAGIX Movie Edit Pro 2013 (HKLM-x32\...\MAGIX_{895F56BC-FA27-4E59-B53D-E29A4B59F195}) (Version: 12.0.0.32 - MAGIX AG)
MAGIX Movie Edit Pro 2013 (Version: 12.0.0.32 - MAGIX AG) Hidden
MAGIX Video Pro X (HKLM\...\MX.{26CA1516-0839-4485-A111-0FD3E789E43D}) (Version: 15.0.0.56 - MAGIX Software GmbH)
MAGIX Video Pro X (Version: 15.0.0.56 - MAGIX Software GmbH) Hidden
MAGIX Video Pro X Update (Version: 15.0.2.72 - MAGIX Software GmbH) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Media Pro (HKLM-x32\...\{62F10A97-EBA2-461F-9BFE-0BAFC16E501A}) (Version: 1.4.5044.0 - Phase One)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{3FF70821-58E6-44DA-B512-095F547F3F18}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{B006B9E9-41DD-4479-9177-3743A53B7735}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{0536BCDF-7EF6-48F6-8765-A3C065A065A5}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{B0682940-6FFB-4850-80BA-B2FEF0D64BA8}) (Version: 2.0.20621.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{F21D2032-60FE-4729-9C87-46F1615FB965}) (Version: 4.0.1651.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20705.0) (Version: 4.0.20705.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office 2007 Primary Interop Assemblies (HKLM-x32\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Spanish/Español (HKLM-x32\...\Office14.OMUI.es-es) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Thai/ไทย (HKLM-x32\...\Office14.OMUI.th-th) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0407-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proofing Tools 2013 - Español (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\OneDriveSetup.exe) (Version: 17.3.6798.0207 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SQL Server 2012 PowerPivot for Excel  32-bit (HKLM-x32\...\{4CFC749F-E178-42C7-8095-796C5814C9C3}) (Version: 11.1.3129.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23918 (HKLM-x32\...\{dab68466-3a7d-41a8-a5cf-415e3ff8ef71}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23918 (HKLM-x32\...\{2e085fd2-a3e4-4b39-8e10-6b8d35f55244}) (Version: 14.0.23918.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft WSE 2.0 SP3 Runtime (HKLM-x32\...\{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}) (Version: 2.0.5050.0 - Microsoft Corp.)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
MonitorTest V3.2 (HKLM-x32\...\MonitorTest_is1) (Version: 3.2 - PassMark Software)
MoodTuner (HKLM-x32\...\com.gugga.radiomini) (Version: 1.1 - GUGA EOOD)
MoodTuner (x32 Version: 1.1 - GUGA EOOD) Hidden
Mozilla Firefox 51.0.1 (x64 de) (HKLM\...\Mozilla Firefox 51.0.1 (x64 de)) (Version: 51.0.1 - Mozilla)
MPEG Video Wizard DVD 5.0.1.111 (12/2014) (HKLM-x32\...\{9FD45917-95E6-449D-ACC9-01E634A34CBD}_is1) (Version: 5.0.1.111 - Womble Multimedia, Inc.)
MPEG Video Wizard DVD 5.0.1.111 (12/2014) (HKLM-x32\...\Mpeg Video Wizard DVD 5.0) (Version: 5.0.1.111 (12/2014) - Womble Multimedia, Inc.)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\MyFreeCodec) (Version:  - )
Neat Image v7.6.0 Pro plug-in for Photoshop (32-bit) (HKLM-x32\...\Neat Image plug-in for Photoshop (32-bit)_is1) (Version:  - Neat Image team, ABSoft)
Neat Image v7.6.0 Pro plug-in for Photoshop (64-bit) (HKLM\...\Neat Image plug-in for Photoshop_is1) (Version:  - Neat Image team, ABSoft)
Neat Video for Premiere (HKLM\...\Neat Video for Premiere_is1) (Version: 3.5 - ABSoft)
Network Recording Player (HKLM-x32\...\{BBD46C1C-CB49-4BE8-8306-E6F1607E93C6}) (Version: 31.7.2.15 - Cisco WebEx LLC)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
Nuke 10.0v5 (HKLM\...\Nuke 10.0v5_is1) (Version:  - The Foundry)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 342.01 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 342.01 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 342.01 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
ON1 Effects Free 10 (HKLM\...\ON1 Effects Free 10) (Version: 10.1.0 - ON1)
ON1 Photo 10 (HKLM\...\ON1 Photo 10 PE) (Version: 10.5.1 - ON1)
Open XML SDK 2.0 for Microsoft Office (HKLM-x32\...\{171D8D76-3F05-455A-A8AF-C561C2679905}) (Version: 2.0.5022 - Microsoft Corporation)
Open XML SDK 2.5 for Microsoft Office (HKLM-x32\...\{3EA16E23-14D2-466A-8268-D7CD40DC46B6}) (Version: 2.5.5631 - Microsoft Corporation)
OSFMount v1.5 (HKLM\...\OSFMount_is1) (Version: 1.5.1012 - Passmark Software)
Panda Antivirus Pro 2016 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 16.01.02.0000 - Panda Security)
Panda Antivirus Pro 2016 (Version: 8.21.00 - Panda Security) Hidden
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Panda Devices Agent (x32 Version: 1.03.07 - Panda Security) Hidden
Panda Devices Agent (x32 Version: 1.06.00 - Panda Security) Hidden
Paragon Backup and Recovery™ 16 (HKLM\...\{DADAA9CF-36B6-11E6-B0B5-005056C00008}) (Version: 10.28.101 - Paragon Software)
Paragon Partition Manager™ 15 Professional -nSane- (HKLM\...\{A35001F0-F1E4-11DD-A38B-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Pavtube HD Video Converter Ver 4.6.0.5344 (HKLM-x32\...\{3021E0C8-0021-4EA3-A8EC-7B87944A0B05}_is1) (Version:  - )
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PC-Bibliothek (HKLM-x32\...\PC-Bibliothek) (Version:  - )
PD Particles (HKLM-x32\...\ST5UNST #1) (Version:  - )
Perfect Portrait 2.0.1 (HKLM-x32\...\{22E1139E-1D55-4988-8F3C-23BB22F3D62D}) (Version: 2.0.1 - onOne Software)
Photo Calendar Studio (HKLM-x32\...\Photo Calendar Studio_is1) (Version: 1.18 - MOJOSOFT)
Photo Frame Studio (HKLM-x32\...\Photo Frame Studio_is1) (Version: 2.96 - MOJOSOFT)
Photo Ninja version 1.2.1 (HKLM-x32\...\{A7529D5D-2F7E-4AFC-B279-9CFE153474B8}_is1) (Version: 1.2.1 - PictureCode LLC)
Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version:  - Photodex Corporation)
Photomizer 3 (HKLM-x32\...\{94d8e633-0bdb-496d-aba3-00d9742577f1}) (Version: 3.0.5949.26767 - Engelmann Media GmbH)
Photomizer 3 (Version: 3.0.5949.26652 - Engelmann Media GmbH) Hidden
Photomizer Pro (HKLM-x32\...\{41B5224D-6857-4D8B-0001-C8949A33B608}) (Version: 2.0.14.110 - Engelmann Media GmbH)
Photomizer Retro (HKLM-x32\...\{41B5224D-7853-4EA5-0001-C8949A33B608}) (Version: 2.0.14.106 - Engelmann Media GmbH)
PhotoStage Diashow-Ersteller (HKLM-x32\...\PhotoStage) (Version: 3.28 - NCH Software)
PhraseExpress (HKLM-x32\...\{EC86A48F-B71C-4004-9531-674F07C86541}) (Version: 9.1.36 - Bartels Media GmbH)
Picture Collage Maker Pro 4.1.2 (HKLM-x32\...\{6D308A90-6C14-4A02-9B04-CB0EF17894A9}_is1) (Version: 4.1.2 - PearlMountain Technology Co., Ltd)
Portrait Professional Studi installer 10.9.5 (HKLM-x32\...\Portrait Professional Studi installer 10.9.5) (Version: 10.9.5 - Portrait Professional Studi)
Portrait Professional Studio 10.9 (HKLM-x32\...\Portrait Professional Studio 10 (Version: 10.9 - )
PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Premium Pack Volumes 1-2 (HKLM-x32\...\{88C4D8A6-9954-46A0-965D-92E55DAB8734}) (Version: 2.0.0 - Avid Technology, Inc.)
Proxy Rental (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\{75287708-9D20-4CD7-B5FE-FCC7D5F0AF07}_is1) (Version: 5.8.40 - Allied Way International Holdings Limited)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6738 - Realtek Semiconductor Corp.)
Recover My Files (HKLM-x32\...\Recover My Files_is1) (Version: 4.9.4.1343 - GetData Pty Ltd)
Recuva (HKLM\...\Recuva) (Version: 1.53 - Piriform)
Rename Master (HKLM-x32\...\Rename Master_is1) (Version:  - )
Revo Uninstaller Pro 3.0.8 (HKLM\...\Revo Uninstaller Pro PREACTIVATED by .:sHaRe:. @~1067B756_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
RGS Fotokalender 1.4.1 (HKLM-x32\...\{A5CA920A-0620-4937-89CA-02C51C841EB5}_is1) (Version:  - RoGaSoft)
RonyaSoft Poster Designer (Poster Forge) 2.02 (HKLM-x32\...\RonyaSoft Poster Designer (Poster Forge)) (Version: 2.02 - RonyaSoft)
RonyaSoft Poster Printer (ProPoster) 3.01 (HKLM-x32\...\RonyaSoft Poster Printer (ProPoster)) (Version: 3.01 - RonyaSoft)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
ScoreFitter Volumes 1-2 (HKLM-x32\...\{0FDA9ECA-6DA3-480E-B7A9-76F353AF6B6C}) (Version: 2.0.0 - Avid Technology, Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{F3E80B62-3C51-4940-A434-A1F517AB8D6A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-041E-0000-0000000FF1CE}_Office14.OMUI.th-th_{C3CE6665-BB17-4BC4-A332-7FDBDDDAA0E4}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0C0A-0000-0000000FF1CE}_Office14.OMUI.es-es_{18B9CFE9-6DD6-4C09-8146-F443DBBD62CF}) (Version:  - Microsoft)
Setup Application 3.9.0.17 (HKLM-x32\...\Setup Application 3.9.0.17) (Version: 3.9.0.17 - Tweaking.com)
SharewareOnSale Notifier (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\SharewareOnSale Notifier) (Version: 20 - SharewareOnSale)
Sharpener Pro 3.0 (HKLM-x32\...\Sharpener Pro 3.0) (Version: 3.0.0.1 - Nik Software, Inc.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Silver Efex Pro (HKLM-x32\...\Silver Efex Pro) (Version: 1.001 - Nik Software, Inc.)
Simply Good Pictures 4 Free (HKLM-x32\...\{41beccfc-71a7-4aba-8a48-3329bb75b549}) (Version: 4.0.5956.22106 - Engelmann Media GmbH)
Simply Good Pictures 4 Free (Version: 4.0.5956.22030 - Engelmann Media GmbH) Hidden
SmartSound Quicktracks Plugin (HKLM-x32\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.5.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (x32 Version: 3.0.5.0 - SmartSound Software Inc) Hidden
Snagit 12 (HKLM-x32\...\{8f4df1fe-49bb-4295-99d2-0e29ad8f99c6}) (Version: 12.2.0.1656 - TechSmith Corporation)
Snagit 12 (x32 Version: 12.2.0 - TechSmith Corporation) Hidden
SNS-HDR Home v1.4.22 (HKLM\...\SNS-HDR Home_is1) (Version:  - Sebastian Nibisz)
SNS-HDR Pro 2.0 Alpha 3 (HKLM\...\snshdrpro2_is1) (Version:  - Sebastian Nibisz)
SNS-HDR Pro v1.x.1 (HKLM\...\test_is1) (Version:  - Sebastian Nibisz)
Softwarenetz Haushaltsbuch6 (HKLM-x32\...\Haushaltsbuch6) (Version:  - Softwarenetz)
Sound Blaster 5.1 VX (HKLM-x32\...\{BBCC4C9A-14C9-4EE4-9099-DB2C7316666B}) (Version: 1.0 - Creative Technology Limited)
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version:  - )
StartupStar (HKLM-x32\...\{C8A6121E-BE35-418D-91EF-A9536DA70B36}_is1) (Version: 7.02 - Abelssoft)
Steganos Safe 17 (HKLM-x32\...\{F5545FAD-705B-4252-B7DD-E437044A15E1}) (Version: 17.1.2 - Steganos Software GmbH)
SUPER © +Recorder.2013.55 (Mar 7, 2013) Version +Recorder.2013. (HKLM-x32\...\{8F3A1F92-C29F-4DF9-8459-B739A4831C69}_is1) (Version: +Recorder.2013.55 - eRightSoft)
SUPER © v2016.Build.69+3D+Recorder (2016/04/02) Version v2016.B (HKLM-x32\...\{CB93965C-C24C-437D-839B-285188F22F11}_is1) (Version: v2016.Build.69+3D+Recorder - eRightSoft)
Super Unit Converter 1.2.1 (HKLM-x32\...\{37FA7D0E-01A0-4C75-B41B-521D635B5977}_is1) (Version:  - zxt2007.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Themler (HKLM-x32\...\Themler) (Version: 1.0 - Themler)
TimOnize deinstalieren (HKLM-x32\...\Timo10-u) (Version:  - )
Title Extreme (HKLM-x32\...\{F7214014-27EE-4237-9978-2F9D1551559B}) (Version: 2.0.0 - Avid Technology, Inc.)
TKexe (HKLM-x32\...\Kalender) (Version:  - )
TKexe designer 64 Bit (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\20fa2c0f7916925a) (Version: 2.0.1.31 - TKexe Printservice)
Topaz B&W Effects (HKLM-x32\...\Topaz BW Effects 2) (Version: 2.1.0 - Topaz Labs, LLC)
Topaz Clarity (HKLM-x32\...\Topaz Clarity) (Version: 1.0.0 - Topaz Labs, LLC)
Topaz Clean 3 (64-bit) (HKLM-x32\...\Topaz Clean 3 (64-bit)) (Version: 3.0.2 - Topaz Labs)
Topaz Clean 3 (64-bit) (Version: 3.0.2 - Topaz Labs) Hidden
Topaz Clean 3 (x32 Version: 3.0.2 - Topaz Labs) Hidden
Topaz Detail 3 (HKLM-x32\...\Topaz Detail 3) (Version: 3.3.0 - Topaz Labs, LLC)
Topaz Fusion Express 2 (64-bit) (HKLM-x32\...\Topaz Fusion Express 2 (64-bit)) (Version: 2.0.1 - Topaz Labs)
Topaz Fusion Express 2 (64-bit) (Version: 2.0.1 - Topaz Labs) Hidden
Topaz Fusion Express 2 (x32 Version: 2.0.1 - Topaz Labs) Hidden
Topaz ReMask 3 (64-bit) (HKLM-x32\...\Topaz ReMask 3 (64-bit)) (Version: 3.1.0 - Topaz Labs)
Topaz ReMask 3 (64-bit) (Version: 3.1.0 - Topaz Labs) Hidden
Topaz ReMask 3 (x32 Version: 3.1.0 - Topaz Labs) Hidden
Topaz Simplify 4 (HKLM-x32\...\Topaz Simplify 4) (Version: 4.0.0 - Topaz Labs, LLC)
Topaz Star Effects (64-bit) (HKLM-x32\...\Topaz Star Effects (64-bit)) (Version: 1.1.0 - Topaz Labs)
Topaz Texture Effects 2 (HKLM-x32\...\Topaz Texture Effects 2) (Version: 2.0.0 - Topaz Labs, LLC)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Total Video Converter 3.71 100812 (HKLM-x32\...\Total Video Converter 3.71_is1) (Version:  - EffectMatrix Inc.)
TreeSize Professional V6.0.3 (64 bit) (HKLM\...\TreeSize Professional_is1) (Version: 6.0.3 - JAM Software)
TVPaint Animation 10.0 Professional Edition (32bits) (DEMO) (remove only) (HKLM-x32\...\TVP Animation 10 Pro DEMO) (Version:  - )
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.9.17 - Tweaking.com)
TwistedBrush Pro Studio (HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\TwistedBrush Pro Studio) (Version:  - )
Typograf 5.1f (HKLM-x32\...\Typograf) (Version: 5.1f - Neuber Software)
UltraEdit (HKLM-x32\...\InstallShield_{635A6AF2-63AF-4C1C-AF57-BDC8AF6D397D}) (Version: 18.00.1029 - IDM Computer Solutions, Inc.)
UltraEdit (x32 Version: 18.00.1029 - IDM Computer Solutions, Inc.) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)
Video Player 2.0.0.2 (HKLM-x32\...\Video Player_is1) (Version:  - *) <==== ATTENTION
Videomizer 2 (HKLM-x32\...\{B84CB121-58A9-4D5E-0001-805171E318F3}) (Version: 2.0.16.504 - Engelmann Media GmbH)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Viveza (HKLM-x32\...\Viveza) (Version: 1.003 - Nik Software, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
VSO Downloader 4.2.6.2 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.2.6.2 - VSO Software)
VSO EVE Network Driver version 1.0.0.27 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.27 - VSO Software)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
Webacappella Responsive Business (HKLM-x32\...\{597C60B4-1D6F-45E9-A689-3C643CF96069}) (Version: 1.3.27.0 - Intuisphere)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet IE Plugin (HKLM-x32\...\Wacom WebTabletPlugin for IE) (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (HKLM-x32\...\Wacom WebTabletPlugin for Netscape) (Version: 1.1.0.10 - Wacom Technology Corp.)
WIA-Loader 1.9.0.0 (HKLM-x32\...\WIA-Loader_is1) (Version:  - Patrick Mortara)
Windows 7 Codec Pack 3.4.0 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 3.4.0 - Windows 7 Codec Pack)
Windows Driver Package - Wacom (WacHidRouter) HIDClass  (08/19/2015 3.5.0.2) (HKLM\...\A08DEEC507912E009BF95801DC212677B966E495) (Version: 08/19/2015 3.5.0.2 - Wacom)
Windows Driver Package - Wacom Technology (wacomrouterfilter) Mouse  (08/19/2015 3.5.0.2) (HKLM\...\72C6F31798DC21C8B45A51ED47FDFA57B1B4C2A6) (Version: 08/19/2015 3.5.0.2 - Wacom Technology)
Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version:  - )
Windows-Treiberpaket - Leaf Imaging Ltd. Image  (12/03/2014 1.2.0.0) (HKLM\...\B758007C752D28F7C3542875CEEBDADCAE5941AE) (Version: 12/03/2014 1.2.0.0 - Leaf Imaging Ltd.)
Windows-Treiberpaket - Phase One / Mamiya V-Grip USB Driver (12/03/2014 1.2.0.0) (HKLM\...\3F504CC0B024052107934E093CC26DA720256A7A) (Version: 12/03/2014 1.2.0.0 - Phase One / Mamiya)
Windows-Treiberpaket - Phase One A/S (WinUSB) USBDevice  (12/03/2014 1.13.0.0) (HKLM\...\7C6570ABBEB2F08EFBC23ED7925AE72DA6167BD8) (Version: 12/03/2014 1.13.0.0 - Phase One A/S)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Winpower (HKLM-x32\...\Winpower) (Version: 3.6.0.3 - )
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
Xiph.Org Open Codecs 0.85.17777 (HKLM-x32\...\Open Codecs) (Version: 0.85.17777 - Xiph.Org)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version:  - )
Zemana AntiMalware (HKLM-x32\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.70.118 - Zemana Ltd.)
Zoner Photo Studio 16 (HKLM\...\ZonerPhotoStudio16_DE_is1) (Version: 16.0.1.9 - ZONER software)
ZXPInstaller (HKLM-x32\...\ZXPInstaller) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{0186DEAF-61CE-89A3-F13A-FE346B9F3242}\InprocServer32 -> C:\Windows\system32\ole32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{05E88098-3750-457A-AC42-1B019F9E3FE8}\InprocServer32 -> D:\Program Files\Xara\Xara Designer Pro X11\Filters\DEU\HDPImport.dll ()
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{0E270DAA-1BE6-48F2-AC49-7362073574F1}\InprocServer32 -> %%systemroot%%\system32\shell32.dll => No File
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{B1275BA0-C082-CF35-7F95-2950AA42B34B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{b5eedee0-c06e-11cf-8c56-444553540000}\InprocServer32 -> D:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll ()
CustomCLSID: HKU\S-1-5-21-595107073-3459872703-1893278198-1000_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B9C55F-BE95-4C99-8804-433ECCE958A6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {04632EDD-F88A-4876-87C0-64FC6925C254} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe
Task: {07BD94FF-F606-4D2C-82ED-0C505BA230ED} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {099194F8-1343-4D47-A417-92C6269042B2} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe
Task: {0A02C041-AC86-4B69-BF0A-4F5491C112A0} - System32\Tasks\{9E502815-3FB8-422D-934C-BEAC4F7F61A3} => pcalua.exe -a "C:\Program Files\ByteFence\ByteFence.exe" -c /uninstall
Task: {0DE91209-C07D-4950-8A11-39CA6D1FAD3D} - \{B46C2F41-635B-45EF-8DA9-315783A65493} -> No File <==== ATTENTION
Task: {1B254972-BB56-49E7-A998-028EDB5F11CC} - \{2FA392C3-F18D-4786-9204-E291CD6EC365} -> No File <==== ATTENTION
Task: {1D8416DA-0E23-4EDF-9577-6F5268B300DA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe
Task: {1FF4C0F6-4909-43CB-B6DF-F402FE13823B} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe
Task: {273924A0-4C1E-4ACB-A835-8CC7CC622938} - \{2AFE2AE5-C836-47D9-815D-C94B64AB036B} -> No File <==== ATTENTION
Task: {28EB2A70-8575-4A06-94BB-C33657777EE3} - System32\Tasks\GoogleUpdateTaskMachineUA1d15e163edbcf89 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {2BC6FD32-2761-40F6-8ACE-1B81642EC868} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {2CC6C41B-9C90-476D-BEB3-870D68E7E128} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {2EB1BCF9-A0D8-4CF9-B4D3-E2CEE7E781AB} - \{27ACFFA3-A528-42D7-9993-4D7BA7F8289D} -> No File <==== ATTENTION
Task: {33430D3C-9BAE-42A6-9BED-D99B22974BCC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {345BCEB3-F0CE-4D18-9C94-693CD6AB015B} - \{35618E89-5502-4200-A129-85A1A80A8896} -> No File <==== ATTENTION
Task: {38215234-A313-48E7-9FC0-E65CD6CFCB20} - System32\Tasks\waygyehb => C:\Users\Rudi\waygyehb\meevl.exe [2016-10-09] (AutoIt Team)
Task: {3F8D7688-A040-4BC0-BCF0-4EC95DEC4245} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-16] (Hewlett-Packard)
Task: {42E3C262-0E8A-4CB5-95C4-E175EDC3C48A} - \{740791FB-2D36-47A8-B120-94BBFB93EA79} -> No File <==== ATTENTION
Task: {476E7DF0-F93D-47BA-AD82-6411B283976D} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe
Task: {497937FF-D6A3-44E8-A158-840514DDB167} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe
Task: {4AB9730C-C7FD-4EA5-AB62-05F486A8DE18} - \AutoPico Daily Restart -> No File <==== ATTENTION
Task: {4F08BBEE-78FC-45BD-990D-DB64E90F721C} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {5A9692BE-D138-43DD-A4D4-C95DF686FC7D} - \{02875574-2A0D-4655-8292-6FE33F678028} -> No File <==== ATTENTION
Task: {5EDEAED5-7762-4CE8-AFAE-19974B6906AC} - \{FEF9E990-CDC7-4608-9449-A62A81C61278} -> No File <==== ATTENTION
Task: {6A36C4A3-FDF7-426E-A095-B5BFA75766E5} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe
Task: {6B0F9117-9960-49C4-AF3B-B3DC35A41504} - \AnySendUpdate -> No File <==== ATTENTION
Task: {6C4AC4B4-696B-441D-A2B9-94B543742014} - \{1305724E-31B3-43E0-AEFD-498F4F4393F8} -> No File <==== ATTENTION
Task: {6F56472D-5812-4404-A27E-D1A9AFBEBDCA} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-08-26] (Dropbox, Inc.)
Task: {86A4ACD0-2264-4E1F-AC21-39DA46145AC2} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe
Task: {879FC82A-46AF-4CD9-BB4D-5269B49CBF38} - \{9583FF67-63D5-420A-B3D5-9B61836A7A5E} -> No File <==== ATTENTION
Task: {8BC1E41B-4A1D-4F18-BCD8-2E21A340FE01} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe
Task: {901F23E8-55F1-4F9C-8A45-EBFEE659EF67} - \AdobeAAMUpdater-1.0-Rudi-PC-Rudi -> No File <==== ATTENTION
Task: {922FDBE2-22A0-4935-A5D4-4CE4169DD074} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe
Task: {926BF885-444B-4DAA-997F-0CC7FC57476B} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe
Task: {9794AE7B-C958-4600-9C08-5C2B8E4E058E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
Task: {98593EC2-F06E-4B56-BF30-DE8EF69236D3} - \{1040CF9C-0062-40A4-AF45-B096E3C2974E} -> No File <==== ATTENTION
Task: {9A72A093-B729-4F29-BCE5-EAA166CA4ABA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {A2782706-C1BF-4ABB-8C7F-A9518699BCF8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {A402EDE3-604B-4508-BD20-D8EC21771475} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe
Task: {AAFCD6AD-6B1B-44DD-A1F4-E7D6D9020AD1} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe
Task: {AB1BCC63-E290-4A7A-A430-681FF4C8AE87} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2014-07-31] (TechSmith Corporation)
Task: {AD1CAB19-40B6-4FF5-B388-AFDE38B053BC} - System32\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000 => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe [2016-12-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {B012D145-E06D-4FE1-A69B-469C0EA72B75} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {B41D848D-6628-4088-BEAE-A283CB2DCCC3} - \Baidu PC Faster Update -> No File <==== ATTENTION
Task: {C547956D-27FA-4D62-8252-0B6000A29F1A} - \Ashampoo Privacy Protector Weekly Security Scan -> No File <==== ATTENTION
Task: {CB4C58A5-CA6D-4385-BD06-59DB8E742E3E} - \{78BD3CA8-F7D2-4CAF-A931-B4643241F98A} -> No File <==== ATTENTION
Task: {CC8B37F2-6EA5-4C5F-B8BE-FD9FD51F399F} - \AnySendUpdateLogin -> No File <==== ATTENTION
Task: {D1BA245F-C0AD-4A2D-A418-DA5E78912884} - System32\Tasks\Driver Booster SkipUAC (Rudi) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {D24F4EDC-DEDD-4800-96A8-FF934264E3AC} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec.exe
Task: {D5A1BDA8-9D24-49C2-9011-DD245FFF4879} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {D5AC7BAC-E97D-4645-91E7-9C204EF7DB99} - \{FD2D9535-4683-4F99-BB10-97FA6368465F} -> No File <==== ATTENTION
Task: {DBC58B05-7E40-4FBE-8710-14F23AF64C8B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {DEF4C4D7-B73B-4A9B-83B1-14796FBEF0D0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {E2178E6E-4377-4D65-8EFA-6349A2468340} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe
Task: {E2C140E7-3D1C-4872-AFED-370975FAAAC1} - System32\Tasks\Abelssoft\Anti Ransomware => D:\Program Files (x86)\AntiRansomware\AbLauncher.exe [2016-11-09] ()
Task: {E57A4F62-3A95-4312-8F44-412990D1BBAC} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {EE5F6DD7-B83B-4816-881D-5B8CB8F1B53A} - System32\Tasks\qlgdobk => C:\Users\Rudi\qlgdobk\hgls.exe
Task: {EFB5A742-B99C-433A-B34E-E882A42126CF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe
Task: {F5D354CE-DB91-41E5-AB64-9E92F21C5ACB} - System32\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000 => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe [2016-12-14] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {FC8A9233-6163-4B2F-82C3-B385EF05AB4A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe
Task: {FE6223FD-CCF7-4E57-9B15-F1E35ACAC39E} - \AutoKMS -> No File <==== ATTENTION
Task: {FF2FC822-71D1-4F65-BE61-0DF6C493D264} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\\MpCmdRun.exe [2016-07-16] (Microsoft Corporation)
Task: {FF57077F-353D-4388-B666-F91D1529B531} - \StartupStar Firewall -> No File <==== ATTENTION
Task: {FF6EA1BB-D0FF-4CF7-89D3-3EDB8E25F940} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-09-29] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-595107073-3459872703-1893278198-1000.job => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-595107073-3459872703-1893278198-1000.job => C:\Users\Rudi\AppData\Local\Citrix\GoToMeeting\5922\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\StartupStar Firewall.job => D:\Program Files (x86)\StartupStar\StartupStar.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Rudi\Favorites\Downloadseite von NCH Software.lnk -> hxxp://www.nchsoftware.com/de/index.htm
Shortcut: C:\Users\Rudi\Favorites\NCH Software Download Site.lnk -> hxxp://www.nchsoftware.com/index.htm
Shortcut: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\10-Sekunden-Haushaltsbuch\Homepage.lnk -> hxxp:

ShortcutWithArgument: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\Copay.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=cnidaodnidkbaplmghlelgikaiejfhja
ShortcutWithArgument: C:\Users\Rudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome-Apps\FLV Player.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=dhogabmliblgpadclikpkjfnnipeebjm

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 18:42 - 2016-07-16 18:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-18 08:33 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-10-31 11:23 - 2016-11-14 18:15 - 00135224 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-11-23 21:03 - 2012-08-31 15:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2013-03-14 10:53 - 2008-06-04 13:53 - 00027648 _____ () C:\WINDOWS\System32\spd__l.dll
2006-12-09 04:55 - 2006-12-09 04:55 - 00022016 _____ () C:\WINDOWS\System32\sugg1l6.dll
2016-11-23 21:01 - 2012-08-31 15:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2013-01-31 19:38 - 2011-10-25 13:26 - 02062336 _____ () D:\Program Files\Atomic Alarm Clock\timeserv.exe
2015-07-13 18:09 - 2015-07-13 18:09 - 08148480 _____ () C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe
2016-12-18 08:33 - 2016-12-09 17:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2017-01-12 14:07 - 2017-01-12 14:07 - 05654128 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
2015-11-18 21:33 - 2015-11-18 21:33 - 01598464 _____ () D:\Program Files (x86)\freenet cloud\64\CloudIconOverlay.dll
2016-08-23 20:05 - 2016-08-23 20:05 - 00052400 _____ () D:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2013-01-31 19:38 - 2011-10-20 17:40 - 00647168 _____ () D:\Program Files\Atomic Alarm Clock\Clock.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-07-15 11:44 - 2010-07-15 11:44 - 00020032 _____ () D:\Program Files\Utility\Unlocker\UnlockerCOM.dll
2012-03-13 18:00 - 2012-03-13 18:00 - 00111104 _____ () D:\Program Files (x86)\IDM Computer Solutions\UltraEdit\ue64ctmn.dll
2013-09-06 09:30 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2016-11-03 16:48 - 2016-09-07 11:56 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 16:34 - 2016-12-21 14:09 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 16:34 - 2016-12-21 14:08 - 00693248 _____ () C:\Windows\ShellExperiences\MtcUvc.dll
2017-01-11 16:34 - 2016-12-21 13:54 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 16:34 - 2016-12-21 13:48 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 16:34 - 2016-12-21 13:48 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 16:34 - 2016-12-21 13:48 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 16:34 - 2016-12-21 13:53 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-01-31 19:38 - 2011-10-25 15:21 - 04287488 _____ () D:\Program Files\Atomic Alarm Clock\AtomicAlarmClock.exe
2017-03-10 10:50 - 2016-11-09 10:04 - 03860504 _____ () C:\ProgramData\Abelssoft\AntiRansomware\Program\AntiRansomware.exe
2016-12-21 14:13 - 2016-12-21 14:13 - 07013704 _____ () C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
2016-11-17 08:33 - 2016-11-17 08:33 - 01079808 ____X () C:\Program Files\WindowsApps\NAVER.LINEwin8_5.4.7.0_x64__8ptj331gd3tyt\Sqlite.dll
2017-02-23 07:19 - 2017-02-23 07:21 - 00019456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2017-02-23 07:19 - 2017-02-23 07:21 - 21149696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2017-02-23 07:19 - 2017-02-23 07:21 - 05380096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\MediaEngine.dll
2017-02-23 07:19 - 2017-02-23 07:21 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2017-02-23 07:19 - 2017-02-23 07:21 - 00387584 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.RichMedia.Ink.Controls.dll
2017-02-23 07:19 - 2017-02-23 07:21 - 01047552 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\Microsoft.Sharing.dll
2017-02-23 07:19 - 2017-02-23 07:21 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_17.214.10010.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2017-03-14 07:27 - 2017-03-14 07:27 - 00077312 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-03-14 07:27 - 2017-03-14 07:27 - 00182784 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-03-14 07:27 - 2017-03-14 07:27 - 41048064 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-03-14 07:27 - 2017-03-14 07:27 - 02236896 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.12.112.0_x64__kzf8qxf38zg5c\roottools.dll
2017-01-18 18:42 - 2017-01-18 18:42 - 03629008 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\atih_mms_addon.dll
2017-01-18 18:41 - 2017-01-18 18:41 - 01312888 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\services_mms_addon.dll
2016-08-29 20:16 - 2016-08-29 20:16 - 00685488 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
2017-01-18 18:40 - 2017-01-18 18:40 - 20956944 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
2017-01-18 18:02 - 2017-01-18 18:02 - 00396208 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
2016-08-15 10:28 - 2016-08-15 10:28 - 00129968 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
2016-12-21 14:01 - 2016-12-21 14:01 - 00248240 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
2016-12-20 19:31 - 2016-12-20 19:31 - 00034736 _____ () C:\Program Files (x86)\Common Files\Acronis\Infrastructure\core_workers_shared_context.dll
2016-11-23 13:41 - 2016-11-23 13:41 - 00160168 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\libevent.dll
2015-12-16 00:17 - 2015-12-16 00:17 - 00618544 _____ () D:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll
2015-09-21 20:11 - 2015-09-21 20:11 - 00284672 _____ () C:\Program Files (x86)\Themler\bin\apache\bin\pcre.dll
2015-07-13 18:09 - 2015-07-13 18:09 - 00166912 _____ () C:\Program Files (x86)\Themler\bin\apache\bin\libssh2.dll
2014-10-16 09:54 - 2014-10-16 09:54 - 01007616 _____ () D:\Program Files (x86)\Extensis Suitcase Fusion\libxml2.2.6.24.dll
2014-10-16 09:54 - 2014-10-16 09:54 - 00901120 _____ () D:\Program Files (x86)\Extensis Suitcase Fusion\iconv-1.9.2.dll
2014-10-16 09:54 - 2014-10-16 09:54 - 00007168 _____ () D:\Program Files (x86)\Extensis Suitcase Fusion\libcharset.dll
2016-08-23 20:05 - 2016-08-23 20:05 - 00048304 _____ () D:\Program Files\FileZilla FTP Client\fzshellext.dll
2013-04-15 13:09 - 2013-04-15 13:09 - 00500224 _____ () D:\Program Files (x86)\PhraseExpress\pexlang.dll
2016-08-29 22:57 - 2016-08-29 22:57 - 00444336 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
2016-08-29 20:16 - 2016-08-29 20:16 - 00115632 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
2017-02-07 13:41 - 2017-02-01 16:01 - 01870168 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-02-07 13:41 - 2017-02-01 16:01 - 00085848 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-02-15 10:08 - 2017-02-02 12:30 - 17840216 _____ () C:\Users\Rudi\AppData\Local\Google\Chrome\User Data\PepperFlash\24.0.0.221\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences [514]
AlternateDataStreams: C:\ProgramData\TEMP:6DAA43DB [456]
AlternateDataStreams: C:\ProgramData\TEMP:A303874F [294]
AlternateDataStreams: C:\ProgramData\TEMP:A5B56640 [193]
AlternateDataStreams: C:\ProgramData\TEMP:B102485A [126]
AlternateDataStreams: C:\Users\Rudi\Cookies:zuMnBzX7YO6d07i2AKh7kQHc0V [2368]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\facebook.com -> hxxps://staticxx.facebook.com
IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\facebook.net -> hxxps://connect.facebook.net
IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\fbcdn.net -> hxxps://static.xx.fbcdn.net
IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\google-analytics.com -> hxxps://www.google-analytics.com
IE trusted site: HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\paragon-software.com -> hxxps://bo4-fe.paragon-software.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-12-27 18:25 - 2017-03-04 16:10 - 00002908 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-595107073-3459872703-1893278198-1000\Control Panel\Desktop\\Wallpaper -> c:\users\rudi\appdata\local\microsoft\windows\themes\transcodedwallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: ABBYY.Licensing.FineReader.Professional.12.0 => 2
MSCONFIG\Services: ABBYY.Licensing.FineReader.ScreenshotReader.9.0 => 2
MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AeLookupSvc => 3
MSCONFIG\Services: afcdpsrv => 2
MSCONFIG\Services: AGSService => 2
MSCONFIG\Services: ALG => 3
MSCONFIG\Services: AnySendService => 2
MSCONFIG\Services: CLHNServiceForPowerDVD12 => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Monitor Service => 2
MSCONFIG\Services: CyberLink PowerDVD 12 Media Server Service => 2
MSCONFIG\Services: Fax => 2
MSCONFIG\Services: PSI_SVC_2_x64 => 2
MSCONFIG\Services: ScsiAccess => 2
MSCONFIG\Services: ServiceLayer => 3
MSCONFIG\Services: SkypeUpdate => 3
MSCONFIG\Services: syncagentsrv => 3
MSCONFIG\Services: TryAndDecideService => 2
MSCONFIG\Services: UPSmonitor => 2
MSCONFIG\Services: UPSRMI => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Planner Reminder.lnk => C:\Windows\pss\Event Planner Reminder.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NCdownloader.lnk => C:\Windows\pss\NCdownloader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk => C:\Windows\pss\Logitech . Produktregistrierung.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Terminplaner.lnk => C:\Windows\pss\Terminplaner.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Rudi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^TimOnize-start.LNK => C:\Windows\pss\TimOnize-start.LNK.Startup
MSCONFIG\startupreg: ACPW06EN => "C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe" /pid ACPW06EN
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "D:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
MSCONFIG\startupreg: AcronisTimounterMonitor => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe
MSCONFIG\startupreg: AddressBookReminderApp => D:\Program Files (x86)\Creative Home\Hallmark Card Studio 2015 Deluxe\ReminderApp.exe
MSCONFIG\startupreg: ANIWZCS2Service => C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
MSCONFIG\startupreg: AntiLogger => "C:\Program Files (x86)\AntiLogger\AntiLogger.exe" /minimized
MSCONFIG\startupreg: AnySend User Interface => C:\Program Files (x86)\AnySend\AnySendUI.exe
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Ashampoo Anti-Virus Guard => "D:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\AAV_Guard.exe" -AUTORUN
MSCONFIG\startupreg: autodetect => D:\Program Files (x86)\AIS Aircard Connection\AutoDect.exe
MSCONFIG\startupreg: avgnt => "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Avira Secure Backup => "C:\Program Files\Avira Secure Backup\Avira Secure Backup.exe" /delayed
MSCONFIG\startupreg: Avira Systray => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
MSCONFIG\startupreg: AVTray => C:\Program Files (x86)\UtilTool\Antivirus\AVTray.exe
MSCONFIG\startupreg: BackupOutlook => "D:\Program Files (x86)\Wisco\BackupOutlook\BackupOutlook.exe" silent
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR12 => "D:\Program Files (x86)\ABBYY FineReader 12\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: BrowserPlugInHelper => D:\Program Files (x86)\Wondershare\Video Converter Ultimate\BrowserPlugInHelper.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: CuteReminder => D:\Program Files (x86)\CuteReminderEnterprise\CuteReminder.exe
MSCONFIG\startupreg: D-Link D-Link Wireless G DWA-110 => D:\Program Files (x86)\D-Link\D-Link Wireless G DWA-110\AirGCFG.exe
MSCONFIG\startupreg: DivXMediaServer => D:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: FontExpertType1Loader => D:\Program Files (x86)\FontExpert\Type1Loader.exe
MSCONFIG\startupreg: GmailNotifierPro => D:\Program Files (x86)\Gmail Notifier Pro\GmailNotifierPro.exe /minimized
MSCONFIG\startupreg: GoogleChromeAutoLaunch_48A5624A9F8D410DFDDC0DF16A2DABA7 => "C:\Users\Rudi\AppData\Local\Chromium\Application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
MSCONFIG\startupreg: IcS Control Check => %TEMP%\hsstv64.exe
MSCONFIG\startupreg: ISUSPM => "C:\ProgramData\FLEXnet\Connect\11\isuspm.exe" -scheduler
MSCONFIG\startupreg: KiesAirMessage => D:\Program Files\Kies\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => D:\Program Files\Kies\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => D:\Program Files\Kies\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: Klr => "C:\klr\klr.exe" I
MSCONFIG\startupreg: LogitechQuickCamRibbon => "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
MSCONFIG\startupreg: ManyCam => "C:\Program Files (x86)\ManyCam\ManyCam.exe" --silent
MSCONFIG\startupreg: MMAgent => C:\Program Files (x86)\Mobile Master\MMAgent.exe
MSCONFIG\startupreg: MtdAcqu => "C:\Program Files (x86)\Creative\MediaSource5\MtdAcqu.exe" /s
MSCONFIG\startupreg: NokiaSuite.exe => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
MSCONFIG\startupreg: OpAgent => "OpAgent.exe" /agent
MSCONFIG\startupreg: P17RunE => RunDll32 P17RunE.dll,RunDLLEntry
MSCONFIG\startupreg: Pando Media Booster => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MSCONFIG\startupreg: PMBVolumeWatcher => D:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
MSCONFIG\startupreg: PowerDVD12Agent => "C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe"
MSCONFIG\startupreg: PowerDVD12DMREngine => "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe"
MSCONFIG\startupreg: PromptService64 => C:\Windows\PromptService64.exe
MSCONFIG\startupreg: QuickTime Task => "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
MSCONFIG\startupreg: SSS15 Browser Monitor => "C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosBrowserMonitor.exe"
MSCONFIG\startupreg: SSS15 Chrome Autofill Relay => "C:\Program Files (x86)\Steganos Privacy Suite 15\passwordmanagercom.exe"
MSCONFIG\startupreg: SSS15 File Redirection Starter => "C:\Program Files (x86)\Steganos Privacy Suite 15\fredirstarter.exe"
MSCONFIG\startupreg: Steganos HotKeys => "C:\Program Files (x86)\Steganos Privacy Suite 15\SteganosHotKeyService.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SweetIM => C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe
MSCONFIG\startupreg: Sweetpacks Communicator => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: TrayServer => D:\Program Files (x86)\MAGIX\Video_deluxe_MX_Plus_Download-Version\TrayServer_de.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
MSCONFIG\startupreg: TypografFontSets => d:\program files (x86)\typograph\typograf\fontsets.exe
MSCONFIG\startupreg: UPSMS => D:\Program Files (x86)\MonitorSoftware\UPSMS.exe
MSCONFIG\startupreg: Windows File Locker Helper => "D:\Program Files (x86)\GiliSoft\Privacy Protector\WinFLockerHelp.exe" UnmountDisk
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WTClient => WTClient.exe
MSCONFIG\startupreg: Zoner Photo Studio Autoupdate => D:\PROGRAM FILES\ZONER\PHOTO STUDIO 15\Program32\ZPSTRAY.EXE
HKLM\...\StartupApproved\Run: => "ZAM"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKLM\...\StartupApproved\Run32: => "TrayServer"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "Customer Update Utility"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "Browser Extensions"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "winClient"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "IDMan"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "AntiBrowserSpy - BrowserMask"
HKU\S-1-5-21-595107073-3459872703-1893278198-1000\...\StartupApproved\Run: => "AdobeBridge"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{92DDDA61-E10B-4218-A42C-3938BED15865}] => (Block) %ProgramFiles%
FirewallRules: [{343203A7-BFB6-48F7-86ED-D53A0BDB4AC4}] => (Block) %ProgramFiles% (x86)\Picture Instruments\Color Cone\exiftool.exe
FirewallRules: [{4E6AA035-C3B0-41C9-87D0-1E9A89953CB6}] => (Block) %ProgramFiles% (x86)\Picture Instruments\Color Cone\Color_Cone.exe
FirewallRules: [{76374B33-D92B-42B0-A6E0-269E495E9FCA}] => (Allow) C:\Program Files\MAGIX\Video Pro X\8\Video_Pro_X.exe
FirewallRules: [{ACF1C0D6-CAB6-4974-9294-33EFF9A485C3}] => (Allow) C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe
FirewallRules: [{AE6D21EC-AF00-424F-8450-F32AD8F13030}] => (Allow) C:\Program Files (x86)\Themler\bin\mysql\bin\mythemlerd.exe
FirewallRules: [{D3982B8C-A41C-415E-83B9-CF4CF2AB8D3B}] => (Allow) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
FirewallRules: [{3634DA3D-816E-4CE4-9B57-CF5379B8A9CA}] => (Allow) C:\Program Files (x86)\Themler\bin\apache\bin\hthemlerd.exe
FirewallRules: [{087C574D-C291-4D46-A690-5658C1CB5829}] => (Allow) D:\Program Files (x86)\Artisteer 4\bin\Artisteer.exe
FirewallRules: [{2B7C81BD-3E9E-4CEA-A6C6-785C3A522B31}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{3E9BDE80-6AA4-4C99-8039-ECA373ABED9A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{1C6959C4-731B-44A1-8CD7-10E860BEB17B}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{8610B2E8-72BB-4A38-BBEF-014824F1049A}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{210C36A5-5707-4BC0-B5AC-9E8EFF9780AF}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{4F8322A4-38AB-4C37-BACA-E451600B2622}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{78D01D20-85AA-4AA5-AF1C-5F488533A8D1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{7A1D4035-8E3F-4688-AA06-0E92B50C9E7D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{096B0E49-EAF4-4EE6-B813-C00A510E7474}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{31A8840F-D394-4FD4-A589-5E6549668CE3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{3ADEE13B-782F-41AF-A2F7-17A258E9EA1E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{244CD225-548C-4FB5-A054-7F2B9574DA3B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{F5549210-C24C-4912-80D1-62CD2DC7FF25}] => (Allow) D:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{03F67F62-07AC-4DCA-960B-DE59BBCDC830}] => (Allow) D:\Program Files (x86)\gnucash\bin\gnucash.exe
FirewallRules: [{514637EA-4E95-4628-91B7-43F53283CA59}] => (Allow) D:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{18F0CBE4-B523-462E-AE21-300844AF8924}] => (Allow) D:\Program Files (x86)\gnucash\bin\gconfd-2.exe
FirewallRules: [{6BEE3BE6-1314-40A0-BE8B-F81E85109FF8}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{9987847A-04DF-498A-B509-C997DB20FFC6}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{56F1FB23-CE8F-45E8-9ADD-4BBF8A6C5483}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\RM.exe
FirewallRules: [{5C05F7D2-56F8-466D-B0CF-3EFB369E561E}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\RM.exe
FirewallRules: [{E823DB60-76E2-4E7D-9043-903B9B191A15}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\NGStudio.exe
FirewallRules: [{55AFA9C4-0AAB-4DEA-8261-05675E0CFE17}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\NGStudio.exe
FirewallRules: [{81E731ED-1B26-4AD8-BE1C-C25A9BF3DEF1}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\UMI.exe
FirewallRules: [{50253750-8B23-48F6-BD19-45C558C2BCEE}] => (Allow) D:\Program Files (x86)\Avid\Studio\programs\UMI.exe
FirewallRules: [TCP Query User{5C195D51-E479-4471-B613-C8D8E19714F1}D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe
FirewallRules: [UDP Query User{B63962BA-E046-48CE-B790-D44B8EC1650E}D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe] => (Allow) D:\program files (x86)\monitorsoftware\jre\bin\javaw.exe
FirewallRules: [TCP Query User{BD6A8247-5044-4FBA-A53B-3E76F9B159C8}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe
FirewallRules: [UDP Query User{0E143700-BA52-4F52-AEFC-C7203C23BB1C}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe
FirewallRules: [{4AC0F8FE-8692-4C17-B80B-9AE277E66735}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{47CB69A7-E8E8-4F79-8D23-A5EA79C064EF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{533A753D-D854-4724-A674-30B2A1D9F8C5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{8EF7F021-8882-45BE-A71A-65D9F18E531E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{93728EB7-BB5D-4B66-A900-CB91CCEB9EFD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{33E0A8CE-405A-442A-BE7D-BEB5C9947DA1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{34124BF5-369E-4452-A75C-492899114C06}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{C1778ED6-0E53-4417-89CD-5D2F17C45EB8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{37E92E1B-007F-487D-AFF3-D30B5764C96A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{68BEDED7-3650-43D0-9F77-44E501020909}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{F8AC81F9-93FE-4D32-8134-F8B64AC27850}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{BE94671C-AADB-4A11-BF3B-03BB7A062D8E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{4486823B-F4D8-4B5A-BAFF-2979CFB2258E}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTV.exe
FirewallRules: [{70039998-A8BD-4B39-936D-3A70BE91BAD2}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTV.exe
FirewallRules: [{2019AE57-E054-4D82-B531-B5A2974FF682}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTVStarter.exe
FirewallRules: [{F1C990BE-DF28-4CBF-BFC1-0C9BDAB303F3}] => (Allow) D:\Program Files (x86)\concept design\onlineTV 8\onlineTVStarter.exe
FirewallRules: [TCP Query User{B003675D-6750-43B7-BD9B-3CE20CB7B917}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe
FirewallRules: [UDP Query User{E36BBF5C-E88B-4359-A658-71EDF668E8A6}D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe] => (Allow) D:\program files (x86)\vlc-mediaplayer1.1.11\vlc.exe
FirewallRules: [TCP Query User{8EE92EF5-EFAE-4B3A-BFB0-EDE27F7F7E8A}C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe] => (Allow) C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe
FirewallRules: [UDP Query User{2D6D6FC6-A75E-4F9B-8CE7-215CC17BE21A}C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe] => (Allow) C:\program files\onone software\perfect mask 5.2\perfect mask 5.2.exe
FirewallRules: [{EA0E752C-BA1C-4768-9093-D1DAC6360409}] => (Allow) LPort=8298
FirewallRules: [{A5E15D82-1A59-480C-B92A-94C10B6EA8B8}] => (Allow) D:\Program Files (x86)\ABBYY Scan Station\ScanStationBR.exe
FirewallRules: [{1544CEDB-7794-4D00-8761-E0727DB93FD7}] => (Allow) D:\Program Files (x86)\ABBYY Scan Station\ScanStationBR.exe
FirewallRules: [{0E903599-3EB2-4551-9A9F-5FA1AF4FC132}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{FA67384C-59C6-47D0-A07C-CEA1A955C4D1}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{68279ADA-F142-4020-81A1-3F6B02383D4B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{54EAA105-F360-4F4D-B5A3-B9F4F3010D97}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{CA0FA361-1AB8-4E53-AE24-CBC00C082D52}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{19ECACD0-E02F-4EC9-964E-11759E6B9F9C}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [TCP Query User{AC61D6F2-57CD-453E-9314-E663A8AAC4A8}D:\program files (x86)\ eye4\superipcam.exe] => (Allow) D:\program files (x86)\ eye4\superipcam.exe
FirewallRules: [UDP Query User{692A0DC4-45CE-4511-B9D6-D83A041852A8}D:\program files (x86)\ eye4\superipcam.exe] => (Allow) D:\program files (x86)\ eye4\superipcam.exe
FirewallRules: [{37C527A9-0DBF-4292-A284-BBAD1E4E9C9E}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{529BD4C3-4EFE-4A60-BB4A-3E660A0E44AD}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{F3C7CFBC-A8C1-49F0-8326-EAFF83FB1560}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\FuScript.exe
FirewallRules: [{4B5B7FD8-C4BF-47C4-9E8F-F7EA9EA2409F}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\Fusion.exe
FirewallRules: [{543E9678-C84C-4D1C-941C-21D30BE00B57}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\FusionServer.exe
FirewallRules: [{FD7C670B-D19D-46AF-B245-7CD9A564C809}] => (Allow) C:\Program Files\Blackmagic Design\Fusion 8\QTServer\FusionQTServer.exe
FirewallRules: [{3B818112-9F06-4DDF-B4C7-0DED3303D73E}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeUltimate9.exe
FirewallRules: [{E382B8D2-1EF7-45E2-89B8-C068C627278A}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeSRUltimate.exe
FirewallRules: [{86956E22-AEFD-4386-B853-D70838A32EFF}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeQVUltimate9.exe
FirewallRules: [{DED6CF2D-49CC-4D18-B98F-3FBBF9992C2A}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeIndexerUltimate9.exe
FirewallRules: [{6C1A1CAA-DE81-4995-ACE3-6A082396D058}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\ACDSeeCommanderUltimate9.exe
FirewallRules: [{27A6FBC8-6D86-4878-91DC-971C7258C641}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\acdIDWriter.exe
FirewallRules: [{5F01C5EF-C385-4E75-A625-36AED3B52D02}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\acdIDInTouch2.exe
FirewallRules: [{199FB244-C51E-4B53-A6A3-9D9EB04DEC0F}] => (Block) %ProgramFiles%\ACD Systems\ACDSee Ultimate\9.0\D3DBaseSlideShow.exe
FirewallRules: [{C6872CD3-D525-44F7-9366-9C46361845D9}] => (Allow) D:\Program Files\MAGIX\Video deluxe Premium\2017\Videodeluxe.exe
FirewallRules: [{4470F796-4ACA-4A01-AA09-BC1F4BA07AF1}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{C3388173-3F30-468A-A852-C2F15CA8AB84}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{F13436ED-DC5E-4287-A01F-00B08A9DD03C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{64A71504-DADA-4DB5-8B46-39D8A2E48E89}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{5CA2267A-29D7-4AEE-A210-6BFA2B59CCF6}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F2D5FC31-7734-451A-AFAB-B9DC86B95F41}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{A2CE3A7F-3546-453B-BEDF-7D073C4FC3FD}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
FirewallRules: [{6ADF1FE9-CB16-46F8-9F8F-9BD26B91F749}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
FirewallRules: [{11BBA2C4-A21E-4AC5-A282-9AAAF4245B1A}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImage.exe
FirewallRules: [{EEF5CFFF-5ECA-49D6-9F52-33CE079958F3}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
FirewallRules: [{4C48D9CA-9AA2-4252-AFCB-7509F0D7A5AA}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageTools.exe
FirewallRules: [{324357CD-B610-411C-9579-05CF8045B2C8}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\TrueImageHome\TrueImageHomeService.exe
FirewallRules: [{DB6E937E-8B6E-497E-90A2-F824296A09CF}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\MediaBuilder.exe
FirewallRules: [{AFD68924-EB84-4478-9040-AC65FB232B85}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\SystemReport.exe
FirewallRules: [{F68C1B6F-D434-4381-AA99-D4AD07898B56}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\acronis_drive.exe
FirewallRules: [{D000E2C8-99F1-4F99-B050-21B1EA36483B}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
FirewallRules: [{7EE22F9C-7AC7-4F33-BA10-C2B8C6BE0FB7}] => (Allow) C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
FirewallRules: [{DBA722E4-A3B5-4023-BF6B-4989E77AFDE6}] => (Allow) C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
FirewallRules: [{7031A7E2-3592-4B03-94F8-8B86050FABA2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{B2898DF5-D2AF-495F-B386-C16706BD61C6}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{14BB7E39-D672-45E3-88CD-1A25CF430A37}] => (Allow) D:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{51B09A1F-FA5B-498A-8825-F58B72F6F03F}] => (Block) D:\Program Files (x86)\Windows Repair (All in One)\Repair_Windows.exe
FirewallRules: [TCP Query User{9183D5AA-2F5D-4438-9A1D-AAF662CBB7E2}D:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) D:\program files (x86)\phraseexpress\phraseexpress.exe
FirewallRules: [UDP Query User{B9C37156-5CDB-4EB4-ACE8-208E7464A7E0}D:\program files (x86)\phraseexpress\phraseexpress.exe] => (Allow) D:\program files (x86)\phraseexpress\phraseexpress.exe
FirewallRules: [{6AE4B966-D33C-43E8-8A17-4A0237321D8A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

13-03-2017 19:08:57 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/14/2017 08:23:24 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:23:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:23:04 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:22:53 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:22:43 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:22:33 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:22:23 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:22:13 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:22:02 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).

Error: (03/14/2017 08:21:52 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Fehler beim Aktualisieren des -Status auf SECURITY_PRODUCT_STATE_ON (Fehler %3).


System errors:
=============
Error: (03/14/2017 07:23:35 AM) (Source: DCOM) (EventID: 10010) (User: Rudi-PC)
Description: Der Server "{21F282D1-A881-49E1-9A3A-26E44E39B86C}" konnte innerhalb des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error: (03/14/2017 07:21:44 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Freemake Improver" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2017 07:21:32 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (03/14/2017 07:21:27 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "HvHost" wurde mit folgendem Fehler beendet:
Ein an das System angeschlossenes Gerät funktioniert nicht.

Error: (03/14/2017 07:21:25 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "WwanSvc" wurde mit folgendem Fehler beendet:
Zugriff verweigert

Error: (03/14/2017 07:21:26 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (03/13/2017 08:36:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender Advanced Threat Protection-Dienst" wurde mit folgendem Fehler beendet:
Die Daten sind unzulässig.

Error: (03/13/2017 04:36:17 PM) (Source: volsnap) (EventID: 25) (User: )
Description: The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time.  Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.


CodeIntegrity:
===================================
  Date: 2017-03-14 07:33:20.212
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-13 08:04:33.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-12 10:51:44.944
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-11 10:38:12.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 18:47:01.749
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-08 17:32:10.925
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-03-08 17:32:10.896
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-03-08 17:32:10.861
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-03-08 17:32:10.798
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

  Date: 2017-03-08 17:32:10.781
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume4\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 42%
Total physical RAM: 8174.68 MB
Available physical RAM: 4723.57 MB
Total Virtual: 10350.68 MB
Available Virtual: 6092.14 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:111.35 GB) (Free:9.24 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Programme) (Fixed) (Total:488.28 GB) (Free:402.82 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:1397.26 GB) (Free:1327.25 GB) NTFS
Drive f: (Backup) (Fixed) (Total:932.98 GB) (Free:588.67 GB) NTFS
Drive g: (Sonstiges) (Fixed) (Total:85.67 GB) (Free:33.28 GB) NTFS
Drive i: (Kopien) (Fixed) (Total:930.03 GB) (Free:316.14 GB) NTFS
Drive z: (Daten) (Fixed) (Total:1289.06 GB) (Free:247.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: 331278BE)
Partition 1: (Not Active) - (Size=488.3 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=85.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1289.1 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: D3967C50)
Partition 1: (Active) - (Size=111.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: F612D630)
Partition 1: (Not Active) - (Size=933 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=930 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 1397.3 GB) (Disk ID: AA2FCA67)
Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

cosinus 14.03.2017 10:46
FRST-Fix

Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft!

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
cmd: type C:\WINDOWS\system32\Drivers\etc\hosts
emptytemp:

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


rudi1949 14.03.2017 12:10
Code:
Fix result of Farbar Recovery Scan Tool (x64) Version: 13-03-2017
Ran by Rudi (14-03-2017 17:28:25) Run:1
Running from Z:\Aktuelle Downloads
Loaded Profiles: Rudi (Available Profiles: Rudi & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
cmd: type C:\WINDOWS\system32\Drivers\etc\hosts
emptytemp:
*****************


========= type C:\WINDOWS\system32\Drivers\etc\hosts =========

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97    rhino.acme.com          # source server
#      38.25.63.10    x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
#        127.0.0.1      localhost
#        ::1            localhost

       



========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 294165 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 44422450 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 57976 B
Edge => 4336561 B
Chrome => 514442345 B
Firefox => 84659653 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 0 B
LocalService => 443720 B
NetworkService => 286184 B
Rudi => 145140606 B
UpdatusUser => 0 B
Administrator => 0 B
DefaultAppPool => 0 B

RecycleBin => 468885 B
EmptyTemp: => 757.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:29:09 ====

cosinus 14.03.2017 12:13
Hast du da an den hosts rumgefummelt? :wtf:

Denn da ist zwar jede Zeile auskommentiert und FRST meckert trotzdem: Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

rudi1949 15.03.2017 06:32
Hallo!

Keine Ahnung!
Nein.

cosinus 15.03.2017 09:37
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

rudi1949 16.03.2017 05:07
Danke!
Habe eine Malware gefunden. Aber die Meldung über die einzuschaltende FW kamnach dem Neustart wieder.
Datei zu groß.
Teil 1

Code:
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8571777024, free: 4885569536

Downloaded database version: v2017.03.15.08
Downloaded database version: v2017.03.11.01
Downloaded database version: v2017.03.14.01
Initializing...
======================
------------ Kernel report ------------
    03/16/2017 07:23:12
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\DRIVERS\FLGuard.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\hotcore3.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\SysWOW64\WinFLAdrv.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\NNSNAHSL.sys
\SystemRoot\system32\DRIVERS\eve.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\System32\drivers\uim_im.sys
\SystemRoot\System32\drivers\UimFIO.SYS
\SystemRoot\System32\drivers\uim_devim.sys
\SystemRoot\System32\drivers\UimBus.sys
\??\C:\WINDOWS\Sleen1964.sys
\SystemRoot\system32\DRIVERS\PSINKNC.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\NNSTLSC.sys
\SystemRoot\system32\DRIVERS\NNSSTRM.sys
\SystemRoot\system32\DRIVERS\NNSSMTP.sys
\SystemRoot\system32\DRIVERS\NNSPRV.sys
\SystemRoot\system32\DRIVERS\NNSPROT.sys
\SystemRoot\system32\DRIVERS\NNSPOP3.sys
\SystemRoot\system32\DRIVERS\NNSPIHSW.sys
\SystemRoot\system32\DRIVERS\NNSPICC.sys
\SystemRoot\system32\DRIVERS\NNSIDS.sys
\SystemRoot\system32\DRIVERS\NNSHTTPS.sys
\SystemRoot\system32\DRIVERS\NNSHTTP.sys
\SystemRoot\system32\DRIVERS\NNSALPC.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\Drivers\eusk2par-amd64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\PTSimBus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\Spyder3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\wachidrouter.sys
\SystemRoot\System32\drivers\hidkmdf.sys
\SystemRoot\System32\drivers\wacomrouterfilter.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\DRIVERS\file_protector.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\PSINFile.sys
\SystemRoot\system32\DRIVERS\PSINProc.sys
\SystemRoot\system32\DRIVERS\PSINReg.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\virtual_file.sys
\SystemRoot\System32\drivers\registry.sys
\??\D:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\hvservice.sys
\SystemRoot\system32\drivers\winhvr.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
\SystemRoot\system32\DRIVERS\PSINAflt.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSINProt.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.15.08
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffffe50c093b2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50c093b2ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50c093b2060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffe50c08f019b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe50c08f46600, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe50c093ae060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50c093aeae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50c093ae060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe50c08f38c40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe50c08f3f060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 331278BE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000000
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 1024002048  Numsec = 179662848
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1203664896  Numsec = 2703360000
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffe50c093af060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50c093afae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50c093af060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffe50c08f0b720, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe50c08f44060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F612D630

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1956599808
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1956603904  Numsec = 1950420992
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffe50c093b0610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe50c093b1040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe50c093b0610, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffe50c08f0b440, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe50c08f40060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AA2FCA67

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Drive 3
This is a System drive
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3967C50

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 233512960
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 233515008  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\05ab415fda98063ea52877978eb1cb4f\System.Configuration.Install.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5802392cd3e3a6f3921aabc3241bb561\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\6ba98b6eeadccf682c0cc876bcc548da\System.Net.Http.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dfscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7e37a4f7ac90e8a80cc2bfc7429dd2c1\System.Web.Services.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atmlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdmaud.drv" is sparse (flags = 32768)
File "C:\Windows\System32\ksuser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\avrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.drv" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\midimap.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04c4f83e0b62ff553abff98943e45f42\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\def8702c6e883330fb8cb8e3f5c5e665\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\6af063d01a7341bd43c8c4775e6a7144\PresentationFramework-SystemCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\720259e39ef1331fa96a3242ad50f25a\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bc02b10ad9ab83121bc8d4efdfdbddd6\PresentationFramework-SystemXml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\32e8814a6a6fb0730134a52c7343244f\PresentationFramework-SystemData.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\fab25566b63fba80db7f6456f7730d70\PresentationFramework-SystemXmlLinq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\shdocvw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msident.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pstorec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msoeacct.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msoert2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ACCTRES.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONECORECOMMONPROXYSTUB.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COMPATTELRUNNER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\COMPATTELRUNNER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\cmd.exe" is sparse (flags = 32768)
File "C:\Windows\System32\cmdext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\BACKGROUNDTASKHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\rstrui.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
Infected: C:\Program Files\CCleaner\cr-piriform.exe --> [RiskWare.Agent.Keygen]
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
------------ Kernel report ------------
    03/16/2017 08:04:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\DRIVERS\FLGuard.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\hotcore3.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\NNSNAHSL.sys
\SystemRoot\system32\DRIVERS\eve.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\System32\drivers\uim_im.sys
\SystemRoot\System32\drivers\UimFIO.SYS
\SystemRoot\System32\drivers\uim_devim.sys
\SystemRoot\System32\drivers\UimBus.sys
\??\C:\WINDOWS\Sleen1964.sys
\SystemRoot\system32\DRIVERS\PSINKNC.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\NNSTLSC.sys
\SystemRoot\system32\DRIVERS\NNSSTRM.sys
\SystemRoot\system32\DRIVERS\NNSSMTP.sys
\SystemRoot\system32\DRIVERS\NNSPRV.sys
\SystemRoot\system32\DRIVERS\NNSPROT.sys
\SystemRoot\system32\DRIVERS\NNSPOP3.sys
\SystemRoot\system32\DRIVERS\NNSPIHSW.sys
\SystemRoot\system32\DRIVERS\NNSPICC.sys
\SystemRoot\system32\DRIVERS\NNSIDS.sys
\SystemRoot\system32\DRIVERS\NNSHTTPS.sys
\SystemRoot\system32\DRIVERS\NNSHTTP.sys
\SystemRoot\system32\DRIVERS\NNSALPC.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\Drivers\eusk2par-amd64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\PTSimBus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\Spyder3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\wachidrouter.sys
\SystemRoot\System32\drivers\hidkmdf.sys
\SystemRoot\System32\drivers\wacomrouterfilter.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\DRIVERS\file_protector.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\PSINFile.sys
\SystemRoot\system32\DRIVERS\PSINProc.sys
\SystemRoot\system32\DRIVERS\PSINReg.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\virtual_file.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\hvservice.sys
\SystemRoot\system32\drivers\winhvr.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\mqac.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
\SystemRoot\system32\DRIVERS\PSINAflt.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\npf.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSINProt.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------

rudi1949 16.03.2017 05:08
Hier Teil 2

Code:
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.83" is compressed (flags = 1)
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1024002048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1203664896-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1956603904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-1-233515008-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.576.14393.0

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, F:\ DRIVE_FIXED, G:\ DRIVE_FIXED, I:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 3.093000 GHz
Memory total: 8571777024, free: 5638066176

Initializing...
======================
------------ Kernel report ------------
    03/16/2017 09:48:23
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\DRIVERS\FLGuard.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\hotcore3.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\SysWOW64\WinFLAdrv.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\NNSNAHSL.sys
\SystemRoot\system32\DRIVERS\eve.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\System32\drivers\uim_im.sys
\SystemRoot\System32\drivers\UimFIO.SYS
\SystemRoot\System32\drivers\uim_devim.sys
\SystemRoot\System32\drivers\UimBus.sys
\??\C:\WINDOWS\Sleen1964.sys
\SystemRoot\system32\DRIVERS\PSINKNC.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\NNSTLSC.sys
\SystemRoot\system32\DRIVERS\NNSSTRM.sys
\SystemRoot\system32\DRIVERS\NNSSMTP.sys
\SystemRoot\system32\DRIVERS\NNSPRV.sys
\SystemRoot\system32\DRIVERS\NNSPROT.sys
\SystemRoot\system32\DRIVERS\NNSPOP3.sys
\SystemRoot\system32\DRIVERS\NNSPIHSW.sys
\SystemRoot\system32\DRIVERS\NNSPICC.sys
\SystemRoot\system32\DRIVERS\NNSIDS.sys
\SystemRoot\system32\DRIVERS\NNSHTTPS.sys
\SystemRoot\system32\DRIVERS\NNSHTTP.sys
\SystemRoot\system32\DRIVERS\NNSALPC.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\Drivers\eusk2par-amd64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\PTSimBus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\Spyder3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\wachidrouter.sys
\SystemRoot\System32\drivers\hidkmdf.sys
\SystemRoot\System32\drivers\wacomrouterfilter.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\file_protector.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\PSINProc.sys
\SystemRoot\system32\DRIVERS\PSINFile.sys
\SystemRoot\system32\DRIVERS\PSINReg.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\virtual_file.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\mslldp.sys
\??\D:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\hvservice.sys
\SystemRoot\system32\drivers\winhvr.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\npf.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSINAflt.sys
\SystemRoot\system32\DRIVERS\PSINProt.sys
\SystemRoot\system32\drivers\mqac.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\??\C:\Windows\SysWow64\WinVDEdrv.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
----------- End -----------
Done!

Scan started
Database versions:
  main:    v2017.03.15.08
  rootkit: v2017.03.11.01

<<<2>>>
Physical Sector Size: 512
Drive: 3, DevicePointer: 0xffff9f88a823a610, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f88a823b040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f88a823a610, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f88a73939b0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9f88a7da2060, DeviceName: \Device\Ide\IdeDeviceP3T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffff9f88a8236470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f88a8237040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f88a8236470, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f88a7d9cc40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9f88a73ff060, DeviceName: \Device\Ide\IdeDeviceP4T0L0-5\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 331278BE

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1024000000
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 1024002048  Numsec = 179662848
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1203664896  Numsec = 2703360000
    Partition is not bootable
    Partition file system is NTFS

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffff9f88a8238060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f88a8238ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f88a8238060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f88a7d97550, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9f88a7da6060, DeviceName: \Device\Ide\IdeDeviceP2T0L0-3\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: F612D630

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 1956599808
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1956603904  Numsec = 1950420992
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffff9f88a8239060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffff9f88a8239ae0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffff9f88a8239060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffff9f88a7389e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffff9f88a7da0060, DeviceName: \Device\Ide\IdeDeviceP2T1L0-8\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: AA2FCA67

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 63  Numsec = 2930272002
    Partition is not bootable
    Partition file system is NTFS

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 1500301910016 bytes
Sector size: 512 bytes

Done!
Drive 3
This is a System drive
Scanning MBR on drive 3...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D3967C50

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 233512960
    Partition is bootable
    Partition file system is NTFS

    Partition 1 type is Other (0x27)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 233515008  Numsec = 921600
    Partition is not bootable
    Partition file system is NTFS

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
    Partition is not bootable

Disk Size: 120034123776 bytes
Sector size: 512 bytes

Done!
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNELBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\apphelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\psapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\user32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\win32u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gdi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\GDI32FULL.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\advapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvcrt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sechost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcrt4.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sspicli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CRYPTBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\BCRYPTPRIMITIVES.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\imm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shlwapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\combase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ucrtbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shell32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cfgmgr32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STORAGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\powrprof.dll" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\KERNEL.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\version.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SHCore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ole32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wintrust.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\crypt32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\imagehlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wininet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ws2_32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\comdlg32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleaut32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\userenv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winmm.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.14393.447_none_5507ded2cb4f7f4c\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winspool.drv" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINMMBASE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netutils.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sfc_os.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bcrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rsaenh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\uxtheme.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iertutil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ONDEMANDCONNROUTEHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IPHLPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\winhttp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mswsock.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winnsi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\urlmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasadhlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FWPUCLNT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msctf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tiptsf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dwmapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wtsapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winsta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntmarta.dll" is sparse (flags = 32768)
File "C:\Windows\System32\clbcatq.dll" is sparse (flags = 32768)
File "C:\Windows\System32\propsys.dll" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\UIAUTOMATIONCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sxs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\oleacc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\twinapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TWINAPI.APPCORE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\coml2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mssprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\linkinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntshrui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\srvcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\smss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\csrss.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wininit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\winlogon.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\services.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\lsass.exe" is sparse (flags = 32768)
File "C:\Windows\System32\svchost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\dwm.exe" is sparse (flags = 32768)
File "C:\Windows\System32\setupapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devobj.dll" is sparse (flags = 32768)
File "C:\Windows\System32\devrtl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\spinf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drvstore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\spoolsv.exe" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DHCPCSVC6.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscoree.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9268_none_d08e1538442a243e\msvcr80.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NapiNSP.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpnsp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlaapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\winrnr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shfolder.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dfscli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbemcomn.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wbemsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\fastprox.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dpapi.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCR120_CLR0400.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\40571abae9422cd2ca6fafbbde1c3cdc\mscorlib.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08da6b6698b412866e6910ae9b84f363\System.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\010ca03bc4ce0e90aba17cf53dfaa3b0\System.ServiceProcess.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Confe64a9051#\05ab415fda98063ea52877978eb1cb4f\System.Configuration.Install.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f6ebd52be27fe627fed0d185c6a9c0d5\System.Core.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\a390fa28b40e5b0bfd357371211f470d\System.ServiceModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\d842ac6dc0b94d7516b2d43a62b8f4d7\System.ServiceModel.Internals.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\aa9c29b70b4cceab890eb841f89d73e9\System.Configuration.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\1b144b0155aa14719ac0b83f038abbd5\SMDiagnostics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7532301b00fac8def2f526ca8b480e11\System.Xml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\213003369298faf75651a6b8981dce12\System.Runtime.Serialization.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\5802392cd3e3a6f3921aabc3241bb561\System.IdentityModel.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\6ba98b6eeadccf682c0cc876bcc548da\System.Net.Http.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\security.dll" is sparse (flags = 32768)
File "C:\Windows\System32\secur32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\httpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pdh.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cryptnet.dll" is sparse (flags = 32768)
File "C:\Windows\System32\webio.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schannel.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSKEYPROTECT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ncrypt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ntasn1.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Wldap32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\logoncli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCRYPTSSLP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fltLib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimg32.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.14393.321_none_baab3cb4359688b4\GdiPlus.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml3.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlanapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\netprofm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\npmproxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FIREWALLAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fwbase.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSHIM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPAPI.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mstask.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dasHost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiPrvSE.exe" is sparse (flags = 32768)
File "C:\Windows\System32\mqsvc.exe" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcr90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\odbc32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbghelp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dbgcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wshqos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WSHTCPIP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wship6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHINDEXER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\conhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wermgr.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wermgr.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sihost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\TASKHOSTW.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\System32\actxprxy.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9\comctl32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWSCODECS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THUMBCACHE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHOTOMETADATAHANDLER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\POLICYMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSVCP110_WIN.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RUNTIMEBROKER.EXE" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\explorer.exe" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web.Services\7e37a4f7ac90e8a80cc2bfc7429dd2c1\System.Web.Services.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rtutils.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\a280fac0c231c9d6d5f1274c2180d594\System.Management.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WMINET_UTILS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\wmiutils.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\edputil.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcacli.dll" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\SHELLEXPERIENCEHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe" is sparse (flags = 32768)
File "C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe" is sparse (flags = 32768)
File "C:\Windows\System32\wsock32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atmlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DWrite.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msiltcfg.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_51cd0a7abbe4e19b\ATL90.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v2.0.50727\DIASYMREADER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\oledlg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samcli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Faultrep.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.9247_none_5090cb78bcba4a35\msvcp90.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\samlib.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msxml6.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DATAEXCHANGE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d11.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcomp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dxgi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\idndl.dll" is sparse (flags = 32768)
File "C:\Windows\System32\normaliz.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mscms.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icm32.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\051a282e157a228405b2e0d867c3ce1d\PresentationCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\5272cb4aeec65bec2fffb45e9cb22910\PresentationFramework.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5751e969e4789e60d3ad463cb6024006\WindowsBase.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\04c4f83e0b62ff553abff98943e45f42\System.Xaml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFGFX_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PRESENTATIONNATIVE_V0400.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSCORSECIMPL.DLL" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c2abcda8f96d67fa6ff5665fd21dddff\System.Drawing.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c02fbf560e52a1aab432a90d4c613af4\System.Windows.Forms.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\def8702c6e883330fb8cb8e3f5c5e665\PresentationFramework.Aero2.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\System32\d3d9.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a6349c#\6af063d01a7341bd43c8c4775e6a7144\PresentationFramework-SystemCore.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\5237480aedaa4904c6fd85dae99af471\System.Numerics.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\6e975e2acfc33e1c706f00bf2942e187\System.Xml.Linq.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\720259e39ef1331fa96a3242ad50f25a\System.Data.ni.dll" is sparse (flags = 32768)
File "C:\Windows\System32\taskschd.dll" is sparse (flags = 32768)
File "C:\Windows\System32\xmllite.dll" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PenIMC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wisp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\atlthunk.dll" is sparse (flags = 32768)
File "C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\tpcps.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\bc02b10ad9ab83121bc8d4efdfdbddd6\PresentationFramework-SystemXml.ni.dll" is sparse (flags = 32768)
File "C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\32e8814a6a6fb0730134a52c7343244f\PresentationFramework-SystemData.ni.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcSpecfc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ddraw.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dciman32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msimtf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davclnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\davhlpr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mapi32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EXPLORERFRAME.DLL" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_4bf7e3e2bf9ada4c\mfc90u.dll" is sparse (flags = 32768)
File "C:\Windows\WinSxS\x86_microsoft.vc90.mfcloc_1fc8b3b9a1e18e3b_9.0.30729.6161_none_49768ef57548175e\MFC90DEU.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\mlang.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msident.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pstorec.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msoeacct.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msoert2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetcomm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768)
File "C:\Windows\System32\INETRES.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ACCTRES.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hlink.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHELL.SERVICEHOSTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WinTypes.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\AppPatch\AcGenral.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msacm32.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ninput.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usp10.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hid.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credui.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\AudioSes.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MMDevAPI.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIRECTMANIPULATION.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FWPOLICYIOMGR.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\bthprops.cpl" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fontsub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mf.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mfplat.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RTWorkQ.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MSMPEG2VDEC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFPERFHELPER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dxva2.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msvproc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\D3DCOMPILER_47.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MFH264ENC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHPROTOCOLHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SEARCHFILTERHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\rstrui.exe" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\ONEDRIVESETUP.EXE" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\wab.exe" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\credssp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\userinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\scecli.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msv1_0.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\kerberos.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdigest.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TSpkg.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pku2u.dll" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\appid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AcpiDev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\1394ohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\flpydisk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspclock.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\isapnp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipmi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\Locator.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdk8.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpipagr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\afd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpiex.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\acpitime.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BthhfHid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\asyncmac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mpsdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ahcache.sys" is sparse (flags = 32768)
File "C:\Windows\System32\alg.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICRENDER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\amdppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPLOCKERFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pciide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\APPVCLIENT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppVStrm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\AppvVfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\APPVVEMGR.SYS" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ASPNET_STATE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcnfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wcifs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srv2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\atapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BASICDISPLAY.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ndu.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bowser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHAVRCPTG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BTHHFENUM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bthmodem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\BUTTONCONVERTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\clfs.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSVCHOST.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cdrom.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\circlass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msiscsi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\registry.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mup.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CmBatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\cng.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\csc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\CNGHWASSIST.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\dllhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\condrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dam.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\partmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dfsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\disk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NETADAPTERCX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssecflt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\DiagSvcs\DIAGNOSTICSHUB.STANDARDCOLLECTOR.SERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dmvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\drmkaud.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serial.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\dxgkrnl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpip.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORCLASS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\EHSTORTCGDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\errdev.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\parport.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILECRYPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmstorfl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fileinfo.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipfltdrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FILETRACE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\msisadrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mstee.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nsiproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fltMgr.sys" is sparse (flags = 32768)
File "C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PRESENTATIONFONTCACHE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\srvnet.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\FSDEPENDS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\STORQOSFLT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\fvevol.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMGENCOUNTER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndisuio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOCLX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\GPUENERGYDRV.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasl2tp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hdaudbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbatt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidbth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidi2c.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HIDINTERRUPT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hidusb.sys" is sparse (flags = 32768)
File "C:\Windows\SysWOW64\perfhost.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\http.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\HVSERVICE.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hwpolicy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\hyperkbd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndproxy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\i8042prt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WPDUPFLTR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\INDIRECTKMD.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelide.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelpep.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\intelppm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdFilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\iorate.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\scfilter.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\IPMIDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ipnat.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irda.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\irenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\kbdhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecdd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksecpkg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ksthunk.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\lltdio.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\luafv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UEVAGENTDRIVER.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcmcia.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwififlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mqac.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mmcss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mskssrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wimmount.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxdav.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\modem.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mspqm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouclass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mouhid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mountmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ufx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Ucx01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb10.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mrxsmb20.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\bridge.sys" is sparse (flags = 32768)
File "C:\Windows\System32\VSSVC.exe" is sparse (flags = 32768)
File "C:\Windows\System32\msdtc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSGPIOWIN32.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDKMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MSHIDUMDF.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\msiexec.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mslldp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\mssmbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\MTConfig.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\nwifi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbios.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndis.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiscap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISIMPLATFORM.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndistapi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NDISVIRTUALBUS.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ndiswan.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\netbt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\NPSVCTRIG.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pcw.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pdc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\PEAuth.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\qwavedrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspptp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\processr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\pacer.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rasacd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\agilevpn.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\raspppoe.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rassstp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdbss.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdpdr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\RDPVIDEOMINIPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rdyboost.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\rspndr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vms3cap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sfloppy.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sbp2port.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\swenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sdbus.sys" is sparse (flags = 32768)
File "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORDATASERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SpbCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\serenum.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SerCx2.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\sermouse.sys" is sparse (flags = 32768)
File "C:\Windows\System32\snmptrap.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\SPACEPORT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\sppsvc.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storahci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\stornvme.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storufs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\storvsc.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tcpipreg.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tpm.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tdx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vdrvroot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\terminpt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\TIERINGENGINESERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\servicing\TRUSTEDINSTALLER.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbFlt.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\TsUsbGD.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\tsusbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uaspstor.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Udecx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UcmCx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\UCMTCPCICX.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbccgp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\uefi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\udfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AGENTSERVICE.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\UI0DETECT.EXE" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbhub.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbcir.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\umpass.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\URSCX01000.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBAUDIO.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBXHCI.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbuhci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbohci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbehci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBHUB3.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbprint.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\usbser.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\USBSTOR.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\vds.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VERIFIEREXT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhdmp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vhf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmbus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\VMBusHID.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vmgid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgr.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volmgrx.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volsnap.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\volume.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vpci.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vsmraid.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\vwifibus.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wacompen.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFRd.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wanarp.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\winusb.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbengine.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdBoot.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\Wdf01000.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdiWiFi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WdNisDrv.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wfplwfs.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WINDOWSTRUSTEDRT.SYS" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\wmiacpi.sys" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WmiApSrv.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Media Player\wmpnetwk.exe" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\ws2ifsl.sys" is sparse (flags = 32768)
File "C:\Windows\System32\drivers\WUDFPf.sys" is sparse (flags = 32768)
File "C:\Windows\System32\AJRouter.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.STATEREPOSITORY.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AUDIOENDPOINTBUILDER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WALLETSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPXDEPLOYMENTSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\EMBEDDEDMODESVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\APPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umpnpmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rpcss.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appinfo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\audiosrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\appmgmts.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dcpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APPREADINESS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\AxInstSv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RpcEpMap.dll" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\CDPUSERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\dssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bdesvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BFE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLAUTHMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netman.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVICESETUPMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cdpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\cscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\umpo.dll" is sparse (flags = 32768)
File "C:\Windows\System32\qmgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ListSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lltdsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dhcpcore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\browser.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\BthHFSrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\profsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\bthserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\provsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\das.dll" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\LICENSEMANAGERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\certprop.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DMWAPPUSHSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ClipSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\COREMESSAGING.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\cryptsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TETHERINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEFRAGSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DEVQUERYBROKER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wscsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WsmSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wersvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wecsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcmsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wkssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dot3svc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\DIAGTRACK.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.INTERNAL.MANAGEMENT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\fdPHost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dnsrslvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\dps.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WERCPLSUPPORT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\eapsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\efssvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\ENTERPRISEAPPMGMTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FntCache.dll" is sparse (flags = 32768)
File "C:\Windows\System32\es.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sdrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FRAMESERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\srvsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FDResPub.dll" is sparse (flags = 32768)
File "C:\Windows\System32\upnphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\fhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\gpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\hidserv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\HVHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\IKEEXT.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iphlpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\irmon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\keyiso.dll" is sparse (flags = 32768)
File "C:\Windows\System32\msdtckrm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lfsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lmhsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ipnathlp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\lsm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\moshost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MESSAGINGSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\MPSSVC.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\iscsiexe.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nsisvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\nlasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ngcsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NcaSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCDAUTOSETUP.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NCBSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\netlogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\trkwks.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETPROFMSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NETSETUPSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\icsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\NGCCTNRSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\APHOSTSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pcasvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\p2psvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\PEERDISTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PHONESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\PIMINDEXMAINTENANCE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\pla.dll" is sparse (flags = 32768)
File "C:\Windows\System32\pnrpauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\icsvcext.dll" is sparse (flags = 32768)
File "C:\Windows\System32\IPSECSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\qwave.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasauto.dll" is sparse (flags = 32768)
File "C:\Windows\System32\rasmans.dll" is sparse (flags = 32768)
File "C:\Windows\System32\mprdim.dll" is sparse (flags = 32768)
File "C:\Windows\System32\regsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RDXSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\RMapi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\schedsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SCardSvr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBLGAMESAVE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SCDEVICEENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\seclogon.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Sens.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SENSORSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\sensrsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SessEnv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\shsvcs.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WINDOWS.SHAREDPC.ACCOUNTMANAGER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TILEOBJSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\smphost.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SMSROUTERSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\StorSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sstpsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\ssdpsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wiaservc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\svsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\swprv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\iisw3adm.dll" is sparse (flags = 32768)
File "C:\Windows\System32\sysmain.dll" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\SYSTEMEVENTSBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TabSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\termsrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\tapisrv.dll" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\THEMESERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TIMEBROKERSERVER.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\TZAUTOUPDATE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\umrdp.dll" is sparse (flags = 32768)
File "C:\Windows\System32\Unistore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\USERDATASERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\usermgr.dll" is sparse (flags = 32768)
File "C:\Windows\System32\usocore.dll" is sparse (flags = 32768)
File "C:\Windows\System32\vaultsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\w32time.dll" is sparse (flags = 32768)
File "C:\Windows\System32\inetsrv\w3logsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbiosrvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wwansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WUDFSvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlidsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wlansvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wcncsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wdi.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WebClnt.dll" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WEPHOSTSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wiarpc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\wbem\WMIsvc.dll" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\FLIGHTSETTINGS.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WORKFOLDERSSVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPDBUSENUM.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\WPNUSERSERVICE.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\wuaueng.dll" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\XBOXNETAPISVC.DLL" is sparse (flags = 32768)
File "C:\Windows\System32\rundll32.exe" is sparse (flags = 32768)
File "C:\Program Files\Windows Mail\WinMail.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\unregmp2.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\ie4uinit.exe" is sparse (flags = 32768)
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
------------ Kernel report ------------
    03/16/2017 10:24:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\cng.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\intelpep.sys
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\imofugc.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\pciide.sys
\SystemRoot\System32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\atapi.sys
\SystemRoot\System32\drivers\ataport.SYS
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\DRIVERS\file_tracker.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\system32\DRIVERS\tib.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\system32\DRIVERS\fltsrv.sys
\SystemRoot\system32\DRIVERS\FLGuard.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\system32\DRIVERS\timntr.sys
\SystemRoot\system32\DRIVERS\hotcore3.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volume.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\system32\DRIVERS\snapman.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\drivers\iorate.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\SysWOW64\WinFLAdrv.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\NNSNAHSL.sys
\SystemRoot\system32\DRIVERS\eve.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\csc.sys
\??\C:\WINDOWS\System32\drivers\zamguard64.sys
\??\C:\WINDOWS\System32\drivers\zam64.sys
\SystemRoot\System32\drivers\veracrypt.sys
\SystemRoot\System32\drivers\uim_im.sys
\SystemRoot\System32\drivers\UimFIO.SYS
\SystemRoot\System32\drivers\uim_devim.sys
\SystemRoot\System32\drivers\UimBus.sys
\??\C:\WINDOWS\Sleen1964.sys
\SystemRoot\system32\DRIVERS\PSINKNC.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\system32\DRIVERS\NNSTLSC.sys
\SystemRoot\system32\DRIVERS\NNSSTRM.sys
\SystemRoot\system32\DRIVERS\NNSSMTP.sys
\SystemRoot\system32\DRIVERS\NNSPRV.sys
\SystemRoot\system32\DRIVERS\NNSPROT.sys
\SystemRoot\system32\DRIVERS\NNSPOP3.sys
\SystemRoot\system32\DRIVERS\NNSPIHSW.sys
\SystemRoot\system32\DRIVERS\NNSPICC.sys
\SystemRoot\system32\DRIVERS\NNSIDS.sys
\SystemRoot\system32\DRIVERS\NNSHTTPS.sys
\SystemRoot\system32\DRIVERS\NNSHTTP.sys
\SystemRoot\system32\DRIVERS\NNSALPC.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS
\SystemRoot\System32\drivers\gpuenergydrv.sys
\??\C:\Windows\system32\Drivers\eusk2par-amd64.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Windows\system32\drivers\AntiLog64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_a140581a8f8b58b7\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\drivers\P17.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\fdc.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\serial.sys
\SystemRoot\System32\drivers\serenum.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\drivers\nvvad64v.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\PTSimBus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\usbscan.sys
\SystemRoot\System32\drivers\usbprint.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\drivers\Spyder3.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\drivers\kbdhid.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\wachidrouter.sys
\SystemRoot\System32\drivers\hidkmdf.sys
\SystemRoot\System32\drivers\wacomrouterfilter.sys
\SystemRoot\system32\DRIVERS\lvuvc64.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\lvrs64.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\wcifs.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\file_protector.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\DRIVERS\PSINProc.sys
\SystemRoot\system32\DRIVERS\PSINFile.sys
\SystemRoot\system32\DRIVERS\PSINReg.sys
\SystemRoot\system32\drivers\wcnfs.sys
\SystemRoot\system32\DRIVERS\tifsfilt.sys
\SystemRoot\system32\DRIVERS\virtual_file.sys
\SystemRoot\System32\drivers\registry.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\mslldp.sys
\??\D:\Program Files\Sandboxie\SbieDrv.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\??\C:\Windows\system32\drivers\acedrv11.sys
\SystemRoot\system32\drivers\hvservice.sys
\SystemRoot\system32\drivers\winhvr.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\??\C:\WINDOWS\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\npf.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\system32\DRIVERS\PSINAflt.sys
\SystemRoot\system32\DRIVERS\PSINProt.sys
\SystemRoot\system32\drivers\mqac.sys
\??\C:\Windows\system32\Drivers\SSPORT.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\tib_mounter.sys
\??\C:\Windows\SysWow64\WinVDEdrv.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\LVPr2M64.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
\SystemRoot\system32\Drivers\WdNisDrv.sys
\??\C:\WINDOWS\system32\drivers\mwac.sys
\??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys
\??\C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys
\??\C:\WINDOWS\system32\drivers\mbamchameleon.sys
\??\D:\Program Files\OSFMount\OSFMount.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
----------- End -----------
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.79" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.7C" is compressed (flags = 1)
File "C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-8C967D07D005F026E454FA1EE4B6C1C94E41266D.bin.83" is compressed (flags = 1)
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-1-1024002048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-2-1203664896-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-1-1-1956603904-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-2-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-2-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-3-1-233515008-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-3-r.mbam...
Removal finished

cosinus 16.03.2017 10:48
- Anleitung richtig lesen
- richtiges Log posten
- beachten was zu tun ist wenn MBAR fündig wurde

rudi1949 16.03.2017 13:22
Oh, Eentschuldigung!
Hier das 1. Log:
Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.15.08
  rootkit: v2017.03.11.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Rudi :: RUDI-PC [administrator]

16.03.2017 07:23:28
mbar-log-2017-03-16 (07-23-28).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 575992
Time elapsed: 1 hour(s), 4 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files\CCleaner\cr-piriform.exe (RiskWare.Agent.Keygen) -> Delete on reboot. [f75d2e9c2b7d86b0bf11fba456aa768a]

Physical Sectors Detected: 0
(No malicious items detected)

(end)
Und hier das 2. Log nach dem zweiten Durchlauf.
Code:
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.03.15.08
  rootkit: v2017.03.11.01

Windows 10 x64 NTFS
Internet Explorer 11.576.14393.0
Rudi :: RUDI-PC [administrator]

16.03.2017 09:48:37
mbar-log-2017-03-16 (09-48-37).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 576067
Time elapsed: 1 hour(s), 10 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 16.03.2017 13:58
Zitat:
C:\Program Files\CCleaner\cr-piriform.exe (RiskWare.Agent.Keygen) -
Lesestoff:
Illegale Software: Cracks, Keygens und Co

Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.

rudi1949 17.03.2017 06:03
Sorry! Das hatte wohl mein Enkel installiert/benutzt. Habe jetzt eine Ccleaner Prof. Lizenz gekauft.

MfG, Rudi

cosinus 17.03.2017 09:58
Die rede war von: Crack löschen, Programm deinstallieren - sonst gehts hier nicht weiter.

rudi1949 17.03.2017 12:42
Das wollte ich damit auch aussagen.
Altes Programm deinstalliert, neues installiert und aktiviert.

cosinus 17.03.2017 12:53
Und deiner Programminstallation seh ich jetzt wie an, dass es nicht gecrackt ist?

rudi1949 17.03.2017 14:20
Hallo cosinus!
Ok, laß es gut ein!
Ich wollte sowieso irgendwann das System neu aufsetzen. Werde ich das halt vorziehen und denke, daß das Problem dann auch gelöst ist.
Wie Ihr schreibt, seid Ihr zwar nicht die Internetpolizei, aber warum tut ihr dann so? Daß Ihr Crackware nicht toleriert ist Euer recht und auch in Ordnung. Bin ich bei Euch. Daß Du aber unberechtigte Zweifel an meiner Aussage hegst, hat mit diesem Standpunkt nichts zu tun und finde ich auch, ich sage es mal so, befremdlich.
Mehr will ich dazu jetzt nichts mehr sagen.
Falls Du mir doch noch kurzfristig und unkompliziert helfen willst, lasse es mich bitte wissen. Ansonsten vielen Dank für die bisherigen, leider noch fruchtlosen, Bemühungen.

MfG, Rudi

cosinus 17.03.2017 14:21
ccleaner deinstallieren und weiter gehts. Ist doch ganz easy oder?


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:21 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55