Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook account hacked - Roguekiller found a rootkit (kernel?)


  • This topic is locked This topic is locked
14 replies to this topic

#1 fengil

fengil

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 22 January 2015 - 08:04 AM

Hello, 

 

i woke up today and i found out that my Facebook account was hacked, fortunately Facebook blocked it right away because the ip of the violator was from Taiwan.

Since then, i didn't logged in any of my other account, i need to be sure that the malevolant file is gone.

 

I did a Roguekiller scan, that redirected me to the Roguekiller site, warning me about kernel rootkit etc..

I did an AntiMalwareBytes scan, that supressed about 10 files, and now when i run Roguekiller, it doesn't redirect me to the previous page.

 

In the Anti Rootkit session, there's only green lines , but two of the same names where orange before the Malwarebytes scan and supression.

 

 
Do you think it's gone or is it still hiding?
 
 
DDS : 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16521  BrowserJavaVersion: 10.71.2
Run by Remi at 14:17:05 on 2015-01-22
Microsoft Windows 7 Professionnel   6.1.7601.1.1252.33.1036.18.12286.7974 [GMT 1:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\ma-config.com\MaConfigAgent.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Remi\Desktop\mbar\mbar.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
StartupFolder: C:\Users\Remi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Envoyer à OneNote - C:\PROGRA~2\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xporter vers Microsoft Excel - C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: %windir%\system32\vsocklib.dll
Trusted Zone: line6.net
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{934D53E4-493B-474F-A649-A3089F3B0DE3} : NameServer = 212.27.40.240,212.27.40.241
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - <orphaned>
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2014-4-9 73296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-7-22 283200]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-3-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2014-2-8 9216]
R2 MaConfigAgent;Ma-Config Agent;C:\Program Files\ma-config.com\MaConfigAgent.exe [2014-1-20 2818896]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2014-12-29 5426448]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2013-10-9 905272]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
R3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2015-1-22 93400]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2015-1-22 136408]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-5-10 97792]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-5-10 217600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-20 646248]
R3 RzSynapse;Razer Driver;C:\Windows\System32\drivers\RzSynapse.sys [2011-11-15 126464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-1-22 1871160]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-1-22 969016]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2014-3-24 448384]
S3 CompFilter64;UVCCompositeFilter;C:\Windows\System32\drivers\lvbflt64.sys [2012-1-18 25632]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-12 111616]
S3 L6UX2;Service - Line 6 UX2;C:\Windows\System32\drivers\L6UX264.sys [2013-7-11 772864]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 ma-config_amd64;ma-config_amd64;C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [2013-10-23 17568]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-1-22 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-1-22 63704]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2014-7-8 1903472]
S3 StorSvc;Service de stockage;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-10-18 14405200]
S3 WatAdminSvc;Service Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-20 1255736]
.
=============== Created Last 30 ================
.
2015-01-22 12:48:48 79064 ----a-w- C:\Windows\System32\drivers\atghvbhn.sys
2015-01-22 12:31:46 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-22 12:31:46 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-22 12:31:46 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-22 12:30:29 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCB8BAAA-BDE3-42ED-9C70-73CE8D9B9F7C}\offreg.dll
2015-01-22 12:21:59 -------- d-----w- C:\ProgramData\Malwarebytes
2015-01-22 12:21:49 136408 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-22 12:21:49 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-22 12:16:52 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-21 02:45:32 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CCB8BAAA-BDE3-42ED-9C70-73CE8D9B9F7C}\mpengine.dll
2015-01-11 23:00:29 -------- d-----w- C:\Program Files (x86)\ggRO [LITE]
.
==================== Find3M  ====================
.
2015-01-22 12:57:24 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2015-01-08 08:55:52 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-10-31 10:49:18 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 14:17:13,95 ===============
 

Attached Files


Edited by fengil, 22 January 2015 - 08:27 AM.


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 23 January 2015 - 01:07 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 fengil

fengil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 23 January 2015 - 02:05 PM

Hello, thanks for your reply,

 

Here are the logs :

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
Ran by Remi (administrator) on REMI-PC on 23-01-2015 20:01:58
Running from C:\Users\Remi\Desktop
Loaded Profiles: Remi (Available profiles: Remi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\Users\Remi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [cwbNotSynchroOverlay] -> {d8d92f57-17f6-4696-a8c0-6b74beeae2a4} => C:\Program Files\Cloudwatt-box\cwbNotSynchroOverlay.dll No File
ShellIconOverlayIdentifiers: [cwbRoomIconOverlay] -> {ae160070-f8ff-41d8-b950-ad6a7de8b1a1} => C:\Program Files\Cloudwatt-box\cwbRoomOverlay.dll No File
ShellIconOverlayIdentifiers: [cwbSynchroOverlay] -> {49ec8ded-d8a3-49c9-b27d-781fcca3fa00} => C:\Program Files\Cloudwatt-box\cwbSynchroOverlay.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{934D53E4-493B-474F-A649-A3089F3B0DE3}: [NameServer] 212.27.40.240,212.27.40.241
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.fr/"
CHR Profile: C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-22]
CHR HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Remi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-28]
CHR HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-13] ()
R2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2818896 2014-01-20] (CybelSoft)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-22] (DT Soft Ltd)
S3 L6UX2; C:\Windows\System32\Drivers\L6UX264.sys [772864 2013-07-11] (Line 6)
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2013-10-23] (CybelSoft)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 20:01 - 2015-01-23 20:02 - 00016073 _____ () C:\Users\Remi\Desktop\FRST.txt
2015-01-23 20:01 - 2015-01-23 20:02 - 00000000 ____D () C:\FRST
2015-01-23 20:01 - 2015-01-23 20:01 - 02126848 _____ (Farbar) C:\Users\Remi\Desktop\FRST64.exe
2015-01-22 14:24 - 2015-01-22 14:37 - 00000021 _____ () C:\Users\Remi\Desktop\Nouveau document texte.txt
2015-01-22 14:15 - 2015-01-22 14:17 - 00014669 _____ () C:\Users\Remi\Desktop\dds.txt
2015-01-22 14:15 - 2015-01-22 14:17 - 00006750 _____ () C:\Users\Remi\Desktop\attach.txt
2015-01-22 14:15 - 2015-01-22 14:15 - 00001751 _____ () C:\Users\Remi\Desktop\roguekiller.txt
2015-01-22 14:13 - 2015-01-22 14:14 - 00688992 ____R (Swearware) C:\Users\Remi\Downloads\dds.com
2015-01-22 13:48 - 2015-01-22 13:48 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\atghvbhn.sys
2015-01-22 13:48 - 2015-01-22 13:48 - 00002236 _____ () C:\Windows\SysWOW64\pffsh
2015-01-22 13:31 - 2015-01-22 13:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 13:31 - 2015-01-22 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 13:31 - 2015-01-22 13:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-22 13:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 13:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 13:30 - 2015-01-22 13:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Remi\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-22 13:24 - 2015-01-22 13:25 - 18570328 _____ () C:\Users\Remi\Desktop\RogueKillerX64.exe
2015-01-22 13:21 - 2015-01-23 18:21 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 13:21 - 2015-01-22 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-22 13:21 - 2015-01-22 13:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 13:16 - 2015-01-22 14:23 - 00000000 ____D () C:\Users\Remi\Desktop\mbar
2015-01-22 13:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 13:13 - 2015-01-22 13:16 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Remi\Downloads\mbar-1.08.3.1004.exe
2015-01-20 22:19 - 2015-01-20 22:27 - 58031161 _____ () C:\Users\Remi\Documents\UnderTheSkinBON.wmv
2015-01-20 03:31 - 2015-01-20 03:54 - 57223149 _____ () C:\Users\Remi\Documents\UnderTheSkin.wmv
2015-01-20 01:26 - 2015-01-20 23:47 - 00031656 _____ () C:\Users\Remi\Documents\Sans titre.veg
2015-01-20 01:26 - 2015-01-20 04:25 - 00032000 _____ () C:\Users\Remi\Documents\Sans titre.veg.bak
2015-01-19 22:23 - 2015-01-19 22:27 - 00010024 _____ () C:\Users\Remi\Desktop\quality riff.gp5
2015-01-19 17:53 - 2015-01-19 17:53 - 00276216 _____ () C:\Windows\Minidump\011915-19390-01.dmp
2015-01-19 17:14 - 2015-01-19 17:14 - 00276216 _____ () C:\Windows\Minidump\011915-24523-01.dmp
2015-01-18 02:02 - 2015-01-18 02:02 - 00033179 _____ () C:\Users\Remi\Desktop\test3.gp5
2015-01-18 01:52 - 2015-01-18 01:52 - 00005135 _____ () C:\Users\Remi\Desktop\test2.gp5
2015-01-18 01:45 - 2015-01-18 01:45 - 00004924 _____ () C:\Users\Remi\Desktop\test.gp5
2015-01-18 01:41 - 2015-01-18 01:52 - 00017024 _____ () C:\Users\Remi\Desktop\test.gpx
2015-01-18 01:31 - 2015-01-18 01:31 - 00006356 _____ () C:\Users\Remi\Desktop\carnival.gp5
2015-01-17 13:33 - 2015-01-17 13:33 - 00212379 _____ () C:\Users\Remi\Downloads\AMC [1].exe
2015-01-12 00:45 - 2015-01-12 00:45 - 00001387 _____ () C:\Users\Remi\Desktop\ggRO Patch Client.exe - Raccourci.lnk
2015-01-12 00:00 - 2015-01-12 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ggRO [LITE]
2015-01-12 00:00 - 2015-01-12 00:29 - 00000000 ____D () C:\Program Files (x86)\ggRO [LITE]
2015-01-11 23:51 - 2015-01-12 00:29 - 00000000 ____D () C:\Users\Remi\Downloads\ro
2015-01-11 18:31 - 2015-01-11 18:31 - 00028009 _____ () C:\Users\Remi\Desktop\compo-dark.gp5
2015-01-11 13:30 - 2015-01-19 17:12 - 00000000 ____D () C:\Users\Remi\Desktop\yassin
2015-01-01 20:29 - 2015-01-16 03:08 - 00000000 ____D () C:\Users\Remi\Downloads\Sylosis
2014-12-29 13:56 - 2014-12-29 13:56 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-29 12:48 - 2014-12-29 12:48 - 00000000 ____H () C:\Users\Remi\Documents\Default.rdp
2014-12-28 17:26 - 2015-01-11 01:44 - 00000000 ____D () C:\Users\Remi\Desktop\Paul
2014-12-25 16:44 - 2014-12-25 16:44 - 00010399 _____ () C:\Users\Remi\Desktop\GarrisonMissionManager-v16.zip
2014-12-25 10:23 - 2014-12-25 20:46 - 737544192 _____ () C:\Users\Remi\Downloads\Qu.est.Ce.Qu.on.A.Fait.Au.Bon.Dieu.2014.FRENCH.DVDRiP.XviD-ZT.avi
2014-12-25 10:22 - 2014-12-25 10:22 - 00001229 _____ () C:\Users\Remi\Desktop\Qu.est.Ce.Qu.on.A.Fait.Au.Bon.Dieu.2014.FRENCH.DVDRiP.XviD-ZT.avi.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-23 19:38 - 2013-07-20 15:40 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-23 19:19 - 2013-07-20 16:04 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Skype
2015-01-23 18:18 - 2013-07-21 12:27 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\vlc
2015-01-23 15:53 - 2013-07-20 14:55 - 01825989 _____ () C:\Windows\WindowsUpdate.log
2015-01-23 13:10 - 2014-02-13 18:07 - 00000000 ___RD () C:\Users\Remi\Google Drive
2015-01-23 13:10 - 2013-07-20 16:18 - 00000000 ___RD () C:\Users\Remi\Dropbox
2015-01-23 13:10 - 2013-07-20 16:03 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Dropbox
2015-01-23 13:09 - 2013-07-20 15:40 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-23 13:08 - 2014-08-26 08:56 - 00014422 _____ () C:\Windows\PFRO.log
2015-01-23 13:08 - 2014-08-19 07:03 - 00019423 _____ () C:\Windows\setupact.log
2015-01-23 13:08 - 2014-04-09 18:04 - 00000000 ____D () C:\ProgramData\VMware
2015-01-23 13:08 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-23 03:00 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 03:00 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 13:57 - 2014-10-02 10:36 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-21 01:41 - 2013-07-20 15:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 23:59 - 2013-07-21 12:29 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Audacity
2015-01-20 17:04 - 2013-07-20 15:33 - 00000000 ____D () C:\Users\Remi\Desktop\Remi
2015-01-20 03:52 - 2014-08-09 15:53 - 00000000 ____D () C:\Users\Remi\Desktop\morra
2015-01-19 17:53 - 2014-09-16 16:07 - 596316537 _____ () C:\Windows\MEMORY.DMP
2015-01-19 17:53 - 2013-09-02 18:42 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 17:53 - 2009-07-14 06:08 - 00032496 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-19 04:19 - 2013-12-11 20:04 - 00000000 ____D () C:\Users\Remi\AppData\Local\Battle.net
2015-01-17 19:31 - 2014-07-08 16:54 - 00000000 ____D () C:\ProgramData\Origin
2015-01-17 19:31 - 2014-07-08 16:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-16 03:19 - 2013-07-26 17:27 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\uTorrent
2015-01-15 13:17 - 2014-03-11 07:43 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-11 22:07 - 2014-12-05 00:07 - 00000000 ____D () C:\Users\Remi\Downloads\Game.of.Thrones.Episode.1-CODEX
2015-01-10 23:47 - 2013-08-09 18:43 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Mumble
2015-01-10 18:14 - 2014-08-19 09:18 - 00000000 ____D () C:\Users\Remi\Downloads\artefact
2015-01-09 14:26 - 2013-08-13 19:45 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\TS3Client
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 19:00 - 2014-12-05 15:18 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-01-05 13:42 - 2014-10-09 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-05 13:42 - 2013-07-20 16:00 - 00000000 ____D () C:\ProgramData\Skype
2014-12-30 12:01 - 2013-07-20 15:56 - 00118832 _____ () C:\Users\Remi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 11:58 - 2009-07-14 05:45 - 00463592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-29 13:57 - 2014-03-04 19:49 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-29 12:24 - 2011-04-12 10:16 - 00753152 _____ () C:\Windows\system32\perfh00C.dat
2014-12-29 12:24 - 2011-04-12 10:16 - 00152436 _____ () C:\Windows\system32\perfc00C.dat
2014-12-29 12:24 - 2009-07-14 06:13 - 01685832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 13:36 - 2014-08-31 12:19 - 00000049 _____ () C:\Users\Remi\Desktop\film a voir.txt
2014-12-24 01:48 - 2013-07-20 14:55 - 00000000 ____D () C:\Users\Remi
 
==================== Files in the root of some directories =======
2013-11-03 11:04 - 2014-05-07 11:45 - 0000016 _____ () C:\Users\Remi\AppData\Roaming\msregsvv.dll
2014-01-25 09:51 - 2014-02-14 08:51 - 0000123 _____ () C:\Users\Remi\AppData\Roaming\WB.CFG
2014-02-12 23:10 - 2014-02-13 18:07 - 0000313 _____ () C:\Users\Remi\AppData\Local\.txt
2013-11-03 11:04 - 2014-05-07 11:45 - 0000016 _____ () C:\ProgramData\autobk.inc
 
Some content of TEMP:
====================
C:\Users\Remi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Remi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaoekvw.dll
C:\Users\Remi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Remi\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Remi\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-17 14:09
 
==================== End Of Log ============================
 
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
Ran by Remi at 2015-01-23 20:02:32
Running from C:\Users\Remi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AmpliTube 3 version 3.8.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.8.0 - IK Multimedia)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.0.0 - Auslogics Labs Pty Ltd)
AVCWare Video Converter Platinum (HKLM-x32\...\AVCWare Video Converter Platinum) (Version: 7.0.0.1121 - AVCWare)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.1.0.50515 - Electronic Arts, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.2 - Toontrack)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
FastStone Capture 5.3 (French) (HKLM-x32\...\FastStone Capture) (Version: 5.3 (French) - FastStone Soft)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FontForge 2012-07-31 (HKLM-x32\...\FontForge) (Version: 2012-07-31 - )
FormatFactory 3.2.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.2.0.1 - Free Time)
Game of Thrones A Telltale Games Series (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version:  - )
ggRO [LITE] version 1.0.1 (HKLM-x32\...\{6243F980-AF6D-483E-BED1-F32BA1424479}_is1) (Version: 1.0.1 - gg Ragnarok Online)
GiveMeTac 1.1 (HKLM-x32\...\GiveMeTac_is1) (Version:  - Graphys © 2001-2004)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.99 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IK Multimedia Authorization Manager version 1.0.5 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.5 - IK Multimedia)
Infestation Survivor Stories version 1.0 (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: 1.0 - OP Productions LLC)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Ma-Config.com (64 bits) (HKLM\...\{CFF24F63-A683-4202-8526-3F9A77A3B0E8}) (Version: 7.1.2.4 - Cybelsoft)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{4D933DC4-EA10-4CDA-99F3-7F6AE9AE491F}) (Version: 1.2.4 - Thorvald Natvig)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NSIS Birdfont (HKLM-x32\...\Birdfont) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29195 - Grinding Gear Games)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PhotoFiltre 7 (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\PhotoFiltre 7) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2379.10 - Hi-Rez Studios)
SopCast 3.9.3 (HKLM-x32\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.5 - Synthesia LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Toontrack solo (HKLM-x32\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.2 - Toontrack)
Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.2 - Toontrack)
TuxGuitar 1.2 (HKLM-x32\...\TuxGuitar_0) (Version:  - )
Type light 3.2.032 (HKLM-x32\...\{3CC31D3E-369B-4029-A83E-251BB58A144C}_is1) (Version: 032 - CR8 Software Solutions)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{EE8C291E-ED91-11E2-AE11-F04DA23A5C58}) (Version: 12.0.670 - Sony)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.1 - VMware, Inc)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
11-01-2015 13:07:02 Point de contrôle planifié
18-01-2015 13:14:36 Point de contrôle planifié
21-01-2015 03:45:10 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-01-22 13:07 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08F4BE1B-E6D1-40FB-84A6-CFD98B7362DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0F9830C5-CB4F-47A7-946A-78CBF631EBE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {3B5F3632-BDE8-4B5D-AB2A-B5164B574680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {53DD34C5-A289-4446-8EEA-F898F35B2753} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6757FDE6-E745-4318-AC97-8631941A169F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {963C5AD8-1A27-427F-B2B9-209DBAD6F96B} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {A2A144B4-4E32-45EF-9E45-1A786EA1DC24} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B375CB42-E4D1-440F-A7DA-F071C85756A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EB2C34EC-D6E3-43A4-A61D-7B519C8EDCFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {FD370DEF-B694-4A83-A42D-8E88109415BB} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-22 17:11 - 2013-12-22 17:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-23 13:09 - 2015-01-23 13:09 - 00043008 _____ () c:\users\remi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpaoekvw.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-23 13:09 - 2015-01-23 13:09 - 00098816 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32api.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00110080 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\pywintypes27.dll
2015-01-23 13:09 - 2015-01-23 13:09 - 00364544 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\pythoncom27.dll
2015-01-23 13:09 - 2015-01-23 13:09 - 00045568 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\_socket.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 01160704 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\_ssl.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00320512 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32com.shell.shell.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00713216 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\_hashlib.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 01175040 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._core_.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00805888 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._gdi_.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00811008 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._windows_.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 01062400 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._controls_.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00735232 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._misc_.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00128512 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\_elementtree.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00127488 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\pyexpat.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00557056 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\pysqlite2._sqlite.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00087552 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\_ctypes.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00119808 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32file.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00108544 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32security.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00007168 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\hashobjs_ext.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00167936 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32gui.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00018432 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32event.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00038912 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32inet.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00011264 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32crypt.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00070656 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._html2.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00027136 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\_multiprocessing.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00035840 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32process.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00686080 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\unicodedata.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00122368 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._wizard.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00024064 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32pipe.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00025600 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32pdh.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00525640 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\windows._lib_cacheinvalidation.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00010240 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\select.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00017408 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32profile.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00022528 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\win32ts.pyd
2015-01-23 13:09 - 2015-01-23 13:09 - 00078336 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI38682\wx._animate.pyd
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-01-15 18:43 - 2015-01-09 01:35 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libglesv2.dll
2015-01-15 18:43 - 2015-01-09 01:35 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\libegl.dll
2015-01-15 18:43 - 2015-01-09 01:35 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\pdf.dll
2015-01-15 18:43 - 2015-01-09 01:35 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\ffmpegsumo.dll
2015-01-15 18:43 - 2015-01-09 01:35 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Remi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Remi\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-832462997-3305788660-3134978908-500 - Administrator - Disabled)
Invité (S-1-5-21-832462997-3305788660-3134978908-501 - Limited - Disabled)
Remi (S-1-5-21-832462997-3305788660-3134978908-1000 - Administrator - Enabled) => C:\Users\Remi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/23/2015 01:10:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 01:09:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.
 
Error: (01/23/2015 02:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/23/2015 01:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/23/2015 00:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 11:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 10:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 09:45:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 08:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 07:45:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
 
System errors:
=============
Error: (01/22/2015 07:45:19 PM) (Source: DCOM) (EventID: 10001) (User: )
Description: C:\Windows\System32\slui.exe -Embedding5{F87B28F1-DA9A-4F35-8EC0-800EFCF26B83}
 
Error: (01/22/2015 04:17:03 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/19/2015 05:53:51 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000c5 (0x0000000000000008, 0x0000000000000002, 0x0000000000000001, 0xfffff80003210147)C:\Windows\MEMORY.DMP011915-19390-01
 
Error: (01/19/2015 05:53:44 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: L’arrêt système précédant à 17:52:16 le ‎19/‎01/‎2015 n’était pas prévu.
 
Error: (01/19/2015 05:14:32 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000019 (0x0000000000000003, 0xfffff8000325bee0, 0xfffff8000325bee0, 0x0000000000000000)C:\Windows\MEMORY.DMP011915-24523-01
 
Error: (01/19/2015 05:14:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: L’arrêt système précédant à 17:12:50 le ‎19/‎01/‎2015 n’était pas prévu.
 
Error: (01/17/2015 01:45:42 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: L’arrêt système précédant à 13:44:31 le ‎17/‎01/‎2015 n’était pas prévu.
 
Error: (01/14/2015 02:40:50 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (01/09/2015 02:42:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Steam Client Service n’a pas pu démarrer en raison de l’erreur : 
%%1053
 
Error: (01/09/2015 02:42:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Steam Client Service.
 
 
Microsoft Office Sessions:
=========================
Error: (01/23/2015 01:10:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 01:09:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/23/2015 02:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/23/2015 01:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/23/2015 00:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 11:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 10:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 09:45:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 08:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 07:45:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 27%
Total physical RAM: 12285.55 MB
Available physical RAM: 8878.02 MB
Total Pagefile: 24569.29 MB
Available Pagefile: 20445.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:197.41 GB) NTFS
Drive e: (Rosetta Stone V3 - German|Duits ) (CDROM) (Total:0.39 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24D6599C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 23 January 2015 - 04:31 PM

Hi,
 
warning.gif P2P warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via  hidden2.png > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.


warning.gif No resident protection warning

Always have one (and no more than one!) Antivirus program, as the resident protection is absolutely a must-have on any Windows!Each paid-for Anti-Virus comes with a free trial if you wish to try the software before purchasing. Alternatively, you may wish to use the trial, and revert to a free anti-virus afterwards.

For a paid solution, my choice of anti-virus is ESET NOD32. For a free solution, my choice of anti-virus is avast!. However, please be aware that there is no universal solution that works for everyone, and there is no single best anti-virus. What works for me may not work for you and your machine.

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters. (1)
  • Make sure that all available options (except "Loaded modules") are checked and click OK. (2)
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report (3) to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.
tdss.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 fengil

fengil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 23 January 2015 - 05:12 PM

Thanks for you advice, i'll apply them.

 

Here is the TDSSKiller report :

 

23:06:04.0086 0x0ed4  TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
23:06:06.0536 0x0ed4  ============================================================
23:06:06.0537 0x0ed4  Current date / time: 2015/01/23 23:06:06.0536
23:06:06.0537 0x0ed4  SystemInfo:
23:06:06.0537 0x0ed4  
23:06:06.0537 0x0ed4  OS Version: 6.1.7601 ServicePack: 1.0
23:06:06.0537 0x0ed4  Product type: Workstation
23:06:06.0537 0x0ed4  ComputerName: REMI-PC
23:06:06.0537 0x0ed4  UserName: Remi
23:06:06.0537 0x0ed4  Windows directory: C:\Windows
23:06:06.0537 0x0ed4  System windows directory: C:\Windows
23:06:06.0537 0x0ed4  Running under WOW64
23:06:06.0537 0x0ed4  Processor architecture: Intel x64
23:06:06.0538 0x0ed4  Number of processors: 4
23:06:06.0538 0x0ed4  Page size: 0x1000
23:06:06.0538 0x0ed4  Boot type: Normal boot
23:06:06.0538 0x0ed4  ============================================================
23:06:08.0235 0x0ed4  KLMD registered as C:\Windows\system32\drivers\23593789.sys
23:06:08.0456 0x0ed4  System UUID: {A8431EDA-FDFA-DD08-DDF3-FAA507A559E5}
23:06:08.0945 0x0ed4  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
23:06:08.0949 0x0ed4  ============================================================
23:06:08.0949 0x0ed4  \Device\Harddisk0\DR0:
23:06:08.0949 0x0ed4  MBR partitions:
23:06:08.0949 0x0ed4  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:06:08.0949 0x0ed4  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
23:06:08.0949 0x0ed4  ============================================================
23:06:08.0976 0x0ed4  C: <-> \Device\Harddisk0\DR0\Partition2
23:06:08.0976 0x0ed4  ============================================================
23:06:08.0976 0x0ed4  Initialize success
23:06:08.0976 0x0ed4  ============================================================
23:08:38.0118 0x1794  ============================================================
23:08:38.0118 0x1794  Scan started
23:08:38.0118 0x1794  Mode: Manual; SigCheck; TDLFS; 
23:08:38.0118 0x1794  ============================================================
23:08:38.0118 0x1794  KSN ping started
23:08:41.0282 0x1794  KSN ping finished: true
23:08:43.0493 0x1794  ================ Scan system memory ========================
23:08:43.0494 0x1794  System memory - ok
23:08:43.0495 0x1794  ================ Scan services =============================
23:08:43.0605 0x1794  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:08:43.0653 0x1794  1394ohci - ok
23:08:43.0684 0x1794  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:08:43.0697 0x1794  ACPI - ok
23:08:43.0706 0x1794  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:08:43.0759 0x1794  AcpiPmi - ok
23:08:43.0857 0x1794  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:08:43.0882 0x1794  AdobeARMservice - ok
23:08:43.0909 0x1794  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
23:08:43.0933 0x1794  adp94xx - ok
23:08:43.0953 0x1794  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
23:08:43.0967 0x1794  adpahci - ok
23:08:43.0986 0x1794  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
23:08:43.0996 0x1794  adpu320 - ok
23:08:44.0016 0x1794  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:08:44.0042 0x1794  AeLookupSvc - ok
23:08:44.0120 0x1794  [ 79059559E89D06E8B80CE2944BE20228, 6E041D2FED2D0C3D8E16E56CB61D3245F9144EA92F5BDC9A4AA30598D1C8E6EE ] AFD             C:\Windows\system32\drivers\afd.sys
23:08:44.0146 0x1794  AFD - ok
23:08:44.0165 0x1794  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:08:44.0173 0x1794  agp440 - ok
23:08:44.0185 0x1794  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:08:44.0194 0x1794  ALG - ok
23:08:44.0211 0x1794  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:08:44.0218 0x1794  aliide - ok
23:08:44.0248 0x1794  [ 310F86335B0505DDC6D2DD48E66EF06B, 936273CA046B3AE0944E6C1557CECB2A0C61D034977BBB9FACBE062617CF3A2C ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:08:44.0276 0x1794  AMD External Events Utility - ok
23:08:44.0318 0x1794  AMD FUEL Service - ok
23:08:44.0333 0x1794  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:08:44.0359 0x1794  amdide - ok
23:08:44.0371 0x1794  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
23:08:44.0384 0x1794  AmdK8 - ok
23:08:44.0744 0x1794  [ 79CC9BE187E3144E1B58A54B842475E7, 89DD3177B5CE649AC0093603CE13FBFD93AC24F8E16C52672549110141106F4A ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:08:45.0015 0x1794  amdkmdag - ok
23:08:45.0068 0x1794  [ 07561D3B7FD99F6E186C49C2D0628E38, D2D72EB45EAD29A3099C040E99A4F1F4902D3BDC0466800C63ECD33343DC1224 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:08:45.0092 0x1794  amdkmdap - ok
23:08:45.0108 0x1794  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:08:45.0117 0x1794  AmdPPM - ok
23:08:45.0143 0x1794  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:08:45.0152 0x1794  amdsata - ok
23:08:45.0167 0x1794  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
23:08:45.0177 0x1794  amdsbs - ok
23:08:45.0189 0x1794  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:08:45.0196 0x1794  amdxata - ok
23:08:45.0207 0x1794  [ 5A528A540B1AEE8B1C77ED65094E8CDF, 6E3DE68E630B81425056AB58E64721DD41F56491DD2D281CBB86AA7EF9CAD0E0 ] AODDriver4.2    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
23:08:45.0259 0x1794  AODDriver4.2 - ok
23:08:45.0285 0x1794  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:08:45.0309 0x1794  AppID - ok
23:08:45.0329 0x1794  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:08:45.0353 0x1794  AppIDSvc - ok
23:08:45.0373 0x1794  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:08:45.0381 0x1794  Appinfo - ok
23:08:45.0432 0x1794  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:08:45.0439 0x1794  Apple Mobile Device - ok
23:08:45.0461 0x1794  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
23:08:45.0472 0x1794  AppMgmt - ok
23:08:45.0486 0x1794  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
23:08:45.0494 0x1794  arc - ok
23:08:45.0499 0x1794  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:08:45.0508 0x1794  arcsas - ok
23:08:45.0603 0x1794  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:08:45.0614 0x1794  aspnet_state - ok
23:08:45.0637 0x1794  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:08:45.0661 0x1794  AsyncMac - ok
23:08:45.0676 0x1794  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:08:45.0684 0x1794  atapi - ok
23:08:45.0713 0x1794  [ ED3A041014FBBFDC23D6C04F9C7A5D79, A039D8F4C0EA2101898A253E13DFED5FA8500C412ACC47835415E27C9BD068FF ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
23:08:45.0721 0x1794  AtiHDAudioService - ok
23:08:45.0753 0x1794  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:08:45.0791 0x1794  AudioEndpointBuilder - ok
23:08:45.0807 0x1794  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:08:45.0845 0x1794  AudioSrv - ok
23:08:45.0863 0x1794  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:08:45.0876 0x1794  AxInstSV - ok
23:08:45.0905 0x1794  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
23:08:45.0922 0x1794  b06bdrv - ok
23:08:45.0951 0x1794  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:08:45.0964 0x1794  b57nd60a - ok
23:08:45.0977 0x1794  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:08:45.0986 0x1794  BDESVC - ok
23:08:45.0993 0x1794  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:08:46.0017 0x1794  Beep - ok
23:08:46.0085 0x1794  [ BE43A13207D6428947248AF7EE05E772, 4118288ECD13B77738070DC298A64732693EEF9679CCFA59FD523CCAACF6335B ] BEService       C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
23:08:46.0101 0x1794  BEService - ok
23:08:46.0135 0x1794  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:08:46.0157 0x1794  BFE - ok
23:08:46.0205 0x1794  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:08:46.0247 0x1794  BITS - ok
23:08:46.0267 0x1794  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:08:46.0275 0x1794  blbdrive - ok
23:08:46.0312 0x1794  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:08:46.0326 0x1794  Bonjour Service - ok
23:08:46.0350 0x1794  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:08:46.0358 0x1794  bowser - ok
23:08:46.0378 0x1794  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
23:08:46.0387 0x1794  BrFiltLo - ok
23:08:46.0400 0x1794  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
23:08:46.0409 0x1794  BrFiltUp - ok
23:08:46.0419 0x1794  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:08:46.0429 0x1794  Browser - ok
23:08:46.0441 0x1794  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:08:46.0454 0x1794  Brserid - ok
23:08:46.0466 0x1794  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:08:46.0475 0x1794  BrSerWdm - ok
23:08:46.0484 0x1794  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:08:46.0494 0x1794  BrUsbMdm - ok
23:08:46.0503 0x1794  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:08:46.0510 0x1794  BrUsbSer - ok
23:08:46.0524 0x1794  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:08:46.0534 0x1794  BTHMODEM - ok
23:08:46.0546 0x1794  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:08:46.0571 0x1794  bthserv - ok
23:08:46.0585 0x1794  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:08:46.0610 0x1794  cdfs - ok
23:08:46.0631 0x1794  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:08:46.0642 0x1794  cdrom - ok
23:08:46.0666 0x1794  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:08:46.0690 0x1794  CertPropSvc - ok
23:08:46.0702 0x1794  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:08:46.0712 0x1794  circlass - ok
23:08:46.0735 0x1794  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:08:46.0749 0x1794  CLFS - ok
23:08:46.0790 0x1794  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:08:46.0798 0x1794  clr_optimization_v2.0.50727_32 - ok
23:08:46.0932 0x1794  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:08:46.0940 0x1794  clr_optimization_v2.0.50727_64 - ok
23:08:46.0996 0x1794  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:08:47.0007 0x1794  clr_optimization_v4.0.30319_32 - ok
23:08:47.0027 0x1794  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:08:47.0038 0x1794  clr_optimization_v4.0.30319_64 - ok
23:08:47.0063 0x1794  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
23:08:47.0072 0x1794  CmBatt - ok
23:08:47.0090 0x1794  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:08:47.0097 0x1794  cmdide - ok
23:08:47.0148 0x1794  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:08:47.0168 0x1794  CNG - ok
23:08:47.0182 0x1794  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
23:08:47.0189 0x1794  Compbatt - ok
23:08:47.0213 0x1794  [ 59D203C3F46F3CA536ECAC0E084CD887, 0D04D469ADE2AEFAA18920E13A8EC74FDFB7C6827A78BFCD987B66D579BFF846 ] CompFilter64    C:\Windows\system32\DRIVERS\lvbflt64.sys
23:08:47.0220 0x1794  CompFilter64 - ok
23:08:47.0234 0x1794  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:08:47.0244 0x1794  CompositeBus - ok
23:08:47.0248 0x1794  COMSysApp - ok
23:08:47.0264 0x1794  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
23:08:47.0271 0x1794  crcdisk - ok
23:08:47.0295 0x1794  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:08:47.0306 0x1794  CryptSvc - ok
23:08:47.0339 0x1794  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
23:08:47.0357 0x1794  CSC - ok
23:08:47.0387 0x1794  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
23:08:47.0409 0x1794  CscService - ok
23:08:47.0445 0x1794  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:08:47.0479 0x1794  DcomLaunch - ok
23:08:47.0523 0x1794  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:08:47.0553 0x1794  defragsvc - ok
23:08:47.0562 0x1794  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:08:47.0587 0x1794  DfsC - ok
23:08:47.0609 0x1794  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:08:47.0624 0x1794  Dhcp - ok
23:08:47.0638 0x1794  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:08:47.0662 0x1794  discache - ok
23:08:47.0674 0x1794  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
23:08:47.0682 0x1794  Disk - ok
23:08:47.0706 0x1794  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
23:08:47.0714 0x1794  dmvsc - ok
23:08:47.0735 0x1794  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:08:47.0746 0x1794  Dnscache - ok
23:08:47.0761 0x1794  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:08:47.0789 0x1794  dot3svc - ok
23:08:47.0796 0x1794  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:08:47.0822 0x1794  DPS - ok
23:08:47.0877 0x1794  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:08:47.0899 0x1794  drmkaud - ok
23:08:47.0931 0x1794  [ 46571ED73AE84469DCA53081D33CF3C8, 8BB386BB4F6AD39F06A8607CD1DF3D67CFA45BBE52E40EDB90EB8C862283EBFF ] dtsoftbus01     C:\Windows\system32\DRIVERS\dtsoftbus01.sys
23:08:47.0948 0x1794  dtsoftbus01 - ok
23:08:48.0031 0x1794  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:08:48.0063 0x1794  DXGKrnl - ok
23:08:48.0078 0x1794  EagleX64 - ok
23:08:48.0090 0x1794  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:08:48.0117 0x1794  EapHost - ok
23:08:48.0207 0x1794  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
23:08:48.0287 0x1794  ebdrv - ok
23:08:48.0346 0x1794  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] EFS             C:\Windows\System32\lsass.exe
23:08:48.0372 0x1794  EFS - ok
23:08:48.0475 0x1794  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:08:48.0522 0x1794  ehRecvr - ok
23:08:48.0541 0x1794  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:08:48.0556 0x1794  ehSched - ok
23:08:48.0581 0x1794  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
23:08:48.0601 0x1794  elxstor - ok
23:08:48.0609 0x1794  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:08:48.0617 0x1794  ErrDev - ok
23:08:48.0645 0x1794  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:08:48.0677 0x1794  EventSystem - ok
23:08:48.0696 0x1794  EverestDriver - ok
23:08:48.0719 0x1794  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:08:48.0747 0x1794  exfat - ok
23:08:48.0768 0x1794  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:08:48.0801 0x1794  fastfat - ok
23:08:48.0838 0x1794  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:08:48.0861 0x1794  Fax - ok
23:08:48.0884 0x1794  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
23:08:48.0892 0x1794  fdc - ok
23:08:48.0899 0x1794  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:08:48.0923 0x1794  fdPHost - ok
23:08:48.0927 0x1794  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:08:48.0951 0x1794  FDResPub - ok
23:08:48.0963 0x1794  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:08:48.0972 0x1794  FileInfo - ok
23:08:48.0984 0x1794  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:08:49.0008 0x1794  Filetrace - ok
23:08:49.0102 0x1794  [ BB0667B0171B632B97EA759515476F07, 07A123B2182D5813D2898928C231638353CF086606E9D5A5AF4A2A73E17CEC27 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:08:49.0128 0x1794  FLEXnet Licensing Service - ok
23:08:49.0150 0x1794  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
23:08:49.0158 0x1794  flpydisk - ok
23:08:49.0180 0x1794  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:08:49.0193 0x1794  FltMgr - ok
23:08:49.0248 0x1794  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:08:49.0282 0x1794  FontCache - ok
23:08:49.0320 0x1794  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:08:49.0327 0x1794  FontCache3.0.0.0 - ok
23:08:49.0331 0x1794  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:08:49.0339 0x1794  FsDepends - ok
23:08:49.0369 0x1794  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:08:49.0376 0x1794  Fs_Rec - ok
23:08:49.0401 0x1794  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:08:49.0415 0x1794  fvevol - ok
23:08:49.0425 0x1794  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:08:49.0433 0x1794  gagp30kx - ok
23:08:49.0456 0x1794  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:08:49.0462 0x1794  GEARAspiWDM - ok
23:08:49.0497 0x1794  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:08:49.0537 0x1794  gpsvc - ok
23:08:49.0587 0x1794  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:08:49.0610 0x1794  gupdate - ok
23:08:49.0617 0x1794  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:08:49.0627 0x1794  gupdatem - ok
23:08:49.0683 0x1794  [ 6E02DDFFA0E8C069A92A0888B0CB8415, 44816EA24121AD0C9EB8048BED9250D7992CD0C0ABA69C3269A633D48297B7A7 ] hcmon           C:\Windows\system32\drivers\hcmon.sys
23:08:49.0692 0x1794  hcmon - ok
23:08:49.0710 0x1794  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:08:49.0721 0x1794  hcw85cir - ok
23:08:49.0755 0x1794  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:08:49.0779 0x1794  HdAudAddService - ok
23:08:49.0793 0x1794  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:08:49.0811 0x1794  HDAudBus - ok
23:08:49.0822 0x1794  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
23:08:49.0833 0x1794  HidBatt - ok
23:08:49.0840 0x1794  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:08:49.0854 0x1794  HidBth - ok
23:08:49.0861 0x1794  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
23:08:49.0871 0x1794  HidIr - ok
23:08:49.0875 0x1794  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:08:49.0899 0x1794  hidserv - ok
23:08:49.0958 0x1794  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:08:49.0974 0x1794  HidUsb - ok
23:08:50.0054 0x1794  [ C193FE8507607B2917A6F9B554132559, 962B065219D305B2DE1B4816D234438FBF8F6A79D45389683A21657733C14D5B ] HiPatchService  C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
23:08:50.0062 0x1794  HiPatchService - detected UnsignedFile.Multi.Generic ( 1 )
23:08:53.0447 0x1794  HiPatchService ( UnsignedFile.Multi.Generic ) - warning
23:08:53.0447 0x1794  Force sending object to P2P due to detect: HiPatchService
23:08:56.0628 0x1794  Object send P2P result: true
23:08:59.0735 0x1794  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:08:59.0779 0x1794  hkmsvc - ok
23:08:59.0792 0x1794  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:08:59.0804 0x1794  HomeGroupListener - ok
23:08:59.0820 0x1794  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:08:59.0832 0x1794  HomeGroupProvider - ok
23:08:59.0851 0x1794  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:08:59.0860 0x1794  HpSAMD - ok
23:08:59.0893 0x1794  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:08:59.0932 0x1794  HTTP - ok
23:08:59.0941 0x1794  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:08:59.0949 0x1794  hwpolicy - ok
23:08:59.0963 0x1794  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:08:59.0972 0x1794  i8042prt - ok
23:09:00.0000 0x1794  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:09:00.0014 0x1794  iaStorV - ok
23:09:00.0090 0x1794  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:09:00.0118 0x1794  idsvc - ok
23:09:00.0134 0x1794  IEEtwCollectorService - ok
23:09:00.0144 0x1794  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
23:09:00.0152 0x1794  iirsp - ok
23:09:00.0236 0x1794  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:09:00.0270 0x1794  IKEEXT - ok
23:09:00.0405 0x1794  [ CCEDD47ABD068C58C8513DEB785093BB, 2B5571688655265037ACB44D2F2E0CD646EC0567D823C32CA09F13A1814C241B ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:09:00.0477 0x1794  IntcAzAudAddService - ok
23:09:00.0497 0x1794  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:09:00.0505 0x1794  intelide - ok
23:09:00.0517 0x1794  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\drivers\intelppm.sys
23:09:00.0526 0x1794  intelppm - ok
23:09:00.0548 0x1794  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:09:00.0574 0x1794  IPBusEnum - ok
23:09:00.0587 0x1794  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:09:00.0611 0x1794  IpFilterDriver - ok
23:09:00.0645 0x1794  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:09:00.0665 0x1794  iphlpsvc - ok
23:09:00.0676 0x1794  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:09:00.0684 0x1794  IPMIDRV - ok
23:09:00.0695 0x1794  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:09:00.0721 0x1794  IPNAT - ok
23:09:00.0757 0x1794  [ 71F993192EB04B2C4C80F2DEE9119229, 881B7042724364C9D667DF6109E15DE78D9431DF5708CB16736AD723F4A38578 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:09:00.0775 0x1794  iPod Service - ok
23:09:00.0796 0x1794  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:09:00.0807 0x1794  IRENUM - ok
23:09:00.0854 0x1794  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:09:00.0861 0x1794  isapnp - ok
23:09:00.0943 0x1794  [ D931D7309DEB2317035B07C9F9E6B0BD, 13AD84172ED8C6153F8A98499C01733B74E48464CE07D099508E38D409913ED3 ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:09:00.0964 0x1794  iScsiPrt - ok
23:09:01.0015 0x1794  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:09:01.0041 0x1794  kbdclass - ok
23:09:01.0082 0x1794  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:09:01.0095 0x1794  kbdhid - ok
23:09:01.0136 0x1794  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] KeyIso          C:\Windows\system32\lsass.exe
23:09:01.0160 0x1794  KeyIso - ok
23:09:01.0205 0x1794  [ 8F489706472F7E9A06BAAA198703FA64, F020406690FB38EABD82D63B91D33039CC93ED52A5497AE12BAF475F22D0B08A ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:09:01.0218 0x1794  KSecDD - ok
23:09:01.0273 0x1794  [ 868A2CAAB12EFC7A021682BCA0EEC54C, 12C4925B5B3D6EA7B6410C01F33158C6EAB50CBD6AF445F8B04ED9899720C2DD ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:09:01.0288 0x1794  KSecPkg - ok
23:09:01.0301 0x1794  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:09:01.0327 0x1794  ksthunk - ok
23:09:01.0401 0x1794  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:09:01.0441 0x1794  KtmRm - ok
23:09:01.0582 0x1794  [ 4891EE13FA79B9D6B856F49AD69281B2, 5A9488BA1798020443400D82BA18D5A3EA766F49C2C78CD417C1DE45F64CD7BA ] L6UX2           C:\Windows\system32\Drivers\L6UX264.sys
23:09:01.0613 0x1794  L6UX2 - ok
23:09:01.0649 0x1794  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:09:01.0678 0x1794  LanmanServer - ok
23:09:01.0742 0x1794  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:09:01.0808 0x1794  LanmanWorkstation - ok
23:09:01.0867 0x1794  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:09:01.0946 0x1794  lltdio - ok
23:09:01.0992 0x1794  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:09:02.0034 0x1794  lltdsvc - ok
23:09:02.0081 0x1794  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:09:02.0106 0x1794  lmhosts - ok
23:09:02.0180 0x1794  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:09:02.0210 0x1794  LSI_FC - ok
23:09:02.0217 0x1794  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
23:09:02.0230 0x1794  LSI_SAS - ok
23:09:02.0262 0x1794  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
23:09:02.0271 0x1794  LSI_SAS2 - ok
23:09:02.0279 0x1794  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:09:02.0288 0x1794  LSI_SCSI - ok
23:09:02.0302 0x1794  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:09:02.0328 0x1794  luafv - ok
23:09:02.0364 0x1794  [ 0C85B2B6FB74B36A251792D45E0EF860, 2E04204560C1159ABC25F273B0B7F81FDF9BA5E88C17929FD924C4E945DE5020 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
23:09:02.0376 0x1794  LVRS64 - ok
23:09:02.0553 0x1794  [ FF3A488924B0032B1A9CA6948C1FA9E8, 6F05852B75498210926F5CDF49D2A6DD97C39CD93D32E3200D7240AADA3E7BEE ] LVUVC64         C:\Windows\system32\DRIVERS\lvuvc64.sys
23:09:02.0654 0x1794  LVUVC64 - ok
23:09:02.0714 0x1794  [ 8506CD0516D03955BC3C23FCF051C0C9, 1042DC3CFABF7E6A93FDA01E1C39D3342442806348A79E3964DC3BDFEBBB62C3 ] ma-config_amd64 C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys
23:09:02.0721 0x1794  ma-config_amd64 - ok
23:09:02.0817 0x1794  [ 9983EDB70996D25AC22B15C826F2A7D0, E9B5A1C0303EDA98F8BE465EB7D7A09DEE5DFBD1879DB8506F3DE7126DD5E124 ] MaConfigAgent   C:\Program Files\ma-config.com\MaConfigAgent.exe
23:09:02.0876 0x1794  MaConfigAgent - ok
23:09:03.0002 0x1794  [ 478CC94C937D235CB0A96AB8F2359D81, 1877AF93FD777F0D5BC02C0CD6E806A165991B6C77D424B13D2D77F8F9D1EFCC ] mbamchameleon   C:\Windows\system32\drivers\mbamchameleon.sys
23:09:03.0023 0x1794  mbamchameleon - ok
23:09:03.0139 0x1794  [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
23:09:03.0162 0x1794  MBAMProtector - ok
23:09:03.0292 0x1794  [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
23:09:03.0333 0x1794  MBAMScheduler - ok
23:09:03.0421 0x1794  [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService     C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
23:09:03.0451 0x1794  MBAMService - ok
23:09:03.0487 0x1794  [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy   C:\Windows\system32\drivers\MBAMSwissArmy.sys
23:09:03.0495 0x1794  MBAMSwissArmy - ok
23:09:03.0539 0x1794  [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
23:09:03.0565 0x1794  MBAMWebAccessControl - ok
23:09:03.0621 0x1794  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:09:03.0651 0x1794  Mcx2Svc - ok
23:09:03.0726 0x1794  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
23:09:03.0755 0x1794  megasas - ok
23:09:03.0776 0x1794  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
23:09:03.0794 0x1794  MegaSR - ok
23:09:03.0821 0x1794  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:09:03.0846 0x1794  MMCSS - ok
23:09:03.0862 0x1794  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:09:03.0886 0x1794  Modem - ok
23:09:03.0910 0x1794  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:09:03.0920 0x1794  monitor - ok
23:09:03.0939 0x1794  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:09:03.0947 0x1794  mouclass - ok
23:09:03.0960 0x1794  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:09:03.0968 0x1794  mouhid - ok
23:09:03.0980 0x1794  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:09:03.0989 0x1794  mountmgr - ok
23:09:04.0003 0x1794  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:09:04.0012 0x1794  mpio - ok
23:09:04.0023 0x1794  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:09:04.0048 0x1794  mpsdrv - ok
23:09:04.0076 0x1794  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:09:04.0117 0x1794  MpsSvc - ok
23:09:04.0171 0x1794  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:09:04.0181 0x1794  MRxDAV - ok
23:09:04.0212 0x1794  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:09:04.0221 0x1794  mrxsmb - ok
23:09:04.0240 0x1794  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:09:04.0253 0x1794  mrxsmb10 - ok
23:09:04.0265 0x1794  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:09:04.0274 0x1794  mrxsmb20 - ok
23:09:04.0287 0x1794  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:09:04.0295 0x1794  msahci - ok
23:09:04.0311 0x1794  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:09:04.0320 0x1794  msdsm - ok
23:09:04.0337 0x1794  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:09:04.0348 0x1794  MSDTC - ok
23:09:04.0363 0x1794  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:09:04.0400 0x1794  Msfs - ok
23:09:04.0416 0x1794  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:09:04.0439 0x1794  mshidkmdf - ok
23:09:04.0443 0x1794  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:09:04.0451 0x1794  msisadrv - ok
23:09:04.0484 0x1794  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:09:04.0511 0x1794  MSiSCSI - ok
23:09:04.0514 0x1794  msiserver - ok
23:09:04.0543 0x1794  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:09:04.0566 0x1794  MSKSSRV - ok
23:09:04.0577 0x1794  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:09:04.0600 0x1794  MSPCLOCK - ok
23:09:04.0605 0x1794  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:09:04.0629 0x1794  MSPQM - ok
23:09:04.0646 0x1794  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:09:04.0660 0x1794  MsRPC - ok
23:09:04.0673 0x1794  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:09:04.0681 0x1794  mssmbios - ok
23:09:04.0688 0x1794  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:09:04.0712 0x1794  MSTEE - ok
23:09:04.0722 0x1794  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
23:09:04.0730 0x1794  MTConfig - ok
23:09:04.0742 0x1794  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:09:04.0750 0x1794  Mup - ok
23:09:04.0788 0x1794  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:09:04.0822 0x1794  napagent - ok
23:09:04.0876 0x1794  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:09:04.0893 0x1794  NativeWifiP - ok
23:09:04.0970 0x1794  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:09:04.0995 0x1794  NDIS - ok
23:09:05.0049 0x1794  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:09:05.0108 0x1794  NdisCap - ok
23:09:05.0138 0x1794  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:09:05.0162 0x1794  NdisTapi - ok
23:09:05.0212 0x1794  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:09:05.0262 0x1794  Ndisuio - ok
23:09:05.0336 0x1794  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:09:05.0361 0x1794  NdisWan - ok
23:09:05.0401 0x1794  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:09:05.0425 0x1794  NDProxy - ok
23:09:05.0445 0x1794  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:09:05.0469 0x1794  NetBIOS - ok
23:09:05.0497 0x1794  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:09:05.0525 0x1794  NetBT - ok
23:09:05.0538 0x1794  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] Netlogon        C:\Windows\system32\lsass.exe
23:09:05.0546 0x1794  Netlogon - ok
23:09:05.0576 0x1794  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:09:05.0608 0x1794  Netman - ok
23:09:05.0642 0x1794  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:05.0654 0x1794  NetMsmqActivator - ok
23:09:05.0659 0x1794  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:05.0670 0x1794  NetPipeActivator - ok
23:09:05.0719 0x1794  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:09:05.0753 0x1794  netprofm - ok
23:09:05.0761 0x1794  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:05.0772 0x1794  NetTcpActivator - ok
23:09:05.0777 0x1794  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:09:05.0789 0x1794  NetTcpPortSharing - ok
23:09:05.0811 0x1794  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
23:09:05.0819 0x1794  nfrd960 - ok
23:09:06.0041 0x1794  [ 0BCB418C2906852C6F9347A258FD5711, 14AB1F890A6C8679B94601924C95756EC5FF3973684CD19079B5DAFF028FE7B4 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
23:09:06.0170 0x1794  NIHardwareService - detected UnsignedFile.Multi.Generic ( 1 )
23:09:09.0426 0x1794  Detect skipped due to KSN trusted
23:09:09.0427 0x1794  NIHardwareService - ok
23:09:09.0476 0x1794  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:09:09.0490 0x1794  NlaSvc - ok
23:09:09.0544 0x1794  [ DE7FCC77F4A503AF4CA6A47D49B3713D, 4BFAA99393F635CD05D91A64DE73EDB5639412C129E049F0FE34F88517A10FC6 ] NPF             C:\Windows\system32\drivers\npf.sys
23:09:09.0552 0x1794  NPF - ok
23:09:09.0586 0x1794  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:09:09.0611 0x1794  Npfs - ok
23:09:09.0614 0x1794  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:09:09.0639 0x1794  nsi - ok
23:09:09.0648 0x1794  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:09:09.0672 0x1794  nsiproxy - ok
23:09:09.0764 0x1794  [ B98F8C6E31CD07B2E6F71F7F648E38C0, 2FEA100B80680FBBF644CB6763738804155DF1E94A6542CAE2B2786D770D554E ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:09:09.0804 0x1794  Ntfs - ok
23:09:09.0812 0x1794  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:09:09.0835 0x1794  Null - ok
23:09:09.0859 0x1794  [ 69FCDECD0215195261EC5362AB4A1520, B1B1DBACC4641AC4A4520CDE736074468BC9B5605BD5DFB140D946A0DF810F08 ] nusb3hub        C:\Windows\system32\DRIVERS\nusb3hub.sys
23:09:09.0867 0x1794  nusb3hub - ok
23:09:09.0889 0x1794  [ F813EA99DA158FB4079622D882873D63, 243DE756315C8652718871AB499DC3AEBA2A48438706CA37B3C46B02ED6DFF63 ] nusb3xhc        C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:09:09.0899 0x1794  nusb3xhc - ok
23:09:09.0920 0x1794  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:09:09.0930 0x1794  nvraid - ok
23:09:09.0944 0x1794  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:09:09.0953 0x1794  nvstor - ok
23:09:09.0978 0x1794  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:09:09.0987 0x1794  nv_agp - ok
23:09:09.0996 0x1794  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:09:10.0004 0x1794  ohci1394 - ok
23:09:10.0124 0x1794  [ EF8DA126239D08B7B4734256417AE702, 4BBA0577C20E851F5B30D0D0F19382AB32AF57EFF7AA5B394E0FF6358A7AB287 ] Origin Client Service C:\Program Files (x86)\Origin\OriginClientService.exe
23:09:10.0167 0x1794  Origin Client Service - ok
23:09:10.0227 0x1794  [ 2B8E4C792BED0E5882702720BC528AE5, 6D7CB027BC6014CB268C49B46049CDFF3BA94D07102A65BD053335A28E83D125 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:09:10.0237 0x1794  ose - ok
23:09:10.0425 0x1794  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:09:10.0536 0x1794  osppsvc - ok
23:09:10.0588 0x1794  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:09:10.0604 0x1794  p2pimsvc - ok
23:09:10.0622 0x1794  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:09:10.0639 0x1794  p2psvc - ok
23:09:10.0662 0x1794  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:09:10.0672 0x1794  Parport - ok
23:09:10.0683 0x1794  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:09:10.0691 0x1794  partmgr - ok
23:09:10.0708 0x1794  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:09:10.0726 0x1794  PcaSvc - ok
23:09:10.0743 0x1794  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:09:10.0753 0x1794  pci - ok
23:09:10.0779 0x1794  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:09:10.0786 0x1794  pciide - ok
23:09:10.0828 0x1794  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:09:10.0839 0x1794  pcmcia - ok
23:09:10.0887 0x1794  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:09:10.0895 0x1794  pcw - ok
23:09:10.0936 0x1794  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:09:10.0975 0x1794  PEAUTH - ok
23:09:11.0029 0x1794  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
23:09:11.0067 0x1794  PeerDistSvc - ok
23:09:11.0114 0x1794  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:09:11.0123 0x1794  PerfHost - ok
23:09:11.0171 0x1794  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:09:11.0226 0x1794  pla - ok
23:09:11.0282 0x1794  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:09:11.0299 0x1794  PlugPlay - ok
23:09:11.0328 0x1794  PnkBstrA - ok
23:09:11.0332 0x1794  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:09:11.0340 0x1794  PNRPAutoReg - ok
23:09:11.0354 0x1794  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:09:11.0368 0x1794  PNRPsvc - ok
23:09:11.0397 0x1794  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:09:11.0431 0x1794  PolicyAgent - ok
23:09:11.0458 0x1794  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:09:11.0491 0x1794  Power - ok
23:09:11.0528 0x1794  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:09:11.0553 0x1794  PptpMiniport - ok
23:09:11.0563 0x1794  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
23:09:11.0571 0x1794  Processor - ok
23:09:11.0588 0x1794  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:09:11.0601 0x1794  ProfSvc - ok
23:09:11.0607 0x1794  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:09:11.0615 0x1794  ProtectedStorage - ok
23:09:11.0627 0x1794  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:09:11.0652 0x1794  Psched - ok
23:09:11.0695 0x1794  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:09:11.0733 0x1794  ql2300 - ok
23:09:11.0765 0x1794  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:09:11.0774 0x1794  ql40xx - ok
23:09:11.0824 0x1794  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:09:11.0841 0x1794  QWAVE - ok
23:09:11.0850 0x1794  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:09:11.0862 0x1794  QWAVEdrv - ok
23:09:11.0871 0x1794  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:09:11.0895 0x1794  RasAcd - ok
23:09:11.0951 0x1794  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:09:11.0976 0x1794  RasAgileVpn - ok
23:09:12.0030 0x1794  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:09:12.0057 0x1794  RasAuto - ok
23:09:12.0101 0x1794  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:09:12.0128 0x1794  Rasl2tp - ok
23:09:12.0143 0x1794  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:09:12.0174 0x1794  RasMan - ok
23:09:12.0221 0x1794  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:09:12.0247 0x1794  RasPppoe - ok
23:09:12.0266 0x1794  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:09:12.0292 0x1794  RasSstp - ok
23:09:12.0342 0x1794  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:09:12.0371 0x1794  rdbss - ok
23:09:12.0378 0x1794  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:09:12.0387 0x1794  rdpbus - ok
23:09:12.0390 0x1794  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:09:12.0414 0x1794  RDPCDD - ok
23:09:12.0466 0x1794  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
23:09:12.0477 0x1794  RDPDR - ok
23:09:12.0492 0x1794  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:09:12.0517 0x1794  RDPENCDD - ok
23:09:12.0547 0x1794  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:09:12.0571 0x1794  RDPREFMP - ok
23:09:12.0623 0x1794  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:09:12.0635 0x1794  RDPWD - ok
23:09:12.0649 0x1794  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:09:12.0659 0x1794  rdyboost - ok
23:09:12.0678 0x1794  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:09:12.0704 0x1794  RemoteAccess - ok
23:09:12.0759 0x1794  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:09:12.0787 0x1794  RemoteRegistry - ok
23:09:12.0839 0x1794  [ 83A6C2CAFE236652D1559640594A0EA8, 52360F17C9C70C9CEA3316560B40C4D89FD705ED7E6B6088C99FC54D4CC35EB5 ] rpcapd          C:\Program Files (x86)\WinPcap\rpcapd.exe
23:09:12.0846 0x1794  rpcapd - ok
23:09:12.0904 0x1794  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:09:12.0930 0x1794  RpcEptMapper - ok
23:09:12.0968 0x1794  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:09:12.0976 0x1794  RpcLocator - ok
23:09:13.0028 0x1794  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:09:13.0064 0x1794  RpcSs - ok
23:09:13.0128 0x1794  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:09:13.0154 0x1794  rspndr - ok
23:09:13.0211 0x1794  [ 7F4F11527AF5A7E4526CB6A146B3E40C, 705177014374AB2F12AF4558344C35C206C2820BD1A16770173EA10D094D182B ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:09:13.0229 0x1794  RTL8167 - ok
23:09:13.0262 0x1794  [ 24510C4A77ABA3B07AEFA840DB888637, 6756CE67A9F7DBC81F4F74ABF74B5A0DF02BD91AF1C689A2E441951270E123A3 ] RzSynapse       C:\Windows\system32\DRIVERS\RzSynapse.sys
23:09:13.0270 0x1794  RzSynapse - ok
23:09:13.0289 0x1794  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
23:09:13.0296 0x1794  s3cap - ok
23:09:13.0305 0x1794  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] SamSs           C:\Windows\system32\lsass.exe
23:09:13.0313 0x1794  SamSs - ok
23:09:13.0331 0x1794  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:09:13.0340 0x1794  sbp2port - ok
23:09:13.0356 0x1794  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:09:13.0385 0x1794  SCardSvr - ok
23:09:13.0433 0x1794  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:09:13.0456 0x1794  scfilter - ok
23:09:13.0507 0x1794  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:09:13.0556 0x1794  Schedule - ok
23:09:13.0598 0x1794  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:09:13.0624 0x1794  SCPolicySvc - ok
23:09:13.0641 0x1794  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:09:13.0653 0x1794  SDRSVC - ok
23:09:13.0663 0x1794  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:09:13.0705 0x1794  secdrv - ok
23:09:13.0722 0x1794  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:09:13.0746 0x1794  seclogon - ok
23:09:13.0755 0x1794  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:09:13.0781 0x1794  SENS - ok
23:09:13.0787 0x1794  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:09:13.0795 0x1794  SensrSvc - ok
23:09:13.0813 0x1794  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:09:13.0821 0x1794  Serenum - ok
23:09:13.0832 0x1794  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:09:13.0841 0x1794  Serial - ok
23:09:13.0855 0x1794  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:09:13.0862 0x1794  sermouse - ok
23:09:13.0881 0x1794  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:09:13.0907 0x1794  SessionEnv - ok
23:09:13.0914 0x1794  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:09:13.0923 0x1794  sffdisk - ok
23:09:13.0931 0x1794  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:09:13.0939 0x1794  sffp_mmc - ok
23:09:13.0946 0x1794  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:09:13.0956 0x1794  sffp_sd - ok
23:09:13.0966 0x1794  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
23:09:13.0973 0x1794  sfloppy - ok
23:09:13.0993 0x1794  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:09:14.0025 0x1794  SharedAccess - ok
23:09:14.0044 0x1794  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:09:14.0076 0x1794  ShellHWDetection - ok
23:09:14.0090 0x1794  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
23:09:14.0098 0x1794  SiSRaid2 - ok
23:09:14.0123 0x1794  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:09:14.0132 0x1794  SiSRaid4 - ok
23:09:14.0198 0x1794  [ F6EF225A23D336CA30001E5007644C24, B0A4B1256C1074F1B4F73E3BBA16FD4683D6EEA583DEEF8E11EFD29BA7541F2A ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:09:14.0213 0x1794  SkypeUpdate - ok
23:09:14.0219 0x1794  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:09:14.0246 0x1794  Smb - ok
23:09:14.0254 0x1794  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:09:14.0263 0x1794  SNMPTRAP - ok
23:09:14.0267 0x1794  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:09:14.0274 0x1794  spldr - ok
23:09:14.0303 0x1794  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:09:14.0323 0x1794  Spooler - ok
23:09:14.0419 0x1794  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:09:14.0522 0x1794  sppsvc - ok
23:09:14.0565 0x1794  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:09:14.0593 0x1794  sppuinotify - ok
23:09:14.0640 0x1794  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:09:14.0657 0x1794  srv - ok
23:09:14.0699 0x1794  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:09:14.0716 0x1794  srv2 - ok
23:09:14.0740 0x1794  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:09:14.0751 0x1794  srvnet - ok
23:09:14.0764 0x1794  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:09:14.0794 0x1794  SSDPSRV - ok
23:09:14.0802 0x1794  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:09:14.0829 0x1794  SstpSvc - ok
23:09:14.0955 0x1794  [ CC7ED069C2FC82B5B1555C2044C765CC, CE43363544A3EE2C5133CD0D47BF34AFAFA4EAD6AC9EB9A772EE55E89D4D89D4 ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
23:09:14.0977 0x1794  Steam Client Service - ok
23:09:15.0002 0x1794  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
23:09:15.0010 0x1794  stexstor - ok
23:09:15.0073 0x1794  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:09:15.0098 0x1794  stisvc - ok
23:09:15.0124 0x1794  [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
23:09:15.0132 0x1794  storflt - ok
23:09:15.0139 0x1794  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
23:09:15.0147 0x1794  StorSvc - ok
23:09:15.0164 0x1794  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
23:09:15.0171 0x1794  storvsc - ok
23:09:15.0181 0x1794  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:09:15.0188 0x1794  swenum - ok
23:09:15.0220 0x1794  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:09:15.0257 0x1794  swprv - ok
23:09:15.0313 0x1794  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:09:15.0365 0x1794  SysMain - ok
23:09:15.0382 0x1794  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:09:15.0396 0x1794  TabletInputService - ok
23:09:15.0428 0x1794  [ F0B9D3ED88E56D3CD713DFF21E42AAF0, D914422032A6EC6B161F20CD040B631F8AF18D4B942F6CBE7E32069EBF551B6A ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
23:09:15.0435 0x1794  tap0901 - ok
23:09:15.0454 0x1794  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:09:15.0486 0x1794  TapiSrv - ok
23:09:15.0505 0x1794  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:09:15.0533 0x1794  TBS - ok
23:09:15.0619 0x1794  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:09:15.0663 0x1794  Tcpip - ok
23:09:15.0727 0x1794  [ 40AF23633D197905F03AB5628C558C51, 644656A15236E964E4BE57B42225EAA5643C4CF1FFF6D306813A000716F9D72C ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:09:15.0771 0x1794  TCPIP6 - ok
23:09:15.0807 0x1794  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:09:15.0814 0x1794  tcpipreg - ok
23:09:15.0823 0x1794  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:09:15.0830 0x1794  TDPIPE - ok
23:09:15.0846 0x1794  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:09:15.0853 0x1794  TDTCP - ok
23:09:15.0866 0x1794  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:09:15.0891 0x1794  tdx - ok
23:09:16.0134 0x1794  [ C0C121B537DA3AD87481C0502CACE462, E0FC2AC71B60C796DCD03217A510C47425FB7783713FCCC477130E69715D2B8D ] TeamViewer      C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
23:09:16.0247 0x1794  TeamViewer - ok
23:09:16.0282 0x1794  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:09:16.0291 0x1794  TermDD - ok
23:09:16.0421 0x1794  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
23:09:16.0474 0x1794  TermService - ok
23:09:16.0493 0x1794  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:09:16.0505 0x1794  Themes - ok
23:09:16.0650 0x1794  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:09:16.0680 0x1794  THREADORDER - ok
23:09:16.0723 0x1794  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:09:16.0750 0x1794  TrkWks - ok
23:09:16.0776 0x1794  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:09:16.0802 0x1794  TrustedInstaller - ok
23:09:16.0865 0x1794  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:09:16.0883 0x1794  tssecsrv - ok
23:09:16.0906 0x1794  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:09:16.0917 0x1794  TsUsbFlt - ok
23:09:16.0930 0x1794  [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
23:09:16.0940 0x1794  TsUsbGD - ok
23:09:16.0967 0x1794  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:09:16.0992 0x1794  tunnel - ok
23:09:17.0006 0x1794  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:09:17.0014 0x1794  uagp35 - ok
23:09:17.0030 0x1794  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:09:17.0060 0x1794  udfs - ok
23:09:17.0079 0x1794  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:09:17.0089 0x1794  UI0Detect - ok
23:09:17.0102 0x1794  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:09:17.0110 0x1794  uliagpkx - ok
23:09:17.0125 0x1794  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:09:17.0133 0x1794  umbus - ok
23:09:17.0145 0x1794  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\drivers\umpass.sys
23:09:17.0152 0x1794  UmPass - ok
23:09:17.0175 0x1794  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
23:09:17.0187 0x1794  UmRdpService - ok
23:09:17.0230 0x1794  [ 67A95B9D129ED5399E7965CD09CF30E7, F1F2F684146F1CCB293BB9871117B8CFC1D04588A830F67CE5D3F0D034D93B2A ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:09:17.0244 0x1794  UMVPFSrv - ok
23:09:17.0257 0x1794  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:09:17.0289 0x1794  upnphost - ok
23:09:17.0318 0x1794  [ C9E9D59C0099A9FF51697E9306A44240, 78D9A7A5E5742962B6978F475BF06CB32262F1D214699D3D40538476A58012A1 ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
23:09:17.0325 0x1794  USBAAPL64 - ok
23:09:17.0378 0x1794  [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
23:09:17.0412 0x1794  usbaudio - ok
23:09:17.0551 0x1794  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:09:17.0560 0x1794  usbccgp - ok
23:09:17.0609 0x1794  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:09:17.0617 0x1794  usbcir - ok
23:09:17.0642 0x1794  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:09:17.0650 0x1794  usbehci - ok
23:09:17.0678 0x1794  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:09:17.0692 0x1794  usbhub - ok
23:09:17.0712 0x1794  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
23:09:17.0719 0x1794  usbohci - ok
23:09:17.0733 0x1794  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:09:17.0742 0x1794  usbprint - ok
23:09:17.0764 0x1794  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:09:17.0772 0x1794  USBSTOR - ok
23:09:17.0784 0x1794  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:09:17.0791 0x1794  usbuhci - ok
23:09:17.0799 0x1794  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:09:17.0825 0x1794  UxSms - ok
23:09:17.0829 0x1794  [ 4D71227301DD8D09097B9E4CC6527E5A, 193D47ADCB722B581CC0F29B794AB3E455B6E9BEA367CE9A5216A09E055B7F1E ] VaultSvc        C:\Windows\system32\lsass.exe
23:09:17.0838 0x1794  VaultSvc - ok
23:09:17.0859 0x1794  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:09:17.0867 0x1794  vdrvroot - ok
23:09:17.0887 0x1794  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:09:17.0922 0x1794  vds - ok
23:09:17.0930 0x1794  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:09:17.0939 0x1794  vga - ok
23:09:17.0943 0x1794  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:09:17.0966 0x1794  VgaSave - ok
23:09:17.0977 0x1794  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:09:17.0987 0x1794  vhdmp - ok
23:09:17.0995 0x1794  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:09:18.0002 0x1794  viaide - ok
23:09:18.0089 0x1794  [ 549CD7035F5CF5CEE4DE11539C9715F4, 6FED4D5161420890A92C3B811B4CBD18A1A106D5F5E674166E538E65A1C68E04 ] VMAuthdService  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
23:09:18.0097 0x1794  VMAuthdService - ok
23:09:18.0122 0x1794  [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
23:09:18.0133 0x1794  vmbus - ok
23:09:18.0144 0x1794  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
23:09:18.0151 0x1794  VMBusHID - ok
23:09:18.0204 0x1794  [ BE8E5E5D53ACF71D4E8E686B68C99B04, 4F30A360095FCB2627068FA6A65A951688058E8FDDF5CE895E2AE39500A413B1 ] vmci            C:\Windows\system32\DRIVERS\vmci.sys
23:09:18.0211 0x1794  vmci - ok
23:09:18.0241 0x1794  [ 18AA5F4A3B1204AD00045EE5AD39BCDB, 0211A8E94F169A2A52CD39CD580293907EBE104E52038DC36B988DE1CA7F2392 ] VMnetAdapter    C:\Windows\system32\DRIVERS\vmnetadapter.sys
23:09:18.0247 0x1794  VMnetAdapter - ok
23:09:18.0271 0x1794  [ 04CD4347CD9E8C40F78AD51F7FF426D0, BCA3E593E118BCA30142B23CD1CBE6905442D31C3DEB4C71B06D721E601F7BD8 ] VMnetBridge     C:\Windows\system32\DRIVERS\vmnetbridge.sys
23:09:18.0278 0x1794  VMnetBridge - ok
23:09:18.0280 0x1794  VMnetDHCP - ok
23:09:18.0283 0x1794  [ 668C12E04D5AB4981864B12494AF907F, 20D94E5E060EB04558B39B33A81C989D7F9DB52C7378FECF9D430F1DC385E4E0 ] VMnetuserif     C:\Windows\system32\drivers\vmnetuserif.sys
23:09:18.0289 0x1794  VMnetuserif - ok
23:09:18.0296 0x1794  [ 344244FC6F299FBE6F09FB0FC7FDEC0C, 97323F17C95846F93C16E757B4C20D47660ED88DD390767BB81ACF6BA5C1566A ] VMparport       C:\Windows\system32\drivers\VMparport.sys
23:09:18.0302 0x1794  VMparport - ok
23:09:18.0354 0x1794  [ F347A28F63162FF82BDDAADC14935BA4, 44C11B483CCA161E7097ED74C819464FE99C1E6AA9B1AB6A637BACDA6EF48519 ] vmusb           C:\Windows\system32\DRIVERS\vmusb.sys
23:09:18.0377 0x1794  vmusb - ok
23:09:18.0452 0x1794  [ 093B967896BA9EF2ADFCD75E185B9DA9, 3D6F5FF56311D4B506D02F77620B80EDB54E6E560BDF53AC9F3CDBB037D0ACA0 ] VMUSBArbService C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
23:09:18.0480 0x1794  VMUSBArbService - ok
23:09:18.0485 0x1794  VMware NAT Service - ok
23:09:18.0898 0x1794  [ F42CA2A1F8987CCE13BBE7582D90F35C, 673B9D96883D6557593C75F9A31959B916F56CA1549277B88E372261B7BFD6DA ] VMwareHostd     C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
23:09:19.0185 0x1794  VMwareHostd - ok
23:09:19.0217 0x1794  [ EBAC38A198308359FD89C10704265E5E, 7C234FE34D6A65D754F8B2EA0458365997CF97B88779B01551E5227910943224 ] vmx86           C:\Windows\system32\drivers\vmx86.sys
23:09:19.0224 0x1794  vmx86 - ok
23:09:19.0231 0x1794  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:09:19.0239 0x1794  volmgr - ok
23:09:19.0261 0x1794  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:09:19.0274 0x1794  volmgrx - ok
23:09:19.0288 0x1794  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:09:19.0301 0x1794  volsnap - ok
23:09:19.0315 0x1794  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
23:09:19.0324 0x1794  vsmraid - ok
23:09:19.0336 0x1794  [ CB4D2E3C5E8BFA3CF6AFFF6DDC6CC70D, 32A891045AF36FEAC62373894B98ABDCEA437978BDE027169C22EBC2C72D586E ] vsock           C:\Windows\system32\drivers\vsock.sys
23:09:19.0343 0x1794  vsock - ok
23:09:19.0404 0x1794  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:09:19.0465 0x1794  VSS - ok
23:09:19.0489 0x1794  [ E7CE8988B98202A5CF429CA358D26CC5, 773E38E263D2EB179E8767809ED4B98CDECEA4BD970AAE0BB31FD6D219E5E079 ] vstor2-mntapi20-shared C:\Windows\syswow64\drivers\vstor2-mntapi20-shared.sys
23:09:19.0495 0x1794  vstor2-mntapi20-shared - ok
23:09:19.0506 0x1794  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:09:19.0515 0x1794  vwifibus - ok
23:09:19.0530 0x1794  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:09:19.0563 0x1794  W32Time - ok
23:09:19.0573 0x1794  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:09:19.0581 0x1794  WacomPen - ok
23:09:19.0600 0x1794  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:09:19.0624 0x1794  WANARP - ok
23:09:19.0628 0x1794  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:09:19.0652 0x1794  Wanarpv6 - ok
23:09:19.0709 0x1794  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:09:19.0741 0x1794  WatAdminSvc - ok
23:09:19.0800 0x1794  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:09:19.0841 0x1794  wbengine - ok
23:09:19.0855 0x1794  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:09:19.0871 0x1794  WbioSrvc - ok
23:09:19.0892 0x1794  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:09:19.0912 0x1794  wcncsvc - ok
23:09:19.0919 0x1794  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:09:19.0927 0x1794  WcsPlugInService - ok
23:09:19.0942 0x1794  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
23:09:19.0949 0x1794  Wd - ok
23:09:20.0003 0x1794  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:09:20.0027 0x1794  Wdf01000 - ok
23:09:20.0053 0x1794  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:09:20.0066 0x1794  WdiServiceHost - ok
23:09:20.0071 0x1794  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:09:20.0084 0x1794  WdiSystemHost - ok
23:09:20.0099 0x1794  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:09:20.0112 0x1794  WebClient - ok
23:09:20.0127 0x1794  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:09:20.0157 0x1794  Wecsvc - ok
23:09:20.0167 0x1794  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:09:20.0193 0x1794  wercplsupport - ok
23:09:20.0208 0x1794  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:09:20.0234 0x1794  WerSvc - ok
23:09:20.0239 0x1794  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:09:20.0262 0x1794  WfpLwf - ok
23:09:20.0266 0x1794  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:09:20.0273 0x1794  WIMMount - ok
23:09:20.0283 0x1794  WinDefend - ok
23:09:20.0288 0x1794  WinHttpAutoProxySvc - ok
23:09:20.0316 0x1794  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:09:20.0344 0x1794  Winmgmt - ok
23:09:20.0412 0x1794  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:09:20.0481 0x1794  WinRM - ok
23:09:20.0517 0x1794  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:09:20.0527 0x1794  WinUsb - ok
23:09:20.0558 0x1794  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:09:20.0589 0x1794  Wlansvc - ok
23:09:20.0604 0x1794  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:09:20.0612 0x1794  WmiAcpi - ok
23:09:20.0627 0x1794  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:09:20.0639 0x1794  wmiApSrv - ok
23:09:20.0651 0x1794  WMPNetworkSvc - ok
23:09:20.0661 0x1794  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:09:20.0670 0x1794  WPCSvc - ok
23:09:20.0685 0x1794  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:09:20.0696 0x1794  WPDBusEnum - ok
23:09:20.0709 0x1794  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:09:20.0733 0x1794  ws2ifsl - ok
23:09:20.0738 0x1794  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:09:20.0751 0x1794  wscsvc - ok
23:09:20.0754 0x1794  WSearch - ok
23:09:20.0826 0x1794  [ D9EF901DCA379CFE914E9FA13B73B4C4, 3BE9693B7B2AFEE23D72AF5DA211379724D752F0EC18ACB7D3DE3DDFC5AE0004 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:09:20.0883 0x1794  wuauserv - ok
23:09:20.0926 0x1794  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:09:20.0953 0x1794  WudfPf - ok
23:09:21.0002 0x1794  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:09:21.0042 0x1794  WUDFRd - ok
23:09:21.0061 0x1794  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:09:21.0074 0x1794  wudfsvc - ok
23:09:21.0103 0x1794  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:09:21.0116 0x1794  WwanSvc - ok
23:09:21.0177 0x1794  [ 2EE48CFCE7CA8E0DB4C44C7476C0943B, 2C324592F3F2D50BABA7123B6F9FC922667CC132777E019FF615F2D6F273A45E ] xusb21          C:\Windows\system32\DRIVERS\xusb21.sys
23:09:21.0204 0x1794  xusb21 - ok
23:09:21.0242 0x1794  ================ Scan global ===============================
23:09:21.0271 0x1794  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:09:21.0310 0x1794  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:09:21.0329 0x1794  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:09:21.0352 0x1794  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:09:21.0386 0x1794  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:09:21.0396 0x1794  [ Global ] - ok
23:09:21.0396 0x1794  ================ Scan MBR ==================================
23:09:21.0402 0x1794  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:09:21.0593 0x1794  \Device\Harddisk0\DR0 - ok
23:09:21.0594 0x1794  ================ Scan VBR ==================================
23:09:21.0601 0x1794  [ 8C4D27EEBB72A0C9F1632B5F18D44308 ] \Device\Harddisk0\DR0\Partition1
23:09:21.0660 0x1794  \Device\Harddisk0\DR0\Partition1 - ok
23:09:21.0667 0x1794  [ 1B8319F04D237B584BAB4CD7BD03926D ] \Device\Harddisk0\DR0\Partition2
23:09:21.0716 0x1794  \Device\Harddisk0\DR0\Partition2 - ok
23:09:21.0717 0x1794  ================ Scan generic autorun ======================
23:09:22.0606 0x1794  [ C3DEFB0B48ED819E6C794E13D1544F19, BBB7B73FED61A5CCC391700D24B9EAF333528820B7697EEB010EBD9EC17FDF9E ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
23:09:22.0867 0x1794  RtHDVCpl - ok
23:09:23.0450 0x1794  [ 7C73B5C50CAEDB1771A049142026906B, A4992339D71A9297963C70616C4124BD701E46AEE439E09C392C2B2EBAE624E6 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
23:09:23.0476 0x1794  StartCCC - ok
23:09:23.0541 0x1794  [ 8943465BEFA91044227D42E84ECB8280, 76D19CE3EB7E6C6573F250543CDC10B3601604535BFB756805AE246FA55AC265 ] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
23:09:23.0569 0x1794  NUSB3MON - ok
23:09:23.0672 0x1794  [ 68A85B8EA26B65C91B73BE8D0ED52C3F, 4D00624CBF2FC739CF1672220062F5E0A54A56D4127A0B0AF093F12BF2E79C2F ] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
23:09:23.0700 0x1794  Razer Naga Driver - ok
23:09:23.0817 0x1794  [ 61E4289E91E88C90478D7F4BEB10DCF7, 1D0F4034E0111CF5758F470C15A22A0A28EB8269CB5BF07222C9C0FB07A15C55 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
23:09:23.0839 0x1794  APSDaemon - ok
23:09:23.0948 0x1794  [ 247FD3171B3E08CFCC8ACB540818CA15, 7F1195A40187C04CEE532B258421A3422AACA16BE54FD55F12966DC00FDBDCC4 ] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
23:09:23.0974 0x1794  IJNetworkScannerSelectorEX - ok
23:09:24.0079 0x1794  [ 08E7173D1B74095335052459200CB1EA, 5B6EB8A65B5F451BF6115EB7CD1355E5870E6D764F22D767D13216BF17C5668F ] C:\Program Files (x86)\QuickTime\QTTask.exe
23:09:24.0113 0x1794  QuickTime Task - detected UnsignedFile.Multi.Generic ( 1 )
23:09:27.0398 0x1794  Detect skipped due to KSN trusted
23:09:27.0398 0x1794  QuickTime Task - ok
23:09:27.0437 0x1794  [ 14D6542607ACD4B2D1DDB1A36E0D8813, 3A270600549E8E7988D5AF3486C0F504269B9573393D87BF87BDB2287BF007B2 ] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
23:09:27.0453 0x1794  SunJavaUpdateSched - ok
23:09:27.0543 0x1794  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:09:27.0614 0x1794  Sidebar - ok
23:09:27.0652 0x1794  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:09:27.0696 0x1794  mctadmin - ok
23:09:27.0749 0x1794  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:09:27.0788 0x1794  Sidebar - ok
23:09:27.0794 0x1794  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:09:27.0807 0x1794  mctadmin - ok
23:09:27.0871 0x1794  GoogleDriveSync - ok
23:09:28.0039 0x1794  [ AFE3883FB37A5567C913E7DFCF2924A5, 3CA38EE302E0FF343DB87AE90DA868DCE5B7B490C2AA32164AF8DD4773482265 ] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
23:09:28.0112 0x1794  DAEMON Tools Lite - ok
23:09:28.0139 0x1794  Skype - ok
23:09:28.0140 0x1794  Waiting for KSN requests completion. In queue: 14
23:09:29.0140 0x1794  Waiting for KSN requests completion. In queue: 14
23:09:30.0140 0x1794  Waiting for KSN requests completion. In queue: 14
23:09:31.0140 0x1794  Waiting for KSN requests completion. In queue: 14
23:09:32.0320 0x1794  Win FW state via NFP2: enabled
23:09:35.0363 0x1794  ============================================================
23:09:35.0363 0x1794  Scan finished
23:09:35.0363 0x1794  ============================================================
23:09:35.0372 0x0aa0  Detected object count: 1
23:09:35.0372 0x0aa0  Actual detected object count: 1
23:10:46.0998 0x0aa0  HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
23:10:46.0998 0x0aa0  HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip 


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 23 January 2015 - 05:21 PM

Step 1

Please install an antivirus program...

Step 2

secheck.png
Please download SecurityCheck and save the file to your Desktop.
  • Double-click SecurityCheck.exe and follow the onscreen instructions inside the black box.
  • A log (checkup.txt) will automatically open on your Desktop.
  • Copy the contents of the log and paste in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 fengil

fengil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 23 January 2015 - 08:09 PM

I just installed avast after the TDSSKiller scan,

 

here is the SecurityCheck log:

 

 Results of screen317's Security Check version 0.99.95  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 71  
 Adobe Flash Player 10 Flash Player out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Reader XI  
 Google Chrome (39.0.2171.99) 
 Google Chrome (40.0.2214.91) 
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastUi.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: = 
````````````````````End of Log`````````````````````` 


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 24 January 2015 - 11:51 AM

Ok,
please go ahead with the following steps:

Step 1

emsisoft_emergency_kit.pnglogo.png
  • Download EEK and extract the contents to C:\
  • Double-click the desktop-shortcut to start the tool.
  • Click in the following update-screen "Yes" to obtain the latest malware definitions.
  • Once the update is complete click "Scan".
  • Enable "PUPs" detection (1) and click on "Full Scan" (2).
  • If adware/malware was detected, make sure to check all the items and click "Quarantine selected" (1) and afterwards "view report" (2).
  • Please paste the content of the report in your next reply.
EKK.gif

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 fengil

fengil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 24 January 2015 - 03:32 PM

EEK Report
 
Emsisoft Emergency Kit - Version 9.0
Dern. mise à jour : 24/01/2015 18:28:51
Compte d'utilisateur : Remi-PC\Remi
 
Paramètres du balayage :
 
Type de balayage : Scan complet (full scan)
Objets : Root-kits, Mémoire, Traces, C:\
 
Détecter les PUPs : Marche
Recherche dans les archives : Marche
Balayage des ADS : Marche
Filtre d'extension de fichier : Arrêt
Caching avancé : Marche
Accès direct de disque dur : Arrêt
 
Début de l'analyse : 24/01/2015 18:30:18
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} fichiers détectés : Application.Win32.WebApp (A)
C:\Users\Remi\AppData\Roaming\getrighttogo fichiers détectés : Application.AppInstall (A)
C:\Users\Remi\AppData\Local\software fichiers détectés : Application.AppInstall (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} fichiers détectés : Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESRV.EXE fichiers détectés : Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} fichiers détectés : Application.AdReg (A)
C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eGdpSvc.exe.vir fichiers détectés : Gen:Variant.Kazy.233728 (B)
C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Local\Bundled software uninstaller\bi_client.exe.vir fichiers détectés : Application.Win32.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\eIntaller\A87E7D04441F4633BA4B1D193AD969A0\eGdpSvc.exe.vir fichiers détectés : Gen:Variant.Kazy.233728 (B)
C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\eIntaller\A87E7D04441F4633BA4B1D193AD969A0\eXQ-nt.exe.vir fichiers détectés : Application.Win32.InstallAd (A)
C:\Program Files (x86)\South Park The Stick of Truth\winmm.dll fichiers détectés : Gen:Variant.Kazy.56237 (B)
C:\ProgramData\Rosetta Stone\Content\data\c5\5\c55197034a3368b905ecf81ed0b350e3856b6e7b fichiers détectés : Exploit.CVE-2007-0071.Gen (B)
C:\Users\Remi\Downloads\artefact\Artefact Voter.exe fichiers détectés : Trojan.Generic.12289841 (B)
C:\Users\Remi\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe fichiers détectés : Application.Win32.InstallAd (A)
 
Analysé 580284
Objets trouvés 14
 
Fin du balayage : 24/01/2015 21:18:45
Temps de balayage : 2:48:27
 
C:\Users\Remi\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe En quarantaine Application.Win32.InstallAd (A)
C:\Users\Remi\Downloads\artefact\Artefact Voter.exe En quarantaine Trojan.Generic.12289841 (B)
C:\ProgramData\Rosetta Stone\Content\data\c5\5\c55197034a3368b905ecf81ed0b350e3856b6e7b En quarantaine Exploit.CVE-2007-0071.Gen (B)
C:\Program Files (x86)\South Park The Stick of Truth\winmm.dll En quarantaine Gen:Variant.Kazy.56237 (B)
C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\eIntaller\A87E7D04441F4633BA4B1D193AD969A0\eXQ-nt.exe.vir En quarantaine Application.Win32.InstallAd (A)
C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\eIntaller\A87E7D04441F4633BA4B1D193AD969A0\eGdpSvc.exe.vir En quarantaine Gen:Variant.Kazy.233728 (B)
C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Local\Bundled software uninstaller\bi_client.exe.vir En quarantaine Application.Win32.InstallAd (A)
C:\AdwCleaner\Quarantine\C\ProgramData\eSafe\eGdpSvc.exe.vir En quarantaine Gen:Variant.Kazy.233728 (B)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} En quarantaine Application.AdReg (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\ESRV.EXE En quarantaine Application.Win32.WSearch (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\{C292AD0A-C11F-479B-B8DB-743E72D283B0} En quarantaine Application.Win32.WSearch (A)
C:\Users\Remi\AppData\Local\software En quarantaine Application.AppInstall (A)
C:\Users\Remi\AppData\Roaming\getrighttogo En quarantaine Application.AppInstall (A)
 
 
En quarantaine 13
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2015 01
Ran by Remi (administrator) on REMI-PC on 24-01-2015 21:28:38
Running from C:\Users\Remi\Desktop
Loaded Profiles: Remi (Available profiles: Remi)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Razer USA Ltd) C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Emsisoft GmbH) C:\EEK\bin\a2emergencykit.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Remi\Downloads\ro\RO\ggRO.exe
() C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\TuxGuitar-Jet\tuxguitar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13513288 2013-03-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Razer Naga Driver] => C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe [953232 2011-11-16] (Razer USA Ltd)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452272 2012-08-31] (CANON INC.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-23] (AVAST Software)
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22869088 2014-10-21] (Google)
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
Startup: C:\Users\Remi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [cwbNotSynchroOverlay] -> {d8d92f57-17f6-4696-a8c0-6b74beeae2a4} => C:\Program Files\Cloudwatt-box\cwbNotSynchroOverlay.dll No File
ShellIconOverlayIdentifiers: [cwbRoomIconOverlay] -> {ae160070-f8ff-41d8-b950-ad6a7de8b1a1} => C:\Program Files\Cloudwatt-box\cwbRoomOverlay.dll No File
ShellIconOverlayIdentifiers: [cwbSynchroOverlay] -> {49ec8ded-d8a3-49c9-b27d-781fcca3fa00} => C:\Program Files\Cloudwatt-box\cwbSynchroOverlay.dll No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://fr.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{934D53E4-493B-474F-A649-A3089F3B0DE3}: [NameServer] 212.27.40.240,212.27.40.241
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-23]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://google.fr/"
CHR Profile: C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (AdBlock) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-01-22]
CHR Extension: (Avast Online Security) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-24]
CHR HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Remi\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-02-28]
CHR HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-23]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-23] (AVAST Software)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [448384 2014-12-13] ()
S2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9216 2014-08-22] (Hi-Rez Studios) [File not signed]
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2818896 2014-01-20] (CybelSoft)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5352960 2011-04-07] (Native Instruments GmbH) [File not signed]
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-17] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-12-22] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14405200 2013-10-18] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2015-01-24] (Emsisoft GmbH)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-23] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-23] ()
R3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-01-24] (Emsisoft GmbH)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-07-22] (DT Soft Ltd)
S3 L6UX2; C:\Windows\System32\Drivers\L6UX264.sys [772864 2013-07-11] (Line 6)
S3 ma-config_amd64; C:\Program Files\ma-config.com\Drivers\ma-config_amd64.sys [17568 2013-10-23] (CybelSoft)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 RzSynapse; C:\Windows\System32\DRIVERS\RzSynapse.sys [126464 2011-11-15] (Razer USA Ltd)
R2 VMparport; C:\Windows\system32\drivers\VMparport.sys [31824 2013-10-18] (VMware, Inc.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 21:28 - 2015-01-24 21:28 - 00000000 ____D () C:\Users\Remi\Desktop\FRST-OlderVersion
2015-01-24 18:26 - 2015-01-24 18:26 - 00000743 _____ () C:\Users\Remi\Desktop\Start Emsisoft Emergency Kit.lnk
2015-01-24 18:25 - 2015-01-24 18:27 - 00000000 ____D () C:\EEK
2015-01-24 18:11 - 2015-01-24 18:25 - 168332280 _____ () C:\Users\Remi\Downloads\EmsisoftEmergencyKit.exe
2015-01-24 02:01 - 2015-01-24 02:02 - 00852573 _____ () C:\Users\Remi\Downloads\SecurityCheck.exe
2015-01-23 23:12 - 2015-01-24 12:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-23 23:12 - 2015-01-23 23:12 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-23 23:12 - 2015-01-23 23:12 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\AVAST Software
2015-01-23 23:12 - 2015-01-23 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-23 23:11 - 2015-01-23 23:12 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-23 23:11 - 2015-01-23 23:12 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-23 23:11 - 2015-01-23 23:11 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-23 23:11 - 2015-01-23 23:11 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-23 23:11 - 2015-01-23 23:11 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-23 23:11 - 2015-01-23 23:11 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-23 23:11 - 2015-01-23 23:11 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-23 23:11 - 2015-01-23 23:11 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-23 23:11 - 2015-01-23 23:11 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-23 23:11 - 2015-01-23 23:11 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-23 23:07 - 2015-01-23 23:07 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-23 23:05 - 2015-01-23 23:07 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-23 23:05 - 2015-01-23 23:05 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Remi\Downloads\tdsskiller.exe
2015-01-23 23:04 - 2015-01-23 23:05 - 05006864 _____ (AVAST Software) C:\Users\Remi\Downloads\avast_free_antivirus_setup_online.exe
2015-01-23 20:02 - 2015-01-23 20:03 - 00036341 _____ () C:\Users\Remi\Desktop\Addition.txt
2015-01-23 20:01 - 2015-01-24 21:29 - 00018098 _____ () C:\Users\Remi\Desktop\FRST.txt
2015-01-23 20:01 - 2015-01-24 21:28 - 02129920 _____ (Farbar) C:\Users\Remi\Desktop\FRST64.exe
2015-01-23 20:01 - 2015-01-24 21:28 - 00000000 ____D () C:\FRST
2015-01-22 14:24 - 2015-01-22 14:37 - 00000021 _____ () C:\Users\Remi\Desktop\Nouveau document texte.txt
2015-01-22 14:15 - 2015-01-22 14:17 - 00014669 _____ () C:\Users\Remi\Desktop\dds.txt
2015-01-22 14:15 - 2015-01-22 14:17 - 00006750 _____ () C:\Users\Remi\Desktop\attach.txt
2015-01-22 14:15 - 2015-01-22 14:15 - 00001751 _____ () C:\Users\Remi\Desktop\roguekiller.txt
2015-01-22 14:13 - 2015-01-22 14:14 - 00688992 ____R (Swearware) C:\Users\Remi\Downloads\dds.com
2015-01-22 13:48 - 2015-01-22 13:48 - 00079064 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\atghvbhn.sys
2015-01-22 13:48 - 2015-01-22 13:48 - 00002236 _____ () C:\Windows\SysWOW64\pffsh
2015-01-22 13:31 - 2015-01-22 13:31 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-22 13:31 - 2015-01-22 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-22 13:31 - 2015-01-22 13:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-22 13:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-22 13:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-22 13:30 - 2015-01-22 13:31 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Remi\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-22 13:24 - 2015-01-22 13:25 - 18570328 _____ () C:\Users\Remi\Desktop\RogueKillerX64.exe
2015-01-22 13:21 - 2015-01-24 12:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-22 13:21 - 2015-01-22 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-22 13:21 - 2015-01-22 13:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-22 13:16 - 2015-01-22 14:23 - 00000000 ____D () C:\Users\Remi\Desktop\mbar
2015-01-22 13:16 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-22 13:13 - 2015-01-22 13:16 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Remi\Downloads\mbar-1.08.3.1004.exe
2015-01-20 22:19 - 2015-01-20 22:27 - 58031161 _____ () C:\Users\Remi\Documents\UnderTheSkinBON.wmv
2015-01-20 03:31 - 2015-01-20 03:54 - 57223149 _____ () C:\Users\Remi\Documents\UnderTheSkin.wmv
2015-01-20 01:26 - 2015-01-20 23:47 - 00031656 _____ () C:\Users\Remi\Documents\Sans titre.veg
2015-01-20 01:26 - 2015-01-20 04:25 - 00032000 _____ () C:\Users\Remi\Documents\Sans titre.veg.bak
2015-01-19 22:23 - 2015-01-19 22:27 - 00010024 _____ () C:\Users\Remi\Desktop\quality riff.gp5
2015-01-19 17:53 - 2015-01-19 17:53 - 00276216 _____ () C:\Windows\Minidump\011915-19390-01.dmp
2015-01-19 17:14 - 2015-01-19 17:14 - 00276216 _____ () C:\Windows\Minidump\011915-24523-01.dmp
2015-01-18 02:02 - 2015-01-18 02:02 - 00033179 _____ () C:\Users\Remi\Desktop\test3.gp5
2015-01-18 01:52 - 2015-01-18 01:52 - 00005135 _____ () C:\Users\Remi\Desktop\test2.gp5
2015-01-18 01:45 - 2015-01-18 01:45 - 00004924 _____ () C:\Users\Remi\Desktop\test.gp5
2015-01-18 01:41 - 2015-01-18 01:52 - 00017024 _____ () C:\Users\Remi\Desktop\test.gpx
2015-01-18 01:31 - 2015-01-18 01:31 - 00006356 _____ () C:\Users\Remi\Desktop\carnival.gp5
2015-01-17 13:33 - 2015-01-17 13:33 - 00212379 _____ () C:\Users\Remi\Downloads\AMC [1].exe
2015-01-12 00:45 - 2015-01-12 00:45 - 00001387 _____ () C:\Users\Remi\Desktop\ggRO Patch Client.exe - Raccourci.lnk
2015-01-12 00:00 - 2015-01-12 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ggRO [LITE]
2015-01-12 00:00 - 2015-01-12 00:29 - 00000000 ____D () C:\Program Files (x86)\ggRO [LITE]
2015-01-11 23:51 - 2015-01-12 00:29 - 00000000 ____D () C:\Users\Remi\Downloads\ro
2015-01-11 18:31 - 2015-01-11 18:31 - 00028009 _____ () C:\Users\Remi\Desktop\compo-dark.gp5
2015-01-11 13:30 - 2015-01-19 17:12 - 00000000 ____D () C:\Users\Remi\Desktop\yassin
2015-01-01 20:29 - 2015-01-16 03:08 - 00000000 ____D () C:\Users\Remi\Downloads\Sylosis
2014-12-29 13:56 - 2014-12-29 13:56 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2014-12-29 12:48 - 2014-12-29 12:48 - 00000000 ____H () C:\Users\Remi\Documents\Default.rdp
2014-12-28 17:26 - 2015-01-11 01:44 - 00000000 ____D () C:\Users\Remi\Desktop\Paul
2014-12-25 16:44 - 2014-12-25 16:44 - 00010399 _____ () C:\Users\Remi\Desktop\GarrisonMissionManager-v16.zip
2014-12-25 10:23 - 2014-12-25 20:46 - 737544192 _____ () C:\Users\Remi\Downloads\Qu.est.Ce.Qu.on.A.Fait.Au.Bon.Dieu.2014.FRENCH.DVDRiP.XviD-ZT.avi
2014-12-25 10:22 - 2014-12-25 10:22 - 00001229 _____ () C:\Users\Remi\Desktop\Qu.est.Ce.Qu.on.A.Fait.Au.Bon.Dieu.2014.FRENCH.DVDRiP.XviD-ZT.avi.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 21:21 - 2014-08-19 09:18 - 00000000 ____D () C:\Users\Remi\Downloads\artefact
2015-01-24 21:21 - 2014-03-10 18:20 - 00000000 ____D () C:\Program Files (x86)\South Park The Stick of Truth
2015-01-24 21:08 - 2013-07-20 16:04 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Skype
2015-01-24 20:38 - 2013-07-20 15:40 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 15:53 - 2013-07-20 14:55 - 01829846 _____ () C:\Windows\WindowsUpdate.log
2015-01-24 12:02 - 2013-07-20 16:18 - 00000000 ___RD () C:\Users\Remi\Dropbox
2015-01-24 12:02 - 2013-07-20 16:03 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Dropbox
2015-01-24 12:01 - 2014-04-09 18:04 - 00000000 ____D () C:\ProgramData\VMware
2015-01-24 12:00 - 2014-02-13 18:07 - 00000000 ___RD () C:\Users\Remi\Google Drive
2015-01-24 12:00 - 2013-07-20 15:40 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 11:59 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 11:58 - 2014-08-26 08:56 - 00015232 _____ () C:\Windows\PFRO.log
2015-01-24 11:58 - 2014-08-19 07:03 - 00019479 _____ () C:\Windows\setupact.log
2015-01-23 18:18 - 2013-07-21 12:27 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\vlc
2015-01-23 03:00 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-23 03:00 - 2009-07-14 05:45 - 00016656 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-22 13:57 - 2014-10-02 10:36 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-21 01:41 - 2013-07-20 15:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-01-20 23:59 - 2013-07-21 12:29 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Audacity
2015-01-20 17:04 - 2013-07-20 15:33 - 00000000 ____D () C:\Users\Remi\Desktop\Remi
2015-01-20 03:52 - 2014-08-09 15:53 - 00000000 ____D () C:\Users\Remi\Desktop\morra
2015-01-19 17:53 - 2014-09-16 16:07 - 596316537 _____ () C:\Windows\MEMORY.DMP
2015-01-19 17:53 - 2013-09-02 18:42 - 00000000 ____D () C:\Windows\Minidump
2015-01-19 17:53 - 2009-07-14 06:08 - 00032496 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-19 04:19 - 2013-12-11 20:04 - 00000000 ____D () C:\Users\Remi\AppData\Local\Battle.net
2015-01-17 19:31 - 2014-07-08 16:54 - 00000000 ____D () C:\ProgramData\Origin
2015-01-17 19:31 - 2014-07-08 16:54 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-01-16 03:19 - 2013-07-26 17:27 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\uTorrent
2015-01-15 13:17 - 2014-03-11 07:43 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-01-11 22:07 - 2014-12-05 00:07 - 00000000 ____D () C:\Users\Remi\Downloads\Game.of.Thrones.Episode.1-CODEX
2015-01-10 23:47 - 2013-08-09 18:43 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\Mumble
2015-01-09 14:26 - 2013-08-13 19:45 - 00000000 ____D () C:\Users\Remi\AppData\Roaming\TS3Client
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 19:00 - 2014-12-05 15:18 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-01-05 13:42 - 2014-10-09 10:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-05 13:42 - 2013-07-20 16:00 - 00000000 ____D () C:\ProgramData\Skype
2014-12-30 12:01 - 2013-07-20 15:56 - 00118832 _____ () C:\Users\Remi\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-30 11:58 - 2009-07-14 05:45 - 00463592 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-29 13:57 - 2014-03-04 19:49 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-12-29 12:24 - 2011-04-12 10:16 - 00753152 _____ () C:\Windows\system32\perfh00C.dat
2014-12-29 12:24 - 2011-04-12 10:16 - 00152436 _____ () C:\Windows\system32\perfc00C.dat
2014-12-29 12:24 - 2009-07-14 06:13 - 01685832 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-28 13:36 - 2014-08-31 12:19 - 00000049 _____ () C:\Users\Remi\Desktop\film a voir.txt
 
==================== Files in the root of some directories =======
 
2013-11-03 11:04 - 2014-05-07 11:45 - 0000016 _____ () C:\Users\Remi\AppData\Roaming\msregsvv.dll
2014-01-25 09:51 - 2014-02-14 08:51 - 0000123 _____ () C:\Users\Remi\AppData\Roaming\WB.CFG
2014-02-12 23:10 - 2014-02-13 18:07 - 0000313 _____ () C:\Users\Remi\AppData\Local\.txt
2013-11-03 11:04 - 2014-05-07 11:45 - 0000016 _____ () C:\ProgramData\autobk.inc
 
Some content of TEMP:
====================
C:\Users\Remi\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Remi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdc6ea7.dll
C:\Users\Remi\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Remi\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Remi\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 13:08
 
==================== End Of Log ============================
 
addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by Remi at 2015-01-24 21:29:24
Running from C:\Users\Remi\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.181.14 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Français (HKLM-x32\...\{AC76BA86-7AD7-1036-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AmpliTube 3 version 3.8.0 (HKLM\...\{DA5202AC-12BF-4330-B8EA-BC77F991FA1C}_is1) (Version: 3.8.0 - IK Multimedia)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Archeage Beta (HKLM-x32\...\Glyph Archeage Beta) (Version:  - Trion Worlds, Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.3.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
AVCWare Video Converter Platinum (HKLM-x32\...\AVCWare Video Converter Platinum) (Version: 7.0.0.1121 - AVCWare)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.50.854.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.2.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon MX520 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX520_series) (Version: 1.00 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version:  - Torn Banner Studios)
Chivalry: Medieval Warfare Beta (HKLM-x32\...\Steam App 232210) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dev-C++ 5 beta 9 release (4.9.9.2) (HKLM-x32\...\Dev-C++) (Version:  - )
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dropbox (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 7.1.0.50515 - Electronic Arts, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.4.0.0 - Electronic Arts)
EA SPORTS™ FIFA 15 Demo (HKLM-x32\...\{108C0C19-6316-4944-A62F-C744488F8639}) (Version: 1.0.0.0 - Electronic Arts)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
EZdrummer (HKLM-x32\...\{43E8D9E7-AFC9-4BA3-8106-B95E02B87AB7}) (Version: 1.3.2 - Toontrack)
EZdrummer 2 64-bit (HKLM\...\{B9217824-0EBE-49C7-98A0-A76CC46BBB7D}) (Version: 2.0.0 - Toontrack)
FastStone Capture 5.3 (French) (HKLM-x32\...\FastStone Capture) (Version: 5.3 (French) - FastStone Soft)
FileZilla Client 3.7.3 (HKLM-x32\...\FileZilla Client) (Version: 3.7.3 - Tim Kosse)
FontForge 2012-07-31 (HKLM-x32\...\FontForge) (Version: 2012-07-31 - )
FormatFactory 3.2.0.1 (HKLM-x32\...\FormatFactory) (Version: 3.2.0.1 - Free Time)
Game of Thrones A Telltale Games Series (HKLM-x32\...\Game of Thrones A Telltale Games Series_is1) (Version:  - )
ggRO [LITE] version 1.0.1 (HKLM-x32\...\{6243F980-AF6D-483E-BED1-F32BA1424479}_is1) (Version: 1.0.1 - gg Ragnarok Online)
GiveMeTac 1.1 (HKLM-x32\...\GiveMeTac_is1) (Version:  - Graphys © 2001-2004)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.91 - Google Inc.)
Google Drive (HKLM-x32\...\{C60F3836-333A-4AE2-B526-CFDBA143A9BA}) (Version: 1.18.7821.2489 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Guitar Pro 6 (HKLM-x32\...\{14A487F2-1259-4E6C-AE3C-3C888DDBCB60}_is1) (Version:  - Arobas Music)
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
Hi-Rez Studios Authenticate and Update Service (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}) (Version: 3.0.0.0 - Hi-Rez Studios)
IK Multimedia Authorization Manager version 1.0.5 (HKLM\...\{85BC0DCB-69E5-4279-AA25-F108EF896588}_is1) (Version: 1.0.5 - IK Multimedia)
Infestation Survivor Stories version 1.0 (HKLM-x32\...\{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1) (Version: 1.0 - OP Productions LLC)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Life is Feudal: Your Own (HKLM-x32\...\Steam App 290080) (Version:  - Bitbox Ltd.)
Line 6 Uninstaller (HKLM-x32\...\Line 6 Uninstaller) (Version:  - Line 6)
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7240) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Ma-Config.com (64 bits) (HKLM\...\{CFF24F63-A683-4202-8526-3F9A77A3B0E8}) (Version: 7.1.2.4 - Cybelsoft)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professionnel Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mumble 1.2.4 (HKLM-x32\...\{4D933DC4-EA10-4CDA-99F3-7F6AE9AE491F}) (Version: 1.2.4 - Thorvald Natvig)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version:  - Native Instruments)
Native Instruments Guitar Rig 5 (HKLM-x32\...\Native Instruments Guitar Rig 5) (Version:  - Native Instruments)
Native Instruments Kontakt 5 (HKLM-x32\...\Native Instruments Kontakt 5) (Version:  - Native Instruments)
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version:  - Native Instruments)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.8 - Notepad++ Team)
NSIS Birdfont (HKLM-x32\...\Birdfont) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.10.4710 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.0.29195 - Grinding Gear Games)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PhotoFiltre 7 (HKU\S-1-5-21-832462997-3305788660-3134978908-1000\...\PhotoFiltre 7) (Version:  - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Naga (HKLM-x32\...\{ED4108A9-60FD-4F18-AF42-122219977773}) (Version: 3.03.01 - Razer USA Ltd.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
REAPER (x64) (HKLM\...\REAPER) (Version:  - )
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.36.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.36.0 - Renesas Electronics Corporation) Hidden
Rosetta Stone Version 3 (HKLM-x32\...\{99011A6E-5200-11DE-BDB8-7ACD56D89593}) (Version: 3.4.5.0 - Rosetta Stone Ltd.)
SecurityKISS Tunnel v0.3.0 (HKLM\...\SecurityKISS Tunnel_is1) (Version:  - )
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Smite (HKLM-x32\...\{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF017}) (Version: 1.0.2379.10 - Hi-Rez Studios)
SopCast 3.9.3 (HKLM-x32\...\SopCast) (Version: 3.9.3 - www.sopcast.com)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synthesia (HKLM-x32\...\Synthesia) (Version: 8.5 - Synthesia LLC)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Toontrack solo (HKLM-x32\...\{5866520C-8857-4986-833A-039F4584C3F7}) (Version: 1.3.2 - Toontrack)
Toontrack solo 64 bit (HKLM\...\{FA9D0D8C-FDD1-45C2-8291-079FBA72D2CB}) (Version: 1.3.2 - Toontrack)
TuxGuitar 1.2 (HKLM-x32\...\TuxGuitar_0) (Version:  - )
Type light 3.2.032 (HKLM-x32\...\{3CC31D3E-369B-4029-A83E-251BB58A144C}_is1) (Version: 032 - CR8 Software Solutions)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
Vegas Pro 12.0 (64-bit) (HKLM\...\{EE8C291E-ED91-11E2-AE11-F04DA23A5C58}) (Version: 12.0.670 - Sony)
VLC media player 2.0.7 (HKLM-x32\...\VLC media player) (Version: 2.0.7 - VideoLAN)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.1 - VMware, Inc)
VMware Workstation (Version: 10.0.1 - VMware, Inc.) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Remi\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-832462997-3305788660-3134978908-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Remi\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
18-01-2015 13:14:36 Point de contrôle planifié
21-01-2015 03:45:10 Windows Update
23-01-2015 23:06:54 avast! antivirus system restore point
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-01-22 13:07 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {08F4BE1B-E6D1-40FB-84A6-CFD98B7362DF} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {0F9830C5-CB4F-47A7-946A-78CBF631EBE2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {3B5F3632-BDE8-4B5D-AB2A-B5164B574680} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-20] (Google Inc.)
Task: {53DD34C5-A289-4446-8EEA-F898F35B2753} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6757FDE6-E745-4318-AC97-8631941A169F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {82D12C3F-9DE3-4F5D-A97B-6579D340A3DF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-23] (AVAST Software)
Task: {963C5AD8-1A27-427F-B2B9-209DBAD6F96B} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {A2A144B4-4E32-45EF-9E45-1A786EA1DC24} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {B375CB42-E4D1-440F-A7DA-F071C85756A6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {EB2C34EC-D6E3-43A4-A61D-7B519C8EDCFE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {FD370DEF-B694-4A83-A42D-8E88109415BB} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-05-12 10:49 - 2014-05-12 10:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2013-03-28 21:31 - 2013-03-28 21:31 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2012-09-23 12:53 - 2012-09-23 12:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-12-22 17:11 - 2013-12-22 17:11 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-01-12 00:42 - 2014-12-14 17:17 - 04195840 _____ () C:\Users\Remi\Downloads\ro\RO\ggRO.exe
2013-08-02 21:04 - 2010-12-09 10:03 - 22573056 _____ () C:\Program Files (x86)\Guitar Pro 6\GuitarPro.exe
2014-12-18 15:49 - 2009-11-01 18:36 - 26979840 _____ () C:\Program Files (x86)\TuxGuitar-Jet\tuxguitar.exe
2015-01-23 23:12 - 2015-01-23 23:12 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012301\algo.dll
2015-01-24 11:59 - 2015-01-24 11:59 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012400\algo.dll
2015-01-24 20:05 - 2015-01-24 20:05 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012401\algo.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 18:03 - 2014-01-03 18:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2015-01-23 23:11 - 2015-01-23 23:11 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-24 12:01 - 2015-01-24 12:01 - 00043008 _____ () c:\users\remi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdc6ea7.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-22 01:22 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\Remi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2015-01-24 12:00 - 2015-01-24 12:00 - 00098816 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32api.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00110080 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\pywintypes27.dll
2015-01-24 12:00 - 2015-01-24 12:00 - 00364544 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\pythoncom27.dll
2015-01-24 12:00 - 2015-01-24 12:00 - 00045568 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\_socket.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 01160704 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\_ssl.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00320512 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32com.shell.shell.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00713216 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\_hashlib.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 01175040 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._core_.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00805888 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._gdi_.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00811008 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._windows_.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 01062400 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._controls_.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00735232 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._misc_.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00128512 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\_elementtree.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00127488 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\pyexpat.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00557056 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\pysqlite2._sqlite.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00087552 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\_ctypes.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00119808 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32file.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00108544 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32security.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00007168 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\hashobjs_ext.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00167936 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32gui.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00018432 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32event.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00038912 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32inet.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00011264 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32crypt.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00070656 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._html2.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00027136 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\_multiprocessing.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00035840 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32process.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00686080 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\unicodedata.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00122368 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._wizard.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00024064 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32pipe.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00025600 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32pdh.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00525640 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\windows._lib_cacheinvalidation.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00010240 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\select.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00017408 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32profile.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00022528 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\win32ts.pyd
2015-01-24 12:00 - 2015-01-24 12:00 - 00078336 _____ () C:\Users\Remi\AppData\Local\Temp\_MEI27522\wx._animate.pyd
2013-10-18 11:46 - 2013-10-18 11:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2013-08-07 20:25 - 2013-08-07 20:25 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2015-01-23 23:45 - 2015-01-21 04:50 - 01117512 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libglesv2.dll
2015-01-23 23:45 - 2015-01-21 04:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\libegl.dll
2015-01-23 23:45 - 2015-01-21 04:50 - 09171272 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\pdf.dll
2015-01-23 23:45 - 2015-01-21 04:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.91\PepperFlash\pepflashplayer.dll
2015-01-12 00:42 - 2010-02-17 23:09 - 00010784 _____ () C:\Users\Remi\Downloads\ro\RO\DINPUT.dll
2015-01-12 00:06 - 2002-10-01 23:11 - 00358963 _____ () C:\Users\Remi\Downloads\ro\RO\binkw32.dll
2015-01-12 00:07 - 2001-03-31 11:41 - 00346624 _____ () C:\Users\Remi\Downloads\ro\RO\mss32.dll
2015-01-12 00:06 - 2002-04-25 10:51 - 00073728 _____ () C:\Users\Remi\Downloads\ro\RO\cps.dll
2015-01-12 00:07 - 2002-07-06 12:16 - 00125952 _____ () C:\Users\Remi\Downloads\ro\RO\Mp3dec.asi
2015-01-12 00:07 - 2002-07-06 12:16 - 00062976 _____ () C:\Users\Remi\Downloads\ro\RO\Mssfast.m3d
2013-08-02 21:04 - 2010-12-09 10:03 - 00131072 _____ () C:\Program Files (x86)\Guitar Pro 6\filesystem.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00008704 _____ () C:\Program Files (x86)\Guitar Pro 6\exception.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 02240512 _____ () C:\Program Files (x86)\Guitar Pro 6\QtCore4.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00823296 _____ () C:\Program Files (x86)\Guitar Pro 6\RSECore.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00073728 _____ () C:\Program Files (x86)\Guitar Pro 6\RSEAudioCore.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00025600 _____ () C:\Program Files (x86)\Guitar Pro 6\profiler.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00008704 _____ () C:\Program Files (x86)\Guitar Pro 6\timer.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00110592 _____ () C:\Program Files (x86)\Guitar Pro 6\register.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00061440 _____ () C:\Program Files (x86)\Guitar Pro 6\WavFile.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00053248 _____ () C:\Program Files (x86)\Guitar Pro 6\xml.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00967168 _____ () C:\Program Files (x86)\Guitar Pro 6\libxml2.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00073728 _____ () C:\Program Files (x86)\Guitar Pro 6\zlib1.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00045056 _____ () C:\Program Files (x86)\Guitar Pro 6\variant.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 02695168 _____ () C:\Program Files (x86)\Guitar Pro 6\GPCore.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00009216 _____ () C:\Program Files (x86)\Guitar Pro 6\chunk.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00053248 _____ () C:\Program Files (x86)\Guitar Pro 6\object.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 08314880 _____ () C:\Program Files (x86)\Guitar Pro 6\QtGui4.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00364544 _____ () C:\Program Files (x86)\Guitar Pro 6\QtXml4.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00077824 _____ () C:\Program Files (x86)\Guitar Pro 6\PickupModeling.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 01064960 _____ () C:\Program Files (x86)\Guitar Pro 6\OverLoud.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00294912 _____ () C:\Program Files (x86)\Guitar Pro 6\QtSvg4.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00638976 _____ () C:\Program Files (x86)\Guitar Pro 6\QtOpenGL4.dll
2013-08-02 21:04 - 2010-12-09 10:03 - 00712704 _____ () C:\Program Files (x86)\Guitar Pro 6\QtNetwork4.dll
2014-12-18 15:49 - 2008-06-11 00:50 - 00020480 _____ () C:\Program Files (x86)\TuxGuitar-Jet\rt\bin\jetvm\jvm.dll
2014-12-18 15:49 - 2008-06-11 00:50 - 00069632 _____ () C:\Program Files (x86)\TuxGuitar-Jet\rt\bin\java.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Remi^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: uTorrent => "C:\Users\Remi\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: vmware-tray.exe => "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
 
========================= Accounts: ==========================
 
Administrateur (S-1-5-21-832462997-3305788660-3134978908-500 - Administrator - Disabled)
Invité (S-1-5-21-832462997-3305788660-3134978908-501 - Limited - Disabled)
Remi (S-1-5-21-832462997-3305788660-3134978908-1000 - Administrator - Enabled) => C:\Users\Remi
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2015 00:01:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2015 11:59:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.
 
Error: (01/23/2015 01:10:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 01:09:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Échec de l’activation de la licence Windows. Erreur 0x80070005.
 
Error: (01/23/2015 02:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/23/2015 01:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/23/2015 00:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 11:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 10:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
Error: (01/22/2015 09:45:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: Le planificateur d’activation des licences (sppuinotify.dll) a échoué avec le code d’erreur suivant :
0x80070005
 
 
System errors:
=============
Error: (01/24/2015 00:00:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la connexion du service Hi-Rez Studios Authenticate and Update Service.
 
Error: (01/24/2015 11:58:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: L’arrêt système précédant à 02:12:58 le ‎24/‎01/‎2015 n’était pas prévu.
 
Error: (01/24/2015 02:27:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:26:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:25:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:24:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:23:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:22:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:21:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
Error: (01/24/2015 02:20:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Le dépassement de délai (30000 millisecondes) a été atteint lors de l’attente de la réponse transactionnelle du service eventlog.
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2015 00:01:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/24/2015 11:59:24 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/23/2015 01:10:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (01/23/2015 01:09:18 PM) (Source: Winlogon) (EventID: 4103) (User: )
Description: 0x800700050x00000000
 
Error: (01/23/2015 02:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/23/2015 01:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/23/2015 00:45:20 AM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 11:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 10:45:20 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
Error: (01/22/2015 09:45:19 PM) (Source: Software Protection Platform Service) (EventID: 8193) (User: )
Description: 0x80070005
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II X4 955 Processor
Percentage of memory in use: 42%
Total physical RAM: 12285.55 MB
Available physical RAM: 7037.42 MB
Total Pagefile: 24569.29 MB
Available Pagefile: 19055.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.41 GB) (Free:197.63 GB) NTFS
Drive e: (Rosetta Stone V3 - German|Duits ) (CDROM) (Total:0.39 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 24D6599C)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 24 January 2015 - 03:40 PM

Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 fengil

fengil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 24 January 2015 - 07:56 PM

Here is the ESET log:

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=804200a82541914e94ef93dd9b4c3011
# engine=22130
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-01-25 12:48:46
# local_time=2015-01-25 01:48:46 (+0100, Paris, Madrid)
# country="France"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 49803 6776137 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 25851 173776776 0 0
# scanned=604340
# found=23
# cleaned=0
# scan_time=13662
sh=7A1BB5C7C8C83C1C53B9958E51B0FDE0AE8D342F ft=1 fh=315aaf5a9d74d65c vn="a variant of Win32/ELEX.BF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Local\Temp\Desk365\eInstall\eInstall.exe.vir"
sh=8551A28BB06FC03A841EF3B2A3CA4215570C687F ft=1 fh=345be1ceb6dfca44 vn="a variant of Win32/ELEX.BF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\337\337 Wallpaper\TrayDownloader.exe.vir"
sh=73FFB342D4EA5BF56D263C86D6851ADCD20AE77F ft=1 fh=f634f44630457a34 vn="a variant of Win32/ELEX.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\eIntaller\A87E7D04441F4633BA4B1D193AD969A0\Desk365.exe.vir"
sh=6E58AF619D13A6BCCB7A0B475115452AEAFF6FB1 ft=1 fh=2dbdc7e59531f5e8 vn="a variant of Win32/ELEX.BF potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\Omiga Plus\wallpaper_components.exe.vir"
sh=60113F7D7128EC9E96346E4B0097F882E4C031EA ft=1 fh=1de718496d7df80b vn="Win32/HackTool.Crack.BT potentially unsafe application" ac=I fn="C:\Program Files (x86)\Assassins Creed IV Black Flag\uplay_r1.dll"
sh=7DE60A3AEAC96F7FA559D468D852FBDDA731391F ft=1 fh=3d20769bd48072ca vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnIC.dll"
sh=DBA4D7540C69C6492D48E688A00B51387685F8A6 ft=1 fh=fb092140bceb8039 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnStub.exe"
sh=140308EF85F243BA4D2AAC012B1017B47E52B89E ft=1 fh=ffd7fdcd47cd63f7 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\ApnToolbarInstaller.exe"
sh=44554E882D1DD6FBF71B6550B0687E3D9FD73711 ft=1 fh=b0638f029680e22d vn="a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe"
sh=24EACADAF8910146B00A3B6146FAD19E11BFF03B ft=1 fh=5e1dc8d93e2d8e01 vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-egypt.exe"
sh=34D77A23AA7C7648948E4BFAB31F33F517A785DC ft=1 fh=11cdaad78b073df2 vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-japan.exe"
sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe"
sh=76BB37125D7E20988A2756592852B5184B28D72D ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Users\Remi\Desktop\SopCast.zip"
sh=C8A5C273B16FB890EBD6DBBA9D38A8ECB35C5654 ft=1 fh=1efd904ef6c69915 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\Users\Remi\Desktop\Remi\IFC\cours\PDF_Sam_Installer.exe"
sh=A414D5E6AFB7C42CE450686ED32E1B6D7E826AD6 ft=1 fh=a1b74f5f53fb2210 vn="a variant of Win32/InstallCore.VM potentially unwanted application" ac=I fn="C:\Users\Remi\Desktop\yassin\AMC.exe"
sh=498DF1190D81F2F594A82BA1012F5C45DE595838 ft=1 fh=a541eb37bdecaf9f vn="Win32/InstallMonetizer.AQ potentially unwanted application" ac=I fn="C:\Users\Remi\Downloads\auslogics-disk-defrag_4-3-1-0_en_26672.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Remi\Downloads\ccsetup410.exe"
sh=8E4FCB8F52FD50930670DB0C3DE2ED31045A4ABC ft=1 fh=ec2d86deffd4159d vn="a variant of Win32/Hao123.A potentially unwanted application" ac=I fn="C:\Users\Remi\Downloads\FFSetup3.2.0.1.exe"
sh=C5B68C17A699E38506B793FDAE7406E5841FEE64 ft=1 fh=80aa2a0ac83ad06d vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\Users\Remi\Downloads\setup.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Remi\Downloads\Shockwave_Installer_Slim.exe"
sh=4FB7D89372A7B14C51AF70C49AB0F470029ED7C7 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application" ac=I fn="C:\Users\Remi\Downloads\TU-UP-UT-2014+SERIAL\disable_activation.cmd"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\System32\Adobe\Shockwave 12\gt.exe"
sh=B5B41E946960F17050C00A4891CFF46B08486A4D ft=1 fh=79895fd74f1827db vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Windows\SysWOW64\Adobe\Shockwave 12\gt.exe"


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 25 January 2015 - 01:49 PM

Hi,
ESET has not found any active malware, so we are done now. :)

 

If not yet done: Please change your online passwords.


Step 1

frst.pngfrstfix.png
Please download the attached fixlist txt.gif and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Attached File  fixlist.txt   1.44KB   5 downloads

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Java 7 Update 25 (64-bit)
Java 7 Update 71

 

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 fengil

fengil
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 25 January 2015 - 02:27 PM

Thanks a lot for your help,  i'll watch with attention the linked advices;

 

here is the final log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by Remi at 2015-01-25 20:18:41 Run:1
Running from C:\Users\Remi\Desktop
Loaded Profiles: Remi (Available profiles: Remi)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
ShellIconOverlayIdentifiers: [cwbNotSynchroOverlay] -> {d8d92f57-17f6-4696-a8c0-6b74beeae2a4} => C:\Program Files\Cloudwatt-box\cwbNotSynchroOverlay.dll No File
ShellIconOverlayIdentifiers: [cwbRoomIconOverlay] -> {ae160070-f8ff-41d8-b950-ad6a7de8b1a1} => C:\Program Files\Cloudwatt-box\cwbRoomOverlay.dll No File
ShellIconOverlayIdentifiers: [cwbSynchroOverlay] -> {49ec8ded-d8a3-49c9-b27d-781fcca3fa00} => C:\Program Files\Cloudwatt-box\cwbSynchroOverlay.dll No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.com/results.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-832462997-3305788660-3134978908-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.
SearchScopes: HKU\S-1-5-21-832462997-3305788660-3134978908-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://start.mysearchdial.
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
Task: {963C5AD8-1A27-427F-B2B9-209DBAD6F96B} - \Omiga Plus RunAsStdUser No Task File
Task: {FD370DEF-B694-4A83-A42D-8E88109415BB} - \Desk 365 RunAsStdUser No Task File 
EmptyTemp:
*****************
 
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\cwbNotSynchroOverlay" => Key deleted successfully.
"HKCR\CLSID\{d8d92f57-17f6-4696-a8c0-6b74beeae2a4}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\cwbRoomIconOverlay" => Key deleted successfully.
"HKCR\CLSID\{ae160070-f8ff-41d8-b950-ad6a7de8b1a1}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\cwbSynchroOverlay" => Key deleted successfully.
"HKCR\CLSID\{49ec8ded-d8a3-49c9-b27d-781fcca3fa00}" => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKU\S-1-5-21-832462997-3305788660-3134978908-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-832462997-3305788660-3134978908-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found. 
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{963C5AD8-1A27-427F-B2B9-209DBAD6F96B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{963C5AD8-1A27-427F-B2B9-209DBAD6F96B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Omiga Plus RunAsStdUser" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FD370DEF-B694-4A83-A42D-8E88109415BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FD370DEF-B694-4A83-A42D-8E88109415BB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser" => Key deleted successfully.
EmptyTemp: => Removed 8.5 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 20:19:48 ====


#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 25 January 2015 - 02:28 PM

Ok. Take care! :)
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:11:55 PM

Posted 25 January 2015 - 06:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users