| |
| |||||||
Log-Analyse und Auswertung: PSeMu3_setup.exe redirect virus im browserWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.03.2015, 01:41
| #1 |
 |  PSeMu3_setup.exe redirect virus im browser Hallo, Leider habe ich heute einen anfänger Fehler begangen und eine sehr dubiose *.exe datei ausgeführt. Nach der Installation, die sich leider nicht mehr beenden lies waren mehrere ungewollte Programme installiert, unter anderem searchbars und anderes zeug. Habe diese danach manuell deinstalliert. Im browser jedoch bleibt der Fehler das in random abständen per Klick Werbe Seiten aufgehen bzw. wollen das ich irgendwelche dubiosen downloads tätige. Habe hier im Forum auch schon Threads gefunden mit Leuten die das Selbe bzw Ähnliche Problem und daraufhin verschiedene maßnahemen eingeleitet....leider ohne erfolg Hier meine logs FRST Adition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Steffen at 2015-03-18 01:04:23
Running from C:\Users\Steffen\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B7908254-D208-7C46-8201-7EBC1BFF8D12}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Guacamelee Super Turbo Championship Edition (HKLM-x32\...\Guacamelee Super Turbo Championship Edition_is1) (Version: - )
H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\99a83d131490dc73) (Version: 1.0.0.11 - HOTSLogsUploader)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
InfiniteCrisis_683AC0898F33 (HKLM-x32\...\InfiniteCrisis_683AC0898F33) (Version: - Turbine, Inc)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lara Croft and the Temple of Osiris MULTi2 1.0 (HKLM-x32\...\Lara Croft and the Temple of Osiris MULTi2 1.0) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\GOGPACKRCT3_is1) (Version: 2.0.0.13 - GOG.com)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version: - Yacht Club Games)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{05423D30-D8E9-415D-9E73-98B9229B8933}) (Version: 6.1.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-03-2015 11:14:21 Windows Update
17-03-2015 13:51:58 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
17-03-2015 23:44:29 Installed 7-Zip 9.20 (x64 edition)
17-03-2015 23:46:24 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-17 16:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {013E7E85-1AE3-4665-91EC-A7F34738D5C5} - System32\Tasks\{AE2D2A6F-3B4F-4082-9D29-91875379AAF0} => I:\cs\hl.exe [2003-12-12] (Valve)
Task: {22C488CD-C1E0-4057-8E84-3FF18B567502} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6908E65A-AAED-4CAF-A98A-7C578370F074} - System32\Tasks\{3BB587CC-4B37-41D1-A57E-3369B91C13A0} => I:\rollercoaster tycoon\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe [2012-03-19] (Frontier Developments Ltd)
Task: {789E41DB-2AA7-4521-B14A-1ABF3D27E333} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {9ACDE60C-7617-46D0-A1AC-48FB6D1C4EF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2011-06-22 07:42 - 2011-06-22 07:42 - 00034304 _____ () C:\Windows\System32\ssp4ml6.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-04 14:19 - 2015-03-15 03:05 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
2014-02-28 14:33 - 2014-02-28 14:33 - 00148480 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\quazip.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00864768 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\platforms\qwindows.dll
2014-02-27 14:45 - 2014-02-27 14:45 - 00677376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\sqldrivers\qsqlite.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00092104 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2014-08-04 14:43 - 2014-08-04 14:43 - 00105416 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qgif.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00242688 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\qjpeg.dll
2014-08-04 14:45 - 2014-08-04 14:45 - 00477128 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2014-08-04 14:45 - 2014-08-04 14:45 - 00484808 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-02-27 14:46 - 2014-02-27 14:46 - 00123904 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\accessible\qtaccessiblewidgets.dll
2015-02-05 14:22 - 2015-02-05 14:22 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1305335866-915348114-1239377049-500 - Administrator - Disabled)
Gast (S-1-5-21-1305335866-915348114-1239377049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1305335866-915348114-1239377049-1002 - Limited - Enabled)
Steffen (S-1-5-21-1305335866-915348114-1239377049-1000 - Administrator - Enabled) => C:\Users\Steffen
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/18/2015 00:55:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (03/18/2015 00:06:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 11:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.
System Error:
Zugriff verweigert
.
Error: (03/17/2015 11:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.
System Error:
Zugriff verweigert
.
Error: (03/17/2015 11:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (03/17/2015 11:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.
System Error:
Zugriff verweigert
.
Error: (03/17/2015 11:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.
System Error:
Zugriff verweigert
.
Error: (03/17/2015 04:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 04:52:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: bzagnt.exe, Version: 1.1.0.30, Zeitstempel: 0x55057e01
Name des fehlerhaften Moduls: bzagnt.exe, Version: 1.1.0.30, Zeitstempel: 0x55057e01
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00023074
ID des fehlerhaften Prozesses: 0x61c
Startzeit der fehlerhaften Anwendung: 0xbzagnt.exe0
Pfad der fehlerhaften Anwendung: bzagnt.exe1
Pfad des fehlerhaften Moduls: bzagnt.exe2
Berichtskennung: bzagnt.exe3
Error: (03/17/2015 04:45:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
System errors:
=============
Error: (03/18/2015 00:39:08 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/18/2015 00:37:18 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (03/18/2015 00:35:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Bid Formula" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/18/2015 00:35:17 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Portal Ctrl" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/18/2015 00:04:29 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (03/18/2015 00:04:28 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Clone Font" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (03/18/2015 00:04:26 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.03.2015 um 00:03:46 unerwartet heruntergefahren.
Error: (03/17/2015 04:56:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Error: (03/17/2015 04:52:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "bobyzoom" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/17/2015 04:51:52 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (03/18/2015 00:55:23 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (03/18/2015 00:06:18 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 11:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.
System Error:
Zugriff verweigert
Error: (03/17/2015 11:46:24 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.
System Error:
Zugriff verweigert
Error: (03/17/2015 11:46:15 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"C:\Users\Steffen\Downloads\vcredist_arm.exe
Error: (03/17/2015 11:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgR119 service.
System Error:
Zugriff verweigert
Error: (03/17/2015 11:44:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary tammgF119 service.
System Error:
Zugriff verweigert
Error: (03/17/2015 04:53:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/17/2015 04:52:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: bzagnt.exe1.1.0.3055057e01bzagnt.exe1.1.0.3055057e01c00000050002307461c01d060ca48925c77C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exeC:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exea3a04f3c-ccbd-11e4-a0f1-f46d0465efd8
Error: (03/17/2015 04:45:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Steffen\Downloads\esetsmartinstaller_enu.exe
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 29%
Total physical RAM: 8159.13 MB
Available physical RAM: 5763.46 MB
Total Pagefile: 16316.44 MB
Available Pagefile: 13566.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:29.38 GB) NTFS
Drive i: (Datenplatte) (Fixed) (Total:931.51 GB) (Free:514.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B52F2D19)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FFF51D4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Steffen (administrator) on STEFFEN-PC on 18-03-2015 01:04:06 Running from C:\Users\Steffen\Downloads Loaded Profiles: Steffen (Available profiles: Steffen) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe () C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe () C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exe () C:\ProgramData\bobyzoom\1.1.0.30\bz64.exe (TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1305335866-915348114-1239377049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "tammgF119" service could not be unlocked. <===== ATTENTION Locked "tammgR119" service could not be unlocked. <===== ATTENTION R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 bobyzoom; C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [0 ] () <==== ATTENTION (zero size file/folder) R2 bzwdg; C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe [0 ] () <==== ATTENTION (zero size file/folder) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-17] (EasyAntiCheat Ltd) S2 hycetuje; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\jnsdBD5C.tmp [124416 2015-03-17] () [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; I:\origins\Origin\OriginClientService.exe [1910640 2015-03-12] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-15] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) S2 wojegejy; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsp1D2C.tmp [110080 2015-03-17] () [File not signed] S2 pyzuwuzu; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [26784 2015-03-17] () [File not signed] R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [26272 2015-03-17] () [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-18 01:04 - 2015-03-18 01:04 - 00008628 _____ () C:\Users\Steffen\Downloads\FRST.txt 2015-03-18 01:04 - 2015-03-18 01:04 - 00000000 ____D () C:\FRST 2015-03-18 01:03 - 2015-03-18 01:03 - 02095616 _____ (Farbar) C:\Users\Steffen\Downloads\FRST64.exe 2015-03-18 01:02 - 2015-03-18 01:02 - 00050477 _____ () C:\Users\Steffen\Downloads\Defogger.exe 2015-03-18 01:02 - 2015-03-18 01:02 - 00000476 _____ () C:\Users\Steffen\Downloads\defogger_disable.log 2015-03-18 01:02 - 2015-03-18 01:02 - 00000000 _____ () C:\Users\Steffen\defogger_reenable 2015-03-18 00:40 - 2015-03-18 00:40 - 00017014 _____ () C:\ComboFix.txt 2015-03-18 00:25 - 2015-03-18 00:25 - 00001095 _____ () C:\Users\Steffen\Desktop\Continue Live Installation.lnk 2015-03-17 23:46 - 2015-03-17 23:46 - 07194312 _____ (Microsoft Corporation) C:\Users\Steffen\Downloads\vcredist_x64(1).exe 2015-03-17 23:46 - 2015-03-17 23:46 - 01420840 _____ (Microsoft Corporation) C:\Users\Steffen\Downloads\vcredist_arm.exe 2015-03-17 23:44 - 2015-03-18 00:00 - 00000000 ____D () C:\Users\Steffen\Desktop\Neuer Ordner (2) 2015-03-17 23:44 - 2015-03-17 23:44 - 01376768 _____ () C:\Users\Steffen\Downloads\7z920-x64.msi 2015-03-17 23:43 - 2015-03-17 23:43 - 03702217 _____ () C:\Users\Steffen\Downloads\pcsx2-1.2.1-r5875-binaries.7z 2015-03-17 16:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-17 16:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-17 16:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-17 16:46 - 2015-03-18 00:40 - 00000000 ____D () C:\Qoobox 2015-03-17 16:46 - 2015-03-17 16:52 - 00000000 ____D () C:\Windows\erdnt 2015-03-17 16:45 - 2015-03-17 16:45 - 05615380 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe 2015-03-17 16:45 - 2015-03-17 16:45 - 05615380 _____ (Swearware) C:\Users\Steffen\Downloads\ComboFix(1).exe 2015-03-17 16:44 - 2015-03-17 16:44 - 05615380 _____ (Swearware) C:\Users\Steffen\Downloads\ComboFix.exe 2015-03-17 16:40 - 2015-03-17 16:40 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Downloads\tdsskiller(1).exe 2015-03-17 14:33 - 2015-03-17 14:34 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Steffen\Downloads\tdsskiller.exe 2015-03-17 14:30 - 2015-03-17 14:30 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-17 14:29 - 2015-03-17 14:29 - 02347384 _____ (ESET) C:\Users\Steffen\Downloads\esetsmartinstaller_enu.exe 2015-03-17 14:18 - 2015-03-18 00:04 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 14:18 - 2015-03-17 14:18 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-17 14:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 14:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 14:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 14:14 - 2015-03-17 14:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-17 14:13 - 2015-03-17 14:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Downloads\mbam-setup-2.0.4.1028.exe 2015-03-17 14:13 - 2015-03-17 14:13 - 02171392 _____ () C:\Users\Steffen\Downloads\AdwCleaner_4.112.exe 2015-03-17 13:51 - 2015-03-17 13:51 - 07195928 _____ (Microsoft Corporation) C:\Users\Steffen\Downloads\vcredist_x64.exe 2015-03-17 13:37 - 2015-03-17 13:40 - 09578282 _____ () C:\Users\Steffen\Downloads\rpcs3rec-b5a4e21-windows-x86-64.zip 2015-03-17 13:26 - 2015-03-17 13:26 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-17 13:21 - 2015-03-17 15:15 - 00000000 ____D () C:\Users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8 2015-03-17 13:19 - 2015-03-17 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-03-17 13:19 - 2015-03-17 13:37 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Opera Software 2015-03-17 13:19 - 2015-03-17 13:19 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Opera Software 2015-03-17 13:18 - 2015-03-17 22:51 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8 2015-03-17 13:18 - 2015-03-17 14:24 - 00000000 ____D () C:\ProgramData\{ffb5672b-ba73-088b-ffb5-5672bba79cae} 2015-03-17 13:16 - 2015-03-17 13:16 - 00026784 _____ () C:\Windows\system32\Drivers\tammgF119.sys 2015-03-17 13:16 - 2015-03-17 13:16 - 00026272 _____ () C:\Windows\system32\Drivers\tammgR119.sys 2015-03-17 13:16 - 2015-03-17 13:16 - 00000000 ____D () C:\ProgramData\bobyzoom 2015-03-15 03:00 - 2015-03-15 03:05 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-03-15 02:57 - 2015-03-15 03:00 - 00000000 ____D () C:\Users\Steffen\Documents\Battlefield 3 2015-03-15 02:57 - 2015-03-15 02:57 - 00000000 ____D () C:\ProgramData\EA Core 2015-03-13 00:11 - 2015-03-13 00:11 - 00000000 ____D () C:\Users\Steffen\Documents\SimCity 2015-03-10 20:08 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-10 20:08 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-10 20:08 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 20:08 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-10 20:08 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 20:08 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-10 20:08 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 20:08 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-10 20:08 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 20:08 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 20:08 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 20:08 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 20:08 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 20:08 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 20:08 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 20:08 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-10 20:08 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-10 20:08 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-10 20:08 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-10 20:08 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-10 20:08 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-10 20:08 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-10 20:08 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-10 20:08 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-10 20:08 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 20:08 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 20:08 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 20:08 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 20:07 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 20:07 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 20:07 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 20:07 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 20:07 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 20:07 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 20:07 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 20:07 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-10 20:07 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-10 20:07 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-10 20:07 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-10 20:07 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-10 20:07 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-10 20:07 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 20:07 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 20:07 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-10 20:07 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 20:07 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-10 20:07 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-10 20:07 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-10 20:07 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-10 20:07 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 20:07 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-10 20:07 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 20:07 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 20:07 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 20:07 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 20:07 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 20:07 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 20:07 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 20:07 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 20:07 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 20:07 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 20:07 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 20:07 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 20:07 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 20:07 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 20:07 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 20:07 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 20:07 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 20:07 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 20:07 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-10 20:07 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-10 20:07 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 20:07 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-10 20:07 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-10 20:07 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-10 20:07 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-10 20:07 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-10 20:07 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-10 20:07 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 20:07 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 20:07 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 20:07 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 20:07 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 20:07 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-10 20:07 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-10 20:07 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-10 20:07 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 20:07 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-10 20:07 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-10 20:07 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-10 20:07 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 20:07 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 20:07 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-10 20:07 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-10 20:07 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-10 20:07 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-10 20:07 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 20:07 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 20:07 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 20:07 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-10 20:07 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-10 20:07 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 20:07 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 20:07 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-10 20:04 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 20:04 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\Documents\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\.mono 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\ProgramData\.mono 2015-03-09 18:57 - 2015-03-09 18:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2015-03-09 18:56 - 2015-03-09 18:56 - 00831488 _____ () C:\Users\Steffen\Downloads\Detection(1).msi 2015-03-09 18:53 - 2015-03-09 18:53 - 00831488 _____ () C:\Users\Steffen\Downloads\Detection.msi 2015-03-09 18:15 - 2015-03-09 18:15 - 01569520 _____ (www.flyvpn.com) C:\Users\Steffen\Downloads\FlyClient_3.2.0.2.exe 2015-03-09 18:15 - 2015-03-09 18:15 - 00000000 ____D () C:\ProgramData\FlyVPN 2015-03-06 05:41 - 2015-03-06 05:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 05:04 - 2015-03-05 05:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XBCD 2015-03-05 05:03 - 2015-03-05 05:03 - 00000000 ____D () C:\Users\Steffen\Desktop\Neuer Ordner 2015-03-05 05:02 - 2015-03-03 13:31 - 00007674 _____ () C:\Users\Steffen\Desktop\x360ce.tmp 2015-03-05 05:02 - 2013-04-26 00:49 - 01253376 _____ (TocaEdit) C:\Users\Steffen\Desktop\x360ce.exe 2015-03-03 22:54 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 22:54 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 22:54 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 22:54 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-03 13:58 - 2015-03-03 14:01 - 00000000 ____D () C:\Users\Steffen\Documents\GuacameleeSTCE 2015-03-03 13:56 - 2015-03-03 13:56 - 00002389 _____ () C:\Users\Public\Desktop\Guacamelee Super Turbo Championship Edition.lnk 2015-03-03 13:56 - 2015-03-03 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrinkBox Studios 2015-03-03 13:56 - 2015-03-03 13:56 - 00000000 ____D () C:\Program Files (x86)\DrinkBox Studios 2015-03-03 13:24 - 2015-03-05 05:04 - 00007464 _____ () C:\Users\Steffen\Desktop\x360ce.ini 2015-03-03 13:24 - 2015-03-03 13:24 - 00099432 _____ (hxxp://x360ce.googlecode.com) C:\Users\Steffen\Desktop\xinput1_3.dll 2015-02-27 22:26 - 2015-02-27 22:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files\iTunes 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files\iPod 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-26 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-26 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 23:05 - 2015-02-20 23:05 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\OpenOffice 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-02-20 23:04 - 2015-02-20 23:04 - 00000000 ____D () C:\Users\Steffen\Desktop\OpenOffice 4.1.1 (de) Installation Files 2015-02-20 23:03 - 2015-02-20 23:04 - 164858324 _____ () C:\Users\Steffen\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_de.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-18 01:02 - 2014-11-21 13:09 - 00000000 ____D () C:\Users\Steffen 2015-03-18 00:44 - 2014-11-21 13:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\TS3Client 2015-03-18 00:40 - 2015-02-10 18:03 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Apps\2.0 2015-03-18 00:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-18 00:22 - 2014-11-21 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-18 00:11 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-18 00:11 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-18 00:10 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2015-03-18 00:10 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2015-03-18 00:10 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-18 00:07 - 2014-11-21 13:09 - 01317076 _____ () C:\Windows\WindowsUpdate.log 2015-03-18 00:04 - 2015-01-22 22:19 - 00007519 _____ () C:\Windows\setupact.log 2015-03-18 00:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-17 23:59 - 2014-11-21 13:34 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Battle.net 2015-03-17 23:46 - 2014-11-21 13:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-17 23:44 - 2014-11-26 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-03-17 22:05 - 2014-11-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-17 19:27 - 2015-02-04 12:39 - 00000000 ____D () C:\ProgramData\Origin 2015-03-17 16:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-03-17 16:51 - 2015-02-05 13:11 - 00014828 _____ () C:\Windows\PFRO.log 2015-03-17 15:15 - 2014-11-21 13:35 - 00000000 ____D () C:\Users\Steffen\Desktop\Win 7 Loader v2.2.1 by DAZ 2015-03-17 14:16 - 2014-12-17 13:05 - 00000000 ____D () C:\AdwCleaner 2015-03-17 14:16 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-17 13:23 - 2014-11-21 13:21 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-17 13:23 - 2014-11-21 13:21 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-17 13:23 - 2014-11-21 13:09 - 00000999 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-15 03:05 - 2015-02-04 14:19 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-15 03:05 - 2015-02-04 14:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-03-15 03:00 - 2015-02-04 14:50 - 00000000 ____D () C:\Users\Steffen\AppData\Local\PunkBuster 2015-03-15 03:00 - 2015-02-04 14:19 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-14 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-14 14:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-14 14:57 - 2015-01-29 20:43 - 00123123 _____ () C:\Windows\DirectX.log 2015-03-14 01:44 - 2015-02-04 12:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Origin 2015-03-12 23:27 - 2015-02-04 12:40 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Origin 2015-03-11 15:20 - 2009-07-14 05:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 05:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 05:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 03:02 - 2014-11-23 14:56 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 03:01 - 2014-11-23 14:56 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-09 15:46 - 2015-01-29 20:41 - 00000000 ____D () C:\Users\Steffen\Documents\888poker 2015-03-09 13:10 - 2014-11-21 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-04 04:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-02 01:16 - 2015-02-10 18:03 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Deployment 2015-02-27 22:26 - 2015-01-05 16:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-27 16:45 - 2015-01-09 11:45 - 00000072 _____ () C:\Users\Public\LMDebug.log 2015-02-27 13:14 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-27 02:07 - 2014-11-21 14:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2015-02-27 00:22 - 2014-11-21 13:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-21 13:27 - 2014-11-21 13:35 - 00064024 _____ () C:\Users\Steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-17 23:35 - 2014-12-23 23:21 - 00000000 ____D () C:\Users\Steffen\Documents\Heroes of the Storm ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 00:16 ==================== End Of Log ============================ |
|
18.03.2015, 01:47
| #2 |
| | PSeMu3_setup.exe redirect virus im browser GMER
__________________Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2015-03-18 01:13:48 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-9 OCZ-VERTEX460 rev.1.0 111,79GB Running: Gmer-19357.exe; Driver: C:\Users\Steffen\AppData\Local\Temp\kwdirfob.sys ---- User code sections - GMER 2.1 ---- .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe[1828] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe[1928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2000] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe[1140] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 0000000070b117fa 2 bytes CALL 775711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000070b11860 2 bytes CALL 775711a9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000070b11942 2 bytes JMP 771b7089 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 0000000070b1194d 2 bytes JMP 771bcba6 C:\Windows\syswow64\WS2_32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\Windows\SysWOW64\PnkBstrA.exe[2220] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[2768] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll ? C:\Windows\system32\mssprxy.dll [2768] entry point in ".rdata" section 00000000754e71e6 .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe[3692] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000076651401 2 bytes JMP 7759b21b C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000076651419 2 bytes JMP 7759b346 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000076651431 2 bytes JMP 77618ea9 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007665144a 2 bytes CALL 775748ad C:\Windows\syswow64\kernel32.dll .text ... * 9 .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000766514dd 2 bytes JMP 776187a2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000766514f5 2 bytes JMP 77618978 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007665150d 2 bytes JMP 77618698 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000076651525 2 bytes JMP 77618a62 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007665153d 2 bytes JMP 7758fca8 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000076651555 2 bytes JMP 775968ef C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007665156d 2 bytes JMP 77618f61 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000076651585 2 bytes JMP 77618ac2 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007665159d 2 bytes JMP 7761865c C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000766515b5 2 bytes JMP 7758fd41 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000766515cd 2 bytes JMP 7759b2dc C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000766516b2 2 bytes JMP 77618e24 C:\Windows\syswow64\kernel32.dll .text C:\Users\Steffen\Downloads\Gmer-19357.exe[2408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000766516bd 2 bytes JMP 776185f1 C:\Windows\syswow64\kernel32.dll ---- Threads - GMER 2.1 ---- Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [3760:2876] 000007fefbd52bf8 ---- Processes - GMER 2.1 ---- Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Windows\system32\Dwm.exe [1544](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [1640](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [1828] 0000000001020000 Library C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe [1928] 0000000000400000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [740](2015-03-1 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Program Files\iTunes\iTunesHelper.exe [1072](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml32.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1140](2015-03-15 12:41:26) 000000006f6e0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [2756](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml32.dll (*** suspicious ***) @ C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe [2768](2015-03-15 12:41:26) 000000006f6e0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2944](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe [3692] 00000000013e0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml32.dll (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bz32.exe [3692](2015-03-15 12:41:26 000000006f6e0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Program Files\CCleaner\CCleaner64.exe [3968](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exe (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exe [4092] 00000000010d0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzoomutil32.dll (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exe [4092](2015-03-15 0000000075130000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml32.dll (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exe [4092](2015-03-15 12:41: 000000006f6e0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bz64.exe (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bz64.exe [4116] 000000013fcf0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\ProgramData\bobyzoom\1.1.0.30\bz64.exe [4116](2015-03-15 12:40:26 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml64.dll (*** suspicious ***) @ C:\Windows\explorer.exe [5080](2015-03-15 12:40:26) 000007fee5dd0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml32.dll (*** suspicious ***) @ C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe [2388](2015-03-15 12:41:26) 000000006f6e0000 Library C:\ProgramData\bobyzoom\1.1.0.30\bobyzooml32.dll (*** suspicious ***) @ C:\Users\Steffen\Downloads\Gmer-19357.exe [2408](2015-03-15 12:41:26 000000006f6e0000 ---- Services - GMER 2.1 ---- Service C:\Windows\system32\Drivers\tammgF119.sys (*** hidden *** ) [SYSTEM] tammgF119 <-- ROOTKIT !!! Service C:\Windows\system32\Drivers\tammgR119.sys (*** hidden *** ) [SYSTEM] tammgR119 <-- ROOTKIT !!! ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgF119.sys@ Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tammgR119.sys@ Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgF119.sys@ Driver Reg HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tammgR119.sys@ Driver Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Type 2 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@ImagePath \??\C:\Windows\system32\Drivers\tammgF119.sys Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@DisplayName tammgF119 service Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@DependOnService FltMgr? Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances@DefaultInstance tammgF119 Instance Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance@Altitude 370034 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119\Instances\tammgF119 Instance@Flags 0 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgF119 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@Type 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@Start 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@ErrorControl 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@ImagePath \??\C:\Windows\system32\Drivers\tammgR119.sys Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@DisplayName tammgR119 service Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119@WOW64 1 Reg HKLM\SYSTEM\CurrentControlSet\services\tammgR119 Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\tammgF119.sys@ Driver Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\tammgR119.sys@ Driver Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\tammgF119.sys@ Driver Reg HKLM\SYSTEM\ControlSet002\Control\SafeBoot\Network\tammgR119.sys@ Driver Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@Type 2 Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@ImagePath \??\C:\Windows\system32\Drivers\tammgF119.sys Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@DisplayName tammgF119 service Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@Group FSFilter Activity Monitor Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@DependOnService FltMgr? Reg HKLM\SYSTEM\ControlSet002\services\tammgF119@WOW64 1 Reg HKLM\SYSTEM\ControlSet002\services\tammgF119\Instances (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\tammgF119\Instances@DefaultInstance tammgF119 Instance Reg HKLM\SYSTEM\ControlSet002\services\tammgF119\Instances\tammgF119 Instance (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\tammgF119\Instances\tammgF119 Instance@Altitude 370034 Reg HKLM\SYSTEM\ControlSet002\services\tammgF119\Instances\tammgF119 Instance@Flags 0 Reg HKLM\SYSTEM\ControlSet002\services\tammgR119@Type 1 Reg HKLM\SYSTEM\ControlSet002\services\tammgR119@Start 1 Reg HKLM\SYSTEM\ControlSet002\services\tammgR119@ErrorControl 1 Reg HKLM\SYSTEM\ControlSet002\services\tammgR119@ImagePath \??\C:\Windows\system32\Drivers\tammgR119.sys Reg HKLM\SYSTEM\ControlSet002\services\tammgR119@DisplayName tammgR119 service Reg HKLM\SYSTEM\ControlSet002\services\tammgR119@WOW64 1 ---- EOF - GMER 2.1 ---- |
|
18.03.2015, 02:00
| #3 |
| | PSeMu3_setup.exe redirect virus im browser Da die Logs so Groß waren hab ich sie einfach mal gepackt und angehängt, hoffe das ist kein all zu großes problem !
__________________Vielen dank im Vorraus schonmal gruß Steffen |
|
19.03.2015, 16:11
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PSeMu3_setup.exe redirect virus im browser Hi, Zitat:
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
19.03.2015, 16:28
| #5 |
| | PSeMu3_setup.exe redirect virus im browser Die Datei wurde von dieser Seite geladen und Ausgfeführt, Es hat sich dann ein relativ normale Installation mit prozent balken und blabla geöffnet. Ich habe Avira erst nach dem Befall Installiert hier das Log: Code:
ATTFilter 18.03.2015,03:18:21 [INFO] ---------------------------------------------------------
18.03.2015,03:18:21 [INFO] Engine-Version: 8.3.28.26
18.03.2015,03:18:21 [INFO] VDF-Version: 8.11.212.102
18.03.2015,03:18:21 [INFO] APC-Version: 2.7.1.3
18.03.2015,03:18:21 [INFO] RDF-Version: 14.0.4.54
18.03.2015,03:18:21 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,03:18:21 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
18.03.2015,03:18:21 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
18.03.2015,03:18:38 [INFO] Online-Dienste stehen zur Verfügung.
18.03.2015,03:18:39 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
18.03.2015,03:24:44 [INFO] Update-Auftrag gestartet!
18.03.2015,03:24:48 [INFO] ---------------------------------------------------------
18.03.2015,03:24:48 [INFO] Engine-Version: 8.3.30.2
18.03.2015,03:24:48 [INFO] VDF-Version: 8.11.218.34
18.03.2015,03:24:48 [INFO] APC-Version: 2.7.1.3
18.03.2015,03:24:48 [INFO] RDF-Version: 14.0.4.54
18.03.2015,03:24:48 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,03:33:42 [FUND] Enthält Muster der Software PUA/InstallCore.Gen7!
C:\Users\Steffen\AppData\Local\Temp\ICReinstall_nsnB552.tmp
18.03.2015,03:33:43 [FUND] Enthält Muster der Software PUA/InstallCore.Gen7!
C:\Users\Steffen\AppData\Local\Temp\nsnB552.tmp
18.03.2015,05:18:46 [INFO] Update-Auftrag gestartet!
18.03.2015,05:18:50 [INFO] ---------------------------------------------------------
18.03.2015,05:18:50 [INFO] Engine-Version: 8.3.30.2
18.03.2015,05:18:50 [INFO] VDF-Version: 8.11.218.34
18.03.2015,05:18:50 [INFO] APC-Version: 2.7.1.3
18.03.2015,05:18:50 [INFO] RDF-Version: 14.0.4.54
18.03.2015,05:18:50 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,07:19:00 [INFO] Update-Auftrag gestartet!
18.03.2015,07:19:04 [INFO] ---------------------------------------------------------
18.03.2015,07:19:04 [INFO] Engine-Version: 8.3.30.2
18.03.2015,07:19:04 [INFO] VDF-Version: 8.11.218.38
18.03.2015,07:19:04 [INFO] APC-Version: 2.7.1.3
18.03.2015,07:19:04 [INFO] RDF-Version: 14.0.4.54
18.03.2015,07:19:04 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,09:19:00 [INFO] Update-Auftrag gestartet!
18.03.2015,09:19:04 [INFO] ---------------------------------------------------------
18.03.2015,09:19:04 [INFO] Engine-Version: 8.3.30.2
18.03.2015,09:19:04 [INFO] VDF-Version: 8.11.218.46
18.03.2015,09:19:04 [INFO] APC-Version: 2.7.1.3
18.03.2015,09:19:04 [INFO] RDF-Version: 14.0.4.54
18.03.2015,09:19:04 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,11:19:00 [INFO] Update-Auftrag gestartet!
18.03.2015,11:19:03 [INFO] ---------------------------------------------------------
18.03.2015,11:19:03 [INFO] Engine-Version: 8.3.30.2
18.03.2015,11:19:03 [INFO] VDF-Version: 8.11.218.52
18.03.2015,11:19:03 [INFO] APC-Version: 2.7.1.3
18.03.2015,11:19:03 [INFO] RDF-Version: 14.0.4.54
18.03.2015,11:19:03 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,13:19:01 [INFO] Update-Auftrag gestartet!
18.03.2015,13:19:05 [INFO] ---------------------------------------------------------
18.03.2015,13:19:05 [INFO] Engine-Version: 8.3.30.2
18.03.2015,13:19:05 [INFO] VDF-Version: 8.11.218.66
18.03.2015,13:19:05 [INFO] APC-Version: 2.7.1.3
18.03.2015,13:19:05 [INFO] RDF-Version: 14.0.4.54
18.03.2015,13:19:05 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,15:18:45 [INFO] Update-Auftrag gestartet!
18.03.2015,15:18:49 [INFO] ---------------------------------------------------------
18.03.2015,15:18:49 [INFO] Engine-Version: 8.3.30.2
18.03.2015,15:18:49 [INFO] VDF-Version: 8.11.218.66
18.03.2015,15:18:49 [INFO] APC-Version: 2.7.1.3
18.03.2015,15:18:49 [INFO] RDF-Version: 14.0.4.54
18.03.2015,15:18:49 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,19:18:48 [INFO] Update-Auftrag gestartet!
18.03.2015,19:18:52 [INFO] ---------------------------------------------------------
18.03.2015,19:18:52 [INFO] Engine-Version: 8.3.30.2
18.03.2015,19:18:52 [INFO] VDF-Version: 8.11.218.66
18.03.2015,19:18:52 [INFO] APC-Version: 2.7.1.3
18.03.2015,19:18:52 [INFO] RDF-Version: 14.0.4.54
18.03.2015,19:18:52 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,21:19:03 [INFO] Update-Auftrag gestartet!
18.03.2015,21:19:07 [INFO] ---------------------------------------------------------
18.03.2015,21:19:07 [INFO] Engine-Version: 8.3.30.2
18.03.2015,21:19:07 [INFO] VDF-Version: 8.11.218.88
18.03.2015,21:19:07 [INFO] APC-Version: 2.7.1.3
18.03.2015,21:19:07 [INFO] RDF-Version: 14.0.4.54
18.03.2015,21:19:07 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
18.03.2015,23:19:06 [INFO] Update-Auftrag gestartet!
18.03.2015,23:19:11 [INFO] ---------------------------------------------------------
18.03.2015,23:19:11 [INFO] Engine-Version: 8.3.30.2
18.03.2015,23:19:11 [INFO] VDF-Version: 8.11.218.98
18.03.2015,23:19:11 [INFO] APC-Version: 2.7.1.3
18.03.2015,23:19:11 [INFO] RDF-Version: 14.0.4.54
18.03.2015,23:19:11 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
19.03.2015,01:19:06 [INFO] Update-Auftrag gestartet!
19.03.2015,01:19:10 [INFO] ---------------------------------------------------------
19.03.2015,01:19:10 [INFO] Engine-Version: 8.3.30.2
19.03.2015,01:19:10 [INFO] VDF-Version: 8.11.218.102
19.03.2015,01:19:10 [INFO] APC-Version: 2.7.1.3
19.03.2015,01:19:10 [INFO] RDF-Version: 14.0.4.54
19.03.2015,01:19:10 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
19.03.2015,02:51:45 [INFO] ---------------------------------------------------------
19.03.2015,02:51:45 [INFO] Engine-Version: 8.3.30.2
19.03.2015,02:51:45 [INFO] VDF-Version: 8.11.218.102
19.03.2015,02:51:45 [INFO] APC-Version: 2.7.1.3
19.03.2015,02:51:45 [INFO] RDF-Version: 14.0.4.54
19.03.2015,02:51:45 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
19.03.2015,02:51:45 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
19.03.2015,02:51:46 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
19.03.2015,02:52:17 [INFO] Online-Dienste stehen zur Verfügung.
19.03.2015,05:18:48 [INFO] Update-Auftrag gestartet!
19.03.2015,05:18:53 [INFO] ---------------------------------------------------------
19.03.2015,05:18:53 [INFO] Engine-Version: 8.3.30.2
19.03.2015,05:18:53 [INFO] VDF-Version: 8.11.218.102
19.03.2015,05:18:53 [INFO] APC-Version: 2.7.1.3
19.03.2015,05:18:53 [INFO] RDF-Version: 14.0.4.54
19.03.2015,05:18:53 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
19.03.2015,07:19:03 [INFO] Update-Auftrag gestartet!
19.03.2015,07:19:07 [INFO] ---------------------------------------------------------
19.03.2015,07:19:07 [INFO] Engine-Version: 8.3.30.2
19.03.2015,07:19:07 [INFO] VDF-Version: 8.11.218.106
19.03.2015,07:19:07 [INFO] APC-Version: 2.7.1.3
19.03.2015,07:19:07 [INFO] RDF-Version: 14.0.4.54
19.03.2015,07:19:07 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
19.03.2015,08:27:08 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
19.03.2015,16:00:16 [INFO] ---------------------------------------------------------
19.03.2015,16:00:16 [INFO] Engine-Version: 8.3.30.2
19.03.2015,16:00:16 [INFO] VDF-Version: 8.11.218.106
19.03.2015,16:00:16 [INFO] APC-Version: 2.7.1.3
19.03.2015,16:00:16 [INFO] RDF-Version: 14.0.4.54
19.03.2015,16:00:16 [INFO] Echtzeit-Scanner-Version: 15.00.08.650
19.03.2015,16:00:16 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
19.03.2015,16:00:17 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
19.03.2015,16:01:21 [INFO] Online-Dienste stehen zur Verfügung.
19.03.2015,16:05:45 [INFO] Der Avira Free Antivirus Dienst wurde beendet!
19.03.2015,16:05:57 [INFO] ---------------------------------------------------------
19.03.2015,16:05:57 [INFO] Engine-Version: 8.3.30.4
19.03.2015,16:05:57 [INFO] VDF-Version: 8.11.218.126
19.03.2015,16:05:57 [INFO] APC-Version: 2.7.1.3
19.03.2015,16:05:57 [INFO] RDF-Version: 14.0.4.54
19.03.2015,16:05:57 [INFO] Echtzeit-Scanner-Version: 15.00.08.652
19.03.2015,16:05:57 [INFO] Der Avira Free Antivirus Dienst wurde erfolgreich gestartet!
19.03.2015,16:05:57 [INFO] Verwendete Konfiguration der Echtzeit-Scanner:
- Geprüfte Dateien: Dateien von lokalen Laufwerken prüfen
- Geprüfte Dateien: Dateierweiterungsliste verwenden: .386 .?HT* .ACM .ADE .ADP .ANI .APK .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CPX .CRT .CSH .DEX .DLL .DLO .DO* .DRV .EMF .EML .EXE* .FAS .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .LSP .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDF .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT* .PPAM .PPS* .PPT* .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SIS .SLD? .SPL .SWF .SYS .TLB .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XAR .XL* .XML .XXX .ZIP
- Gerätemodus: Datei beim Öffnen durchsuchen, Datei nach Schließen durchsuchen
- Aktion: Benutzer fragen
- Archive durchsuchen: Deaktiviert
- Makrovirenheuristik: Aktiviert
- Win32 Dateiheuristik: Erkennungsstufe mittel
- Protokollierungsstufe: Standard
19.03.2015,16:05:57 [INFO] Online-Dienste stehen zur Verfügung.
Code:
ATTFilter 16:40:11.0952 0x1048 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
16:40:17.0954 0x1048 ============================================================
16:40:17.0954 0x1048 Current date / time: 2015/03/17 16:40:17.0954
16:40:17.0954 0x1048 SystemInfo:
16:40:17.0954 0x1048
16:40:17.0954 0x1048 OS Version: 6.1.7601 ServicePack: 1.0
16:40:17.0954 0x1048 Product type: Workstation
16:40:17.0955 0x1048 ComputerName: STEFFEN-PC
16:40:17.0955 0x1048 UserName: Steffen
16:40:17.0955 0x1048 Windows directory: C:\Windows
16:40:17.0955 0x1048 System windows directory: C:\Windows
16:40:17.0955 0x1048 Running under WOW64
16:40:17.0955 0x1048 Processor architecture: Intel x64
16:40:17.0955 0x1048 Number of processors: 4
16:40:17.0955 0x1048 Page size: 0x1000
16:40:17.0955 0x1048 Boot type: Normal boot
16:40:17.0955 0x1048 ============================================================
16:40:18.0142 0x1048 KLMD registered as C:\Windows\system32\drivers\55673633.sys
16:40:18.0246 0x1048 System UUID: {BBF9DE3B-3F22-3625-E30E-87FD529F2C5B}
16:40:26.0175 0x1048 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:26.0176 0x1048 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 ( 111.79 Gb ), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:40:26.0191 0x1048 ============================================================
16:40:26.0191 0x1048 \Device\Harddisk1\DR1:
16:40:26.0200 0x1048 MBR partitions:
16:40:26.0200 0x1048 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
16:40:26.0200 0x1048 \Device\Harddisk0\DR0:
16:40:26.0200 0x1048 MBR partitions:
16:40:26.0200 0x1048 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xDF93800
16:40:26.0200 0x1048 ============================================================
16:40:26.0201 0x1048 C: <-> \Device\Harddisk0\DR0\Partition1
16:40:26.0222 0x1048 I: <-> \Device\Harddisk1\DR1\Partition1
16:40:26.0222 0x1048 ============================================================
16:40:26.0222 0x1048 Initialize success
16:40:26.0222 0x1048 ============================================================
16:40:27.0940 0x1198 ============================================================
16:40:27.0940 0x1198 Scan started
16:40:27.0940 0x1198 Mode: Manual;
16:40:27.0940 0x1198 ============================================================
16:40:27.0940 0x1198 KSN ping started
16:40:41.0633 0x1198 KSN ping finished: true
16:40:42.0681 0x1198 ================ Scan system memory ========================
16:40:42.0681 0x1198 System memory - ok
16:40:42.0681 0x1198 ================ Scan services =============================
16:40:42.0721 0x1198 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:40:42.0726 0x1198 1394ohci - ok
16:40:42.0745 0x1198 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:40:42.0751 0x1198 ACPI - ok
16:40:42.0754 0x1198 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:40:42.0755 0x1198 AcpiPmi - ok
16:40:42.0786 0x1198 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:40:42.0790 0x1198 AdobeFlashPlayerUpdateSvc - ok
16:40:42.0802 0x1198 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:40:42.0811 0x1198 adp94xx - ok
16:40:42.0821 0x1198 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:40:42.0827 0x1198 adpahci - ok
16:40:42.0837 0x1198 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:40:42.0841 0x1198 adpu320 - ok
16:40:42.0846 0x1198 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:40:42.0847 0x1198 AeLookupSvc - ok
16:40:42.0859 0x1198 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:40:42.0868 0x1198 AFD - ok
16:40:42.0872 0x1198 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:40:42.0874 0x1198 agp440 - ok
16:40:42.0877 0x1198 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:40:42.0879 0x1198 ALG - ok
16:40:42.0882 0x1198 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:40:42.0883 0x1198 aliide - ok
16:40:42.0890 0x1198 [ 13AE8D986A8D61FBAFAF5CD3F8B3B89C, 2FE02A9E974EAC0D7E7E4E454A56EAA2CFE9B6E78CA97716F5BB725AAF5E5594 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:40:42.0894 0x1198 AMD External Events Utility - ok
16:40:42.0898 0x1198 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:40:42.0898 0x1198 amdide - ok
16:40:42.0902 0x1198 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:40:42.0904 0x1198 AmdK8 - ok
16:40:43.0135 0x1198 [ 1BF58E56CA271FEF678DC3A9996FAB0A, E4D93759E5D1022AF2A85DEDED79A1EAAE40403F671DE0307BB7F060813EE88D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:40:43.0351 0x1198 amdkmdag - ok
16:40:43.0374 0x1198 [ 4DD3339D3818356145A4945C1B4CB4C5, 46DA51ACC72CEFAA7F5C8B9626FC6BA916D139BBC1D6B0C7B7E24822D5B4A02F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:40:43.0386 0x1198 amdkmdap - ok
16:40:43.0390 0x1198 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:40:43.0392 0x1198 AmdPPM - ok
16:40:43.0396 0x1198 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:40:43.0399 0x1198 amdsata - ok
16:40:43.0405 0x1198 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:40:43.0409 0x1198 amdsbs - ok
16:40:43.0412 0x1198 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:40:43.0413 0x1198 amdxata - ok
16:40:43.0416 0x1198 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
16:40:43.0418 0x1198 AppID - ok
16:40:43.0421 0x1198 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:40:43.0422 0x1198 AppIDSvc - ok
16:40:43.0425 0x1198 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:40:43.0427 0x1198 Appinfo - ok
16:40:43.0432 0x1198 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:40:43.0434 0x1198 Apple Mobile Device Service - ok
16:40:43.0440 0x1198 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
16:40:43.0444 0x1198 AppMgmt - ok
16:40:43.0448 0x1198 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:40:43.0450 0x1198 arc - ok
16:40:43.0454 0x1198 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:40:43.0456 0x1198 arcsas - ok
16:40:43.0460 0x1198 [ 0AA7A996792FB0287B33A57A8093AE44, 41894F055F3CDA05794FC46E1F2C59979D1DAF7602F44E4ADF6347E199B8137C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:40:43.0463 0x1198 asmthub3 - ok
16:40:43.0473 0x1198 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC, FEFF8C37CD688F39C8E341F8BF7A712AA8C0F431B064E07C3EA66A96250D855B ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:40:43.0480 0x1198 asmtxhci - ok
16:40:43.0492 0x1198 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:40:43.0493 0x1198 aspnet_state - ok
16:40:43.0496 0x1198 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:40:43.0497 0x1198 AsyncMac - ok
16:40:43.0499 0x1198 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:40:43.0500 0x1198 atapi - ok
16:40:43.0505 0x1198 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:40:43.0507 0x1198 AtiHDAudioService - ok
16:40:43.0522 0x1198 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:40:43.0534 0x1198 AudioEndpointBuilder - ok
16:40:43.0548 0x1198 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:40:43.0557 0x1198 AudioSrv - ok
16:40:43.0562 0x1198 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:40:43.0565 0x1198 AxInstSV - ok
16:40:43.0576 0x1198 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:40:43.0584 0x1198 b06bdrv - ok
16:40:43.0592 0x1198 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:40:43.0597 0x1198 b57nd60a - ok
16:40:43.0602 0x1198 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
16:40:43.0605 0x1198 BDESVC - ok
16:40:43.0607 0x1198 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
16:40:43.0607 0x1198 Beep - ok
16:40:43.0623 0x1198 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
16:40:43.0636 0x1198 BFE - ok
16:40:43.0655 0x1198 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll
16:40:43.0673 0x1198 BITS - ok
16:40:43.0676 0x1198 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:40:43.0677 0x1198 blbdrive - ok
16:40:43.0693 0x1198 [ EBB85E15359737801C5A278A061ABF6A, EEF98EE199898A87A6B9062D489A6C4F65B6B1688BF73F4D16718B1B621281B9 ] bobyzoom C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe
16:40:43.0693 0x1198 Suspicious file ( Hidden ): C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe. md5: EBB85E15359737801C5A278A061ABF6A, sha256: EEF98EE199898A87A6B9062D489A6C4F65B6B1688BF73F4D16718B1B621281B9
16:40:43.0693 0x1198 bobyzoom - detected HiddenFile.Multi.Generic ( 1 )
16:40:46.0098 0x1198 Detect skipped due to KSN trusted
16:40:46.0098 0x1198 bobyzoom - ok
16:40:46.0110 0x1198 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:40:46.0118 0x1198 Bonjour Service - ok
16:40:46.0122 0x1198 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:40:46.0124 0x1198 bowser - ok
16:40:46.0127 0x1198 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:40:46.0128 0x1198 BrFiltLo - ok
16:40:46.0130 0x1198 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:40:46.0131 0x1198 BrFiltUp - ok
16:40:46.0136 0x1198 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
16:40:46.0139 0x1198 Browser - ok
16:40:46.0157 0x1198 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:40:46.0162 0x1198 Brserid - ok
16:40:46.0169 0x1198 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:40:46.0170 0x1198 BrSerWdm - ok
16:40:46.0185 0x1198 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:40:46.0186 0x1198 BrUsbMdm - ok
16:40:46.0202 0x1198 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:40:46.0203 0x1198 BrUsbSer - ok
16:40:46.0219 0x1198 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:40:46.0221 0x1198 BTHMODEM - ok
16:40:46.0226 0x1198 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
16:40:46.0228 0x1198 bthserv - ok
16:40:46.0239 0x1198 [ 2718FEFDDC3FCA848E11546DC3D65A9D, CD900F84D8220BEDB98EF436BFAF112DDF06F6A724A7FCB4B90C20B404FDE705 ] bzwdg C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe
16:40:46.0239 0x1198 Suspicious file ( Hidden ): C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe. md5: 2718FEFDDC3FCA848E11546DC3D65A9D, sha256: CD900F84D8220BEDB98EF436BFAF112DDF06F6A724A7FCB4B90C20B404FDE705
16:40:46.0239 0x1198 bzwdg - detected HiddenFile.Multi.Generic ( 1 )
16:40:48.0642 0x1198 Detect skipped due to KSN trusted
16:40:48.0642 0x1198 bzwdg - ok
16:40:48.0646 0x1198 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:40:48.0648 0x1198 cdfs - ok
16:40:48.0654 0x1198 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:40:48.0657 0x1198 cdrom - ok
16:40:48.0661 0x1198 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
16:40:48.0663 0x1198 CertPropSvc - ok
16:40:48.0667 0x1198 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
16:40:48.0668 0x1198 circlass - ok
16:40:48.0677 0x1198 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
16:40:48.0684 0x1198 CLFS - ok
16:40:48.0689 0x1198 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:40:48.0691 0x1198 clr_optimization_v2.0.50727_32 - ok
16:40:48.0697 0x1198 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:40:48.0699 0x1198 clr_optimization_v2.0.50727_64 - ok
16:40:48.0712 0x1198 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:40:48.0715 0x1198 clr_optimization_v4.0.30319_32 - ok
16:40:48.0720 0x1198 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:40:48.0723 0x1198 clr_optimization_v4.0.30319_64 - ok
16:40:48.0726 0x1198 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:40:48.0727 0x1198 CmBatt - ok
16:40:48.0730 0x1198 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:40:48.0730 0x1198 cmdide - ok
16:40:48.0741 0x1198 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys
16:40:48.0749 0x1198 CNG - ok
16:40:48.0752 0x1198 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:40:48.0753 0x1198 Compbatt - ok
16:40:48.0756 0x1198 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
16:40:48.0757 0x1198 CompositeBus - ok
16:40:48.0760 0x1198 COMSysApp - ok
16:40:48.0763 0x1198 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:40:48.0764 0x1198 crcdisk - ok
16:40:48.0771 0x1198 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:40:48.0775 0x1198 CryptSvc - ok
16:40:48.0787 0x1198 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
16:40:48.0796 0x1198 CSC - ok
16:40:48.0811 0x1198 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
16:40:48.0823 0x1198 CscService - ok
16:40:48.0836 0x1198 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:40:48.0846 0x1198 DcomLaunch - ok
16:40:48.0855 0x1198 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
16:40:48.0860 0x1198 defragsvc - ok
16:40:48.0864 0x1198 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:40:48.0866 0x1198 DfsC - ok
16:40:48.0874 0x1198 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:40:48.0880 0x1198 Dhcp - ok
16:40:48.0884 0x1198 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
16:40:48.0885 0x1198 discache - ok
16:40:48.0888 0x1198 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
16:40:48.0890 0x1198 Disk - ok
16:40:48.0894 0x1198 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
16:40:48.0895 0x1198 dmvsc - ok
16:40:48.0901 0x1198 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:40:48.0904 0x1198 Dnscache - ok
16:40:48.0912 0x1198 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
16:40:48.0917 0x1198 dot3svc - ok
16:40:48.0922 0x1198 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
16:40:48.0925 0x1198 DPS - ok
16:40:48.0928 0x1198 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:40:48.0928 0x1198 drmkaud - ok
16:40:48.0949 0x1198 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:40:48.0966 0x1198 DXGKrnl - ok
16:40:48.0971 0x1198 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
16:40:48.0973 0x1198 EapHost - ok
16:40:48.0976 0x1198 EasyAntiCheat - ok
16:40:49.0037 0x1198 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:40:49.0095 0x1198 ebdrv - ok
16:40:49.0101 0x1198 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe
16:40:49.0102 0x1198 EFS - ok
16:40:49.0120 0x1198 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:40:49.0132 0x1198 ehRecvr - ok
16:40:49.0137 0x1198 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
16:40:49.0140 0x1198 ehSched - ok
16:40:49.0153 0x1198 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:40:49.0163 0x1198 elxstor - ok
16:40:49.0166 0x1198 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:40:49.0167 0x1198 ErrDev - ok
16:40:49.0179 0x1198 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
16:40:49.0187 0x1198 EventSystem - ok
16:40:49.0193 0x1198 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
16:40:49.0197 0x1198 exfat - ok
16:40:49.0204 0x1198 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:40:49.0208 0x1198 fastfat - ok
16:40:49.0224 0x1198 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
16:40:49.0237 0x1198 Fax - ok
16:40:49.0241 0x1198 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
16:40:49.0242 0x1198 fdc - ok
16:40:49.0245 0x1198 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
16:40:49.0246 0x1198 fdPHost - ok
16:40:49.0249 0x1198 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
16:40:49.0250 0x1198 FDResPub - ok
16:40:49.0254 0x1198 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:40:49.0256 0x1198 FileInfo - ok
16:40:49.0259 0x1198 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:40:49.0260 0x1198 Filetrace - ok
16:40:49.0262 0x1198 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:40:49.0263 0x1198 flpydisk - ok
16:40:49.0271 0x1198 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:40:49.0277 0x1198 FltMgr - ok
16:40:49.0301 0x1198 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
16:40:49.0321 0x1198 FontCache - ok
16:40:49.0326 0x1198 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:40:49.0327 0x1198 FontCache3.0.0.0 - ok
16:40:49.0331 0x1198 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:40:49.0332 0x1198 FsDepends - ok
16:40:49.0336 0x1198 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:40:49.0337 0x1198 Fs_Rec - ok
16:40:49.0343 0x1198 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:40:49.0347 0x1198 fvevol - ok
16:40:49.0352 0x1198 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:40:49.0353 0x1198 gagp30kx - ok
16:40:49.0356 0x1198 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:40:49.0358 0x1198 GEARAspiWDM - ok
16:40:49.0375 0x1198 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
16:40:49.0392 0x1198 gpsvc - ok
16:40:49.0395 0x1198 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:40:49.0396 0x1198 hcw85cir - ok
16:40:49.0405 0x1198 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:40:49.0411 0x1198 HdAudAddService - ok
16:40:49.0416 0x1198 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:40:49.0418 0x1198 HDAudBus - ok
16:40:49.0421 0x1198 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:40:49.0422 0x1198 HidBatt - ok
16:40:49.0426 0x1198 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:40:49.0428 0x1198 HidBth - ok
16:40:49.0431 0x1198 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
16:40:49.0433 0x1198 HidIr - ok
16:40:49.0436 0x1198 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll
16:40:49.0437 0x1198 hidserv - ok
16:40:49.0440 0x1198 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:40:49.0441 0x1198 HidUsb - ok
16:40:49.0445 0x1198 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:40:49.0447 0x1198 hkmsvc - ok
16:40:49.0454 0x1198 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:40:49.0458 0x1198 HomeGroupListener - ok
16:40:49.0464 0x1198 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:40:49.0468 0x1198 HomeGroupProvider - ok
16:40:49.0472 0x1198 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:40:49.0474 0x1198 HpSAMD - ok
16:40:49.0490 0x1198 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:40:49.0503 0x1198 HTTP - ok
16:40:49.0507 0x1198 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:40:49.0508 0x1198 hwpolicy - ok
16:40:49.0516 0x1198 [ F696EF3C94B5C2B42C805EECC525E0F4, 731C4F99C2A8404018B0B229DB080F014E26D95EF80623C63C60B8808BACB78A ] hycetuje C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\jnsdBD5C.tmp
16:40:49.0519 0x1198 hycetuje - ok
16:40:49.0523 0x1198 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:40:49.0526 0x1198 i8042prt - ok
16:40:49.0536 0x1198 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:40:49.0544 0x1198 iaStorV - ok
16:40:49.0563 0x1198 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:40:49.0578 0x1198 idsvc - ok
16:40:49.0581 0x1198 IEEtwCollectorService - ok
16:40:49.0586 0x1198 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:40:49.0589 0x1198 iirsp - ok
16:40:49.0607 0x1198 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
16:40:49.0623 0x1198 IKEEXT - ok
16:40:49.0682 0x1198 [ EB5FA493A4B6EA290200AE39EBA2FBC6, 1C2797058A52D87D0F4412F40D372BABB7E4E4146F6DA5F4FFB7C6BA026A1FAC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
16:40:49.0732 0x1198 IntcAzAudAddService - ok
16:40:49.0737 0x1198 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
16:40:49.0738 0x1198 intelide - ok
16:40:49.0741 0x1198 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:40:49.0743 0x1198 intelppm - ok
16:40:49.0747 0x1198 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:40:49.0750 0x1198 IPBusEnum - ok
16:40:49.0753 0x1198 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:40:49.0755 0x1198 IpFilterDriver - ok
16:40:49.0769 0x1198 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:40:49.0779 0x1198 iphlpsvc - ok
16:40:49.0784 0x1198 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:40:49.0786 0x1198 IPMIDRV - ok
16:40:49.0790 0x1198 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:40:49.0792 0x1198 IPNAT - ok
16:40:49.0806 0x1198 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:40:49.0818 0x1198 iPod Service - ok
16:40:49.0821 0x1198 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:40:49.0821 0x1198 IRENUM - ok
16:40:49.0824 0x1198 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:40:49.0825 0x1198 isapnp - ok
16:40:49.0832 0x1198 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:40:49.0837 0x1198 iScsiPrt - ok
16:40:49.0841 0x1198 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:40:49.0842 0x1198 kbdclass - ok
16:40:49.0845 0x1198 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:40:49.0846 0x1198 kbdhid - ok
16:40:49.0849 0x1198 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe
16:40:49.0850 0x1198 KeyIso - ok
16:40:49.0854 0x1198 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:40:49.0856 0x1198 KSecDD - ok
16:40:49.0861 0x1198 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:40:49.0864 0x1198 KSecPkg - ok
16:40:49.0868 0x1198 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:40:49.0869 0x1198 ksthunk - ok
16:40:49.0878 0x1198 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
16:40:49.0885 0x1198 KtmRm - ok
16:40:49.0892 0x1198 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:40:49.0897 0x1198 LanmanServer - ok
16:40:49.0920 0x1198 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:40:49.0924 0x1198 LanmanWorkstation - ok
16:40:49.0928 0x1198 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:40:49.0930 0x1198 lltdio - ok
16:40:49.0938 0x1198 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:40:49.0944 0x1198 lltdsvc - ok
16:40:49.0951 0x1198 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:40:49.0953 0x1198 lmhosts - ok
16:40:49.0958 0x1198 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:40:49.0961 0x1198 LSI_FC - ok
16:40:49.0970 0x1198 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:40:49.0972 0x1198 LSI_SAS - ok
16:40:49.0975 0x1198 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:40:49.0977 0x1198 LSI_SAS2 - ok
16:40:49.0982 0x1198 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:40:49.0984 0x1198 LSI_SCSI - ok
16:40:49.0989 0x1198 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
16:40:49.0991 0x1198 luafv - ok
16:40:49.0995 0x1198 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:40:49.0996 0x1198 MBAMProtector - ok
16:40:50.0033 0x1198 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe
16:40:50.0065 0x1198 MBAMScheduler - ok
16:40:50.0086 0x1198 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe
16:40:50.0103 0x1198 MBAMService - ok
16:40:50.0108 0x1198 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys
16:40:50.0111 0x1198 MBAMSwissArmy - ok
16:40:50.0114 0x1198 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys
16:40:50.0116 0x1198 MBAMWebAccessControl - ok
16:40:50.0121 0x1198 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:40:50.0123 0x1198 Mcx2Svc - ok
16:40:50.0127 0x1198 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
16:40:50.0128 0x1198 megasas - ok
16:40:50.0135 0x1198 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:40:50.0141 0x1198 MegaSR - ok
16:40:50.0146 0x1198 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
16:40:50.0148 0x1198 MMCSS - ok
16:40:50.0152 0x1198 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
16:40:50.0153 0x1198 Modem - ok
16:40:50.0156 0x1198 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:40:50.0157 0x1198 monitor - ok
16:40:50.0160 0x1198 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:40:50.0162 0x1198 mouclass - ok
16:40:50.0165 0x1198 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:40:50.0166 0x1198 mouhid - ok
16:40:50.0170 0x1198 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:40:50.0172 0x1198 mountmgr - ok
16:40:50.0177 0x1198 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:40:50.0180 0x1198 MozillaMaintenance - ok
16:40:50.0185 0x1198 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
16:40:50.0188 0x1198 mpio - ok
16:40:50.0192 0x1198 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:40:50.0194 0x1198 mpsdrv - ok
16:40:50.0212 0x1198 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:40:50.0227 0x1198 MpsSvc - ok
16:40:50.0232 0x1198 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:40:50.0235 0x1198 MRxDAV - ok
16:40:50.0240 0x1198 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:40:50.0243 0x1198 mrxsmb - ok
16:40:50.0251 0x1198 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:40:50.0256 0x1198 mrxsmb10 - ok
16:40:50.0261 0x1198 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:40:50.0263 0x1198 mrxsmb20 - ok
16:40:50.0266 0x1198 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
16:40:50.0267 0x1198 msahci - ok
16:40:50.0272 0x1198 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:40:50.0275 0x1198 msdsm - ok
16:40:50.0280 0x1198 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
16:40:50.0283 0x1198 MSDTC - ok
16:40:50.0288 0x1198 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:40:50.0288 0x1198 Msfs - ok
16:40:50.0291 0x1198 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:40:50.0292 0x1198 mshidkmdf - ok
16:40:50.0294 0x1198 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:40:50.0295 0x1198 msisadrv - ok
16:40:50.0300 0x1198 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:40:50.0304 0x1198 MSiSCSI - ok
16:40:50.0306 0x1198 msiserver - ok
16:40:50.0308 0x1198 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:40:50.0309 0x1198 MSKSSRV - ok
16:40:50.0311 0x1198 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:40:50.0312 0x1198 MSPCLOCK - ok
16:40:50.0314 0x1198 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:40:50.0315 0x1198 MSPQM - ok
16:40:50.0324 0x1198 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:40:50.0330 0x1198 MsRPC - ok
16:40:50.0335 0x1198 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:40:50.0336 0x1198 mssmbios - ok
16:40:50.0338 0x1198 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:40:50.0339 0x1198 MSTEE - ok
16:40:50.0341 0x1198 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:40:50.0342 0x1198 MTConfig - ok
16:40:50.0345 0x1198 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
16:40:50.0347 0x1198 Mup - ok
16:40:50.0358 0x1198 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
16:40:50.0367 0x1198 napagent - ok
16:40:50.0375 0x1198 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:40:50.0381 0x1198 NativeWifiP - ok
16:40:50.0401 0x1198 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
16:40:50.0418 0x1198 NDIS - ok
16:40:50.0422 0x1198 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:40:50.0423 0x1198 NdisCap - ok
16:40:50.0426 0x1198 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:40:50.0427 0x1198 NdisTapi - ok
16:40:50.0430 0x1198 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:40:50.0431 0x1198 Ndisuio - ok
16:40:50.0437 0x1198 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:40:50.0440 0x1198 NdisWan - ok
16:40:50.0443 0x1198 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:40:50.0445 0x1198 NDProxy - ok
16:40:50.0448 0x1198 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:40:50.0449 0x1198 NetBIOS - ok
16:40:50.0457 0x1198 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:40:50.0462 0x1198 NetBT - ok
16:40:50.0465 0x1198 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe
16:40:50.0467 0x1198 Netlogon - ok
16:40:50.0476 0x1198 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
16:40:50.0483 0x1198 Netman - ok
16:40:50.0488 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:50.0491 0x1198 NetMsmqActivator - ok
16:40:50.0495 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:50.0497 0x1198 NetPipeActivator - ok
16:40:50.0509 0x1198 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
16:40:50.0517 0x1198 netprofm - ok
16:40:50.0521 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:50.0524 0x1198 NetTcpActivator - ok
16:40:50.0528 0x1198 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:40:50.0530 0x1198 NetTcpPortSharing - ok
16:40:50.0534 0x1198 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:40:50.0535 0x1198 nfrd960 - ok
16:40:50.0543 0x1198 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:40:50.0549 0x1198 NlaSvc - ok
16:40:50.0552 0x1198 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:40:50.0553 0x1198 Npfs - ok
16:40:50.0556 0x1198 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
16:40:50.0558 0x1198 nsi - ok
16:40:50.0560 0x1198 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:40:50.0561 0x1198 nsiproxy - ok
16:40:50.0595 0x1198 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:40:50.0624 0x1198 Ntfs - ok
16:40:50.0627 0x1198 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
16:40:50.0628 0x1198 Null - ok
16:40:50.0633 0x1198 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:40:50.0636 0x1198 nvraid - ok
16:40:50.0641 0x1198 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:40:50.0645 0x1198 nvstor - ok
16:40:50.0649 0x1198 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:40:50.0651 0x1198 nv_agp - ok
16:40:50.0655 0x1198 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:40:50.0657 0x1198 ohci1394 - ok
16:40:50.0773 0x1198 [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service I:\origins\Origin\OriginClientService.exe
16:40:50.0800 0x1198 Origin Client Service - ok
16:40:50.0810 0x1198 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:40:50.0817 0x1198 p2pimsvc - ok
16:40:50.0828 0x1198 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
16:40:50.0836 0x1198 p2psvc - ok
16:40:50.0841 0x1198 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys
16:40:50.0843 0x1198 Parport - ok
16:40:50.0847 0x1198 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:40:50.0849 0x1198 partmgr - ok
16:40:50.0855 0x1198 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:40:50.0859 0x1198 PcaSvc - ok
16:40:50.0865 0x1198 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
16:40:50.0869 0x1198 pci - ok
16:40:50.0872 0x1198 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
16:40:50.0873 0x1198 pciide - ok
16:40:50.0879 0x1198 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:40:50.0883 0x1198 pcmcia - ok
16:40:50.0887 0x1198 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
16:40:50.0888 0x1198 pcw - ok
16:40:50.0902 0x1198 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:40:50.0914 0x1198 PEAUTH - ok
16:40:50.0942 0x1198 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
16:40:50.0967 0x1198 PeerDistSvc - ok
16:40:50.0995 0x1198 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:40:50.0997 0x1198 PerfHost - ok
16:40:51.0028 0x1198 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
16:40:51.0053 0x1198 pla - ok
16:40:51.0064 0x1198 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:40:51.0072 0x1198 PlugPlay - ok
16:40:51.0075 0x1198 PnkBstrA - ok
16:40:51.0078 0x1198 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:40:51.0079 0x1198 PNRPAutoReg - ok
16:40:51.0088 0x1198 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:40:51.0093 0x1198 PNRPsvc - ok
16:40:51.0106 0x1198 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:40:51.0115 0x1198 PolicyAgent - ok
16:40:51.0122 0x1198 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll
16:40:51.0126 0x1198 Power - ok
16:40:51.0130 0x1198 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:40:51.0132 0x1198 PptpMiniport - ok
16:40:51.0135 0x1198 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
16:40:51.0137 0x1198 Processor - ok
16:40:51.0143 0x1198 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
16:40:51.0148 0x1198 ProfSvc - ok
16:40:51.0150 0x1198 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:40:51.0152 0x1198 ProtectedStorage - ok
16:40:51.0156 0x1198 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:40:51.0159 0x1198 Psched - ok
16:40:51.0160 0x1198 pyzuwuzu - ok
16:40:51.0193 0x1198 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:40:51.0219 0x1198 ql2300 - ok
16:40:51.0225 0x1198 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:40:51.0228 0x1198 ql40xx - ok
16:40:51.0235 0x1198 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
16:40:51.0240 0x1198 QWAVE - ok
16:40:51.0243 0x1198 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:40:51.0244 0x1198 QWAVEdrv - ok
16:40:51.0247 0x1198 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:40:51.0248 0x1198 RasAcd - ok
16:40:51.0251 0x1198 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:40:51.0252 0x1198 RasAgileVpn - ok
16:40:51.0256 0x1198 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
16:40:51.0259 0x1198 RasAuto - ok
16:40:51.0264 0x1198 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:40:51.0266 0x1198 Rasl2tp - ok
16:40:51.0275 0x1198 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
16:40:51.0282 0x1198 RasMan - ok
16:40:51.0286 0x1198 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:40:51.0288 0x1198 RasPppoe - ok
16:40:51.0292 0x1198 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:40:51.0294 0x1198 RasSstp - ok
16:40:51.0302 0x1198 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:40:51.0307 0x1198 rdbss - ok
16:40:51.0311 0x1198 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:40:51.0312 0x1198 rdpbus - ok
16:40:51.0314 0x1198 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:40:51.0315 0x1198 RDPCDD - ok
16:40:51.0321 0x1198 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
16:40:51.0324 0x1198 RDPDR - ok
16:40:51.0327 0x1198 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:40:51.0328 0x1198 RDPENCDD - ok
16:40:51.0331 0x1198 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:40:51.0332 0x1198 RDPREFMP - ok
16:40:51.0338 0x1198 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:40:51.0343 0x1198 RDPWD - ok
16:40:51.0349 0x1198 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:40:51.0353 0x1198 rdyboost - ok
16:40:51.0357 0x1198 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:40:51.0360 0x1198 RemoteAccess - ok
16:40:51.0365 0x1198 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:40:51.0369 0x1198 RemoteRegistry - ok
16:40:51.0373 0x1198 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:40:51.0375 0x1198 RpcEptMapper - ok
16:40:51.0377 0x1198 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
16:40:51.0378 0x1198 RpcLocator - ok
16:40:51.0390 0x1198 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
16:40:51.0398 0x1198 RpcSs - ok
16:40:51.0402 0x1198 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:40:51.0404 0x1198 rspndr - ok
16:40:51.0416 0x1198 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:40:51.0426 0x1198 RTL8167 - ok
16:40:51.0429 0x1198 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
16:40:51.0429 0x1198 s3cap - ok
16:40:51.0432 0x1198 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe
16:40:51.0433 0x1198 SamSs - ok
16:40:51.0437 0x1198 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:40:51.0439 0x1198 sbp2port - ok
16:40:51.0445 0x1198 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:40:51.0449 0x1198 SCardSvr - ok
16:40:51.0452 0x1198 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:40:51.0453 0x1198 scfilter - ok
16:40:51.0477 0x1198 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
16:40:51.0497 0x1198 Schedule - ok
16:40:51.0501 0x1198 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:40:51.0503 0x1198 SCPolicySvc - ok
16:40:51.0508 0x1198 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:40:51.0513 0x1198 SDRSVC - ok
16:40:51.0515 0x1198 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:40:51.0516 0x1198 secdrv - ok
16:40:51.0519 0x1198 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
16:40:51.0521 0x1198 seclogon - ok
16:40:51.0525 0x1198 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll
16:40:51.0527 0x1198 SENS - ok
16:40:51.0530 0x1198 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:40:51.0532 0x1198 SensrSvc - ok
16:40:51.0535 0x1198 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:40:51.0536 0x1198 Serenum - ok
16:40:51.0539 0x1198 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:40:51.0541 0x1198 Serial - ok
16:40:51.0544 0x1198 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:40:51.0545 0x1198 sermouse - ok
16:40:51.0552 0x1198 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
16:40:51.0556 0x1198 SessionEnv - ok
16:40:51.0558 0x1198 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:40:51.0559 0x1198 sffdisk - ok
16:40:51.0561 0x1198 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:40:51.0562 0x1198 sffp_mmc - ok
16:40:51.0565 0x1198 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:40:51.0565 0x1198 sffp_sd - ok
16:40:51.0568 0x1198 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:40:51.0569 0x1198 sfloppy - ok
16:40:51.0577 0x1198 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:40:51.0584 0x1198 SharedAccess - ok
16:40:51.0593 0x1198 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:40:51.0601 0x1198 ShellHWDetection - ok
16:40:51.0604 0x1198 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:40:51.0606 0x1198 SiSRaid2 - ok
16:40:51.0609 0x1198 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:40:51.0611 0x1198 SiSRaid4 - ok
16:40:51.0615 0x1198 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:40:51.0617 0x1198 Smb - ok
16:40:51.0622 0x1198 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:40:51.0623 0x1198 SNMPTRAP - ok
16:40:51.0626 0x1198 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
16:40:51.0627 0x1198 spldr - ok
16:40:51.0640 0x1198 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
16:40:51.0651 0x1198 Spooler - ok
16:40:51.0734 0x1198 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
16:40:51.0795 0x1198 sppsvc - ok
16:40:51.0801 0x1198 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:40:51.0803 0x1198 sppuinotify - ok
16:40:51.0815 0x1198 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:40:51.0823 0x1198 srv - ok
16:40:51.0833 0x1198 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:40:51.0841 0x1198 srv2 - ok
16:40:51.0847 0x1198 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:40:51.0851 0x1198 srvnet - ok
16:40:51.0857 0x1198 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:40:51.0861 0x1198 SSDPSRV - ok
16:40:51.0865 0x1198 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:40:51.0868 0x1198 SstpSvc - ok
16:40:51.0886 0x1198 [ 27DF6C9178333C3B72D8794368DF5DBC, 06A8EAEFA1A69C20666E84A833355B0CC52B07CFCAE8C7A64BB5C8388366322C ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
16:40:51.0901 0x1198 Steam Client Service - ok
16:40:51.0904 0x1198 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:40:51.0905 0x1198 stexstor - ok
16:40:51.0919 0x1198 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
16:40:51.0930 0x1198 stisvc - ok
16:40:51.0933 0x1198 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys
16:40:51.0935 0x1198 storflt - ok
16:40:51.0938 0x1198 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
16:40:51.0939 0x1198 StorSvc - ok
16:40:51.0942 0x1198 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
16:40:51.0943 0x1198 storvsc - ok
16:40:51.0945 0x1198 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:40:51.0946 0x1198 swenum - ok
16:40:51.0959 0x1198 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
16:40:51.0969 0x1198 swprv - ok
16:40:52.0005 0x1198 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
16:40:52.0037 0x1198 SysMain - ok
16:40:52.0042 0x1198 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:40:52.0045 0x1198 TabletInputService - ok
16:40:52.0046 0x1198 Suspicious service (NoAccess): tammgF119
16:40:52.0048 0x1198 [ D9C84F7A3EA53C6DFC3E2B206715F77C, A07FC919C57A729946A079855F75465D14E78BB769A920D77A407F2C915E361F ] tammgF119 C:\Windows\system32\Drivers\tammgF119.sys
16:40:52.0048 0x1198 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\tammgF119.sys. md5: D9C84F7A3EA53C6DFC3E2B206715F77C, sha256: A07FC919C57A729946A079855F75465D14E78BB769A920D77A407F2C915E361F
16:40:52.0086 0x1198 tammgF119 - detected LockedService.Multi.Generic ( 1 )
16:40:54.0504 0x1198 Detect skipped due to KSN trusted
16:40:54.0504 0x1198 tammgF119 - ok
16:40:54.0505 0x1198 Suspicious service (NoAccess): tammgR119
16:40:54.0508 0x1198 [ CFABCF2BF681CAD94B6D2EBBC17A41AA, 71C8B8B00BBD925E110C4AC8CBD02BA468E001C954A04C62B566C8CE5BBDB261 ] tammgR119 C:\Windows\system32\Drivers\tammgR119.sys
16:40:54.0508 0x1198 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\tammgR119.sys. md5: CFABCF2BF681CAD94B6D2EBBC17A41AA, sha256: 71C8B8B00BBD925E110C4AC8CBD02BA468E001C954A04C62B566C8CE5BBDB261
16:40:54.0514 0x1198 tammgR119 - detected LockedService.Multi.Generic ( 1 )
16:40:56.0923 0x1198 Detect skipped due to KSN trusted
16:40:56.0923 0x1198 tammgR119 - ok
16:40:56.0932 0x1198 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
16:40:56.0939 0x1198 TapiSrv - ok
16:40:56.0943 0x1198 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
16:40:56.0945 0x1198 TBS - ok
16:40:56.0984 0x1198 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:40:57.0017 0x1198 Tcpip - ok
16:40:57.0055 0x1198 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:40:57.0080 0x1198 TCPIP6 - ok
16:40:57.0086 0x1198 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:40:57.0087 0x1198 tcpipreg - ok
16:40:57.0091 0x1198 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:40:57.0092 0x1198 TDPIPE - ok
16:40:57.0095 0x1198 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:40:57.0096 0x1198 TDTCP - ok
16:40:57.0100 0x1198 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:40:57.0103 0x1198 tdx - ok
16:40:57.0107 0x1198 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:40:57.0109 0x1198 TermDD - ok
16:40:57.0124 0x1198 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
16:40:57.0137 0x1198 TermService - ok
16:40:57.0141 0x1198 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
16:40:57.0143 0x1198 Themes - ok
16:40:57.0147 0x1198 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
16:40:57.0148 0x1198 THREADORDER - ok
16:40:57.0153 0x1198 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
16:40:57.0156 0x1198 TrkWks - ok
16:40:57.0162 0x1198 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:40:57.0167 0x1198 TrustedInstaller - ok
16:40:57.0171 0x1198 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:40:57.0172 0x1198 tssecsrv - ok
16:40:57.0176 0x1198 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:40:57.0177 0x1198 TsUsbFlt - ok
16:40:57.0180 0x1198 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:40:57.0181 0x1198 TsUsbGD - ok
16:40:57.0186 0x1198 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:40:57.0188 0x1198 tunnel - ok
16:40:57.0192 0x1198 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:40:57.0194 0x1198 uagp35 - ok
16:40:57.0203 0x1198 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:40:57.0209 0x1198 udfs - ok
16:40:57.0214 0x1198 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:40:57.0216 0x1198 UI0Detect - ok
16:40:57.0220 0x1198 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:40:57.0221 0x1198 uliagpkx - ok
16:40:57.0225 0x1198 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:40:57.0226 0x1198 umbus - ok
16:40:57.0229 0x1198 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys
16:40:57.0230 0x1198 UmPass - ok
16:40:57.0236 0x1198 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
16:40:57.0241 0x1198 UmRdpService - ok
16:40:57.0250 0x1198 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
16:40:57.0259 0x1198 upnphost - ok
16:40:57.0263 0x1198 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:40:57.0264 0x1198 USBAAPL64 - ok
16:40:57.0269 0x1198 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:40:57.0272 0x1198 usbaudio - ok
16:40:57.0276 0x1198 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:40:57.0279 0x1198 usbccgp - ok
16:40:57.0283 0x1198 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:40:57.0285 0x1198 usbcir - ok
16:40:57.0289 0x1198 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:40:57.0290 0x1198 usbehci - ok
16:40:57.0299 0x1198 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:40:57.0306 0x1198 usbhub - ok
16:40:57.0309 0x1198 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:40:57.0310 0x1198 usbohci - ok
16:40:57.0313 0x1198 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:40:57.0314 0x1198 usbprint - ok
16:40:57.0318 0x1198 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:40:57.0320 0x1198 USBSTOR - ok
16:40:57.0323 0x1198 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:40:57.0324 0x1198 usbuhci - ok
16:40:57.0327 0x1198 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
16:40:57.0329 0x1198 UxSms - ok
16:40:57.0332 0x1198 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe
16:40:57.0333 0x1198 VaultSvc - ok
16:40:57.0336 0x1198 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:40:57.0337 0x1198 vdrvroot - ok
16:40:57.0349 0x1198 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
16:40:57.0359 0x1198 vds - ok
16:40:57.0363 0x1198 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:40:57.0364 0x1198 vga - ok
16:40:57.0367 0x1198 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:40:57.0368 0x1198 VgaSave - ok
16:40:57.0374 0x1198 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:40:57.0378 0x1198 vhdmp - ok
16:40:57.0381 0x1198 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
16:40:57.0382 0x1198 viaide - ok
16:40:57.0388 0x1198 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys
16:40:57.0392 0x1198 vmbus - ok
16:40:57.0395 0x1198 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
16:40:57.0396 0x1198 VMBusHID - ok
16:40:57.0399 0x1198 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:40:57.0401 0x1198 volmgr - ok
16:40:57.0409 0x1198 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:40:57.0416 0x1198 volmgrx - ok
16:40:57.0425 0x1198 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:40:57.0430 0x1198 volsnap - ok
16:40:57.0436 0x1198 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:40:57.0439 0x1198 vsmraid - ok
16:40:57.0471 0x1198 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
16:40:57.0499 0x1198 VSS - ok
16:40:57.0503 0x1198 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
16:40:57.0504 0x1198 vwifibus - ok
16:40:57.0514 0x1198 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
16:40:57.0521 0x1198 W32Time - ok
16:40:57.0526 0x1198 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:40:57.0527 0x1198 WacomPen - ok
16:40:57.0531 0x1198 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:40:57.0533 0x1198 WANARP - ok
16:40:57.0536 0x1198 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:40:57.0538 0x1198 Wanarpv6 - ok
16:40:57.0568 0x1198 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
16:40:57.0595 0x1198 wbengine - ok
16:40:57.0605 0x1198 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:40:57.0610 0x1198 WbioSrvc - ok
16:40:57.0619 0x1198 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:40:57.0627 0x1198 wcncsvc - ok
16:40:57.0630 0x1198 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:40:57.0632 0x1198 WcsPlugInService - ok
16:40:57.0635 0x1198 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
16:40:57.0636 0x1198 Wd - ok
16:40:57.0653 0x1198 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:40:57.0667 0x1198 Wdf01000 - ok
16:40:57.0672 0x1198 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:40:57.0675 0x1198 WdiServiceHost - ok
16:40:57.0678 0x1198 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:40:57.0680 0x1198 WdiSystemHost - ok
16:40:57.0687 0x1198 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
16:40:57.0693 0x1198 WebClient - ok
16:40:57.0700 0x1198 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:40:57.0705 0x1198 Wecsvc - ok
16:40:57.0709 0x1198 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:40:57.0712 0x1198 wercplsupport - ok
16:40:57.0716 0x1198 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
16:40:57.0719 0x1198 WerSvc - ok
16:40:57.0721 0x1198 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:40:57.0722 0x1198 WfpLwf - ok
16:40:57.0726 0x1198 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:40:57.0727 0x1198 WIMMount - ok
16:40:57.0729 0x1198 WinDefend - ok
16:40:57.0734 0x1198 WinHttpAutoProxySvc - ok
16:40:57.0745 0x1198 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:40:57.0749 0x1198 Winmgmt - ok
16:40:57.0789 0x1198 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
16:40:57.0825 0x1198 WinRM - ok
16:40:57.0833 0x1198 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:40:57.0834 0x1198 WinUsb - ok
16:40:57.0854 0x1198 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:40:57.0870 0x1198 Wlansvc - ok
16:40:57.0873 0x1198 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:40:57.0874 0x1198 WmiAcpi - ok
16:40:57.0881 0x1198 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:40:57.0885 0x1198 wmiApSrv - ok
16:40:57.0887 0x1198 WMPNetworkSvc - ok
16:40:57.0893 0x1198 [ 4AB719DBDF86F658304B7403754923AB, A61A4B54C47304EB7F1AF837F65F8BA28AC0D2CE83772D5DE6254E8BE34C174D ] wojegejy C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsp1D2C.tmp
16:40:57.0894 0x1198 wojegejy - ok
16:40:57.0897 0x1198 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:40:57.0899 0x1198 WPCSvc - ok
16:40:57.0902 0x1198 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:40:57.0906 0x1198 WPDBusEnum - ok
16:40:57.0909 0x1198 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:40:57.0910 0x1198 ws2ifsl - ok
16:40:57.0914 0x1198 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll
16:40:57.0917 0x1198 wscsvc - ok
16:40:57.0919 0x1198 WSearch - ok
16:40:57.0968 0x1198 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
16:40:58.0012 0x1198 wuauserv - ok
16:40:58.0018 0x1198 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:40:58.0020 0x1198 WudfPf - ok
16:40:58.0026 0x1198 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:40:58.0030 0x1198 WUDFRd - ok
16:40:58.0034 0x1198 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:40:58.0037 0x1198 wudfsvc - ok
16:40:58.0044 0x1198 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
16:40:58.0050 0x1198 WwanSvc - ok
16:40:58.0053 0x1198 ================ Scan global ===============================
16:40:58.0057 0x1198 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
16:40:58.0063 0x1198 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:40:58.0073 0x1198 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
16:40:58.0079 0x1198 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
16:40:58.0088 0x1198 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
16:40:58.0095 0x1198 [ Global ] - ok
16:40:58.0096 0x1198 ================ Scan MBR ==================================
16:40:58.0120 0x1198 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1
16:40:58.0485 0x1198 \Device\Harddisk1\DR1 - ok
16:40:58.0487 0x1198 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:40:58.0490 0x1198 \Device\Harddisk0\DR0 - ok
16:40:58.0491 0x1198 ================ Scan VBR ==================================
16:40:58.0492 0x1198 [ 7BF3AAE290697EACCDE11058F53ED1D9 ] \Device\Harddisk1\DR1\Partition1
16:40:58.0533 0x1198 \Device\Harddisk1\DR1\Partition1 - ok
16:40:58.0537 0x1198 [ 2A82618F40DEAF87B9A56E72DDECC4B2 ] \Device\Harddisk0\DR0\Partition1
16:40:58.0538 0x1198 \Device\Harddisk0\DR0\Partition1 - ok
16:40:58.0538 0x1198 ================ Scan generic autorun ======================
16:40:58.0759 0x1198 [ BCFF8CD24809941E28C73185FC58CA39, 353CA65A5EAFAF5DEC777C422A1B842DAF84ED66626AF314670E49402B6DE994 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
16:40:58.0963 0x1198 RTHDVCPL - ok
16:40:58.0976 0x1198 [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe
16:40:58.0979 0x1198 iTunesHelper - ok
16:40:59.0000 0x1198 [ 0210577A83C3E30C724E21EC3211ED95, 1433DE5B47B5EC1F99E6BCD6C8538D8BD1F17B175AB4FE2CE7D480D46AAF3822 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
16:40:59.0013 0x1198 StartCCC - ok
16:40:59.0014 0x1198 Update - ok
16:40:59.0039 0x1198 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:40:59.0059 0x1198 Sidebar - ok
16:40:59.0064 0x1198 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:40:59.0067 0x1198 mctadmin - ok
16:40:59.0090 0x1198 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
16:40:59.0106 0x1198 Sidebar - ok
16:40:59.0111 0x1198 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
16:40:59.0113 0x1198 mctadmin - ok
16:40:59.0122 0x1198 [ EDA861A35DC2AC5C7B2F697EC546C4BE, EC2C8FFBC044134B09D93D2B0ACCC4D00AC625E5A0480526BAC4C25CA15D5610 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
16:40:59.0127 0x1198 HydraVisionDesktopManager - ok
16:40:59.0276 0x1198 [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files\CCleaner\CCleaner64.exe
16:40:59.0399 0x1198 CCleaner Monitoring - ok
16:40:59.0404 0x1198 Waiting for KSN requests completion. In queue: 93
16:41:00.0404 0x1198 Waiting for KSN requests completion. In queue: 93
16:41:01.0404 0x1198 Waiting for KSN requests completion. In queue: 93
16:41:02.0455 0x1198 Win FW state via NFP2: enabled
16:41:04.0882 0x1198 ============================================================
16:41:04.0882 0x1198 Scan finished
16:41:04.0882 0x1198 ============================================================
16:41:04.0888 0x1378 Detected object count: 0
16:41:04.0888 0x1378 Actual detected object count: 0
16:41:12.0625 0x07c4 ============================================================
16:41:12.0625 0x07c4 Scan started
16:41:12.0625 0x07c4 Mode: Manual;
16:41:12.0625 0x07c4 ============================================================
16:41:12.0625 0x07c4 KSN ping started
16:41:14.0973 0x07c4 KSN ping finished: true
16:41:15.0887 0x07c4 ================ Scan system memory ========================
16:41:15.0887 0x07c4 System memory - ok
16:41:15.0887 0x07c4 ================ Scan services =============================
16:41:15.0928 0x07c4 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
16:41:15.0932 0x07c4 1394ohci - ok
16:41:15.0941 0x07c4 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:41:15.0946 0x07c4 ACPI - ok
16:41:15.0949 0x07c4 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:41:15.0949 0x07c4 AcpiPmi - ok
16:41:15.0981 0x07c4 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:41:15.0985 0x07c4 AdobeFlashPlayerUpdateSvc - ok
16:41:15.0997 0x07c4 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:41:16.0004 0x07c4 adp94xx - ok
16:41:16.0013 0x07c4 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:41:16.0018 0x07c4 adpahci - ok
16:41:16.0024 0x07c4 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:41:16.0027 0x07c4 adpu320 - ok
16:41:16.0032 0x07c4 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:41:16.0033 0x07c4 AeLookupSvc - ok
16:41:16.0046 0x07c4 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
16:41:16.0052 0x07c4 AFD - ok
16:41:16.0056 0x07c4 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
16:41:16.0058 0x07c4 agp440 - ok
16:41:16.0061 0x07c4 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
16:41:16.0062 0x07c4 ALG - ok
16:41:16.0065 0x07c4 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
16:41:16.0066 0x07c4 aliide - ok
16:41:16.0072 0x07c4 [ 13AE8D986A8D61FBAFAF5CD3F8B3B89C, 2FE02A9E974EAC0D7E7E4E454A56EAA2CFE9B6E78CA97716F5BB725AAF5E5594 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:41:16.0076 0x07c4 AMD External Events Utility - ok
16:41:16.0079 0x07c4 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
16:41:16.0079 0x07c4 amdide - ok
16:41:16.0082 0x07c4 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:41:16.0084 0x07c4 AmdK8 - ok
16:41:16.0314 0x07c4 [ 1BF58E56CA271FEF678DC3A9996FAB0A, E4D93759E5D1022AF2A85DEDED79A1EAAE40403F671DE0307BB7F060813EE88D ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:41:16.0485 0x07c4 amdkmdag - ok
16:41:16.0510 0x07c4 [ 4DD3339D3818356145A4945C1B4CB4C5, 46DA51ACC72CEFAA7F5C8B9626FC6BA916D139BBC1D6B0C7B7E24822D5B4A02F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:41:16.0519 0x07c4 amdkmdap - ok
16:41:16.0523 0x07c4 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
16:41:16.0524 0x07c4 AmdPPM - ok
16:41:16.0529 0x07c4 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:41:16.0531 0x07c4 amdsata - ok
16:41:16.0537 0x07c4 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:41:16.0540 0x07c4 amdsbs - ok
16:41:16.0543 0x07c4 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:41:16.0544 0x07c4 amdxata - ok
16:41:16.0548 0x07c4 [ 90C53BD47979FB8814F465A08B885102, 5EDFC1909FC1FF9133A534DFCC5408CF3A777AC41FB21FAD375436E3D86C02EC ] AppID C:\Windows\system32\drivers\appid.sys
16:41:16.0549 0x07c4 AppID - ok
16:41:16.0551 0x07c4 [ 72D4757510FDA69D729169C00AFC211E, FB9686D0D94EE7C19A3994C29E8331A6EC3020B2980B2CC75F72F3AB25512C15 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:41:16.0552 0x07c4 AppIDSvc - ok
16:41:16.0556 0x07c4 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
16:41:16.0557 0x07c4 Appinfo - ok
16:41:16.0563 0x07c4 [ 612CB66D93ED0F2F21BB109840C7D813, 75484123DA27B8942B13148FCF061C75A08A50386A095143736B593E9C772173 ] Apple Mobile Device Service C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:41:16.0564 0x07c4 Apple Mobile Device Service - ok
16:41:16.0570 0x07c4 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
16:41:16.0573 0x07c4 AppMgmt - ok
16:41:16.0578 0x07c4 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
16:41:16.0579 0x07c4 arc - ok
16:41:16.0583 0x07c4 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:41:16.0585 0x07c4 arcsas - ok
16:41:16.0590 0x07c4 [ 0AA7A996792FB0287B33A57A8093AE44, 41894F055F3CDA05794FC46E1F2C59979D1DAF7602F44E4ADF6347E199B8137C ] asmthub3 C:\Windows\system32\DRIVERS\asmthub3.sys
16:41:16.0592 0x07c4 asmthub3 - ok
16:41:16.0603 0x07c4 [ 125DC3ABF5BFCCFE82AD17D078E0B9EC, FEFF8C37CD688F39C8E341F8BF7A712AA8C0F431B064E07C3EA66A96250D855B ] asmtxhci C:\Windows\system32\DRIVERS\asmtxhci.sys
16:41:16.0609 0x07c4 asmtxhci - ok
16:41:16.0621 0x07c4 [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:41:16.0622 0x07c4 aspnet_state - ok
16:41:16.0626 0x07c4 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:41:16.0627 0x07c4 AsyncMac - ok
16:41:16.0630 0x07c4 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
16:41:16.0631 0x07c4 atapi - ok
16:41:16.0636 0x07c4 [ 37CB595C0AB20ECBFA5170D3185690DB, 23CA3DC63C35649021AAFF0721BA8A7DF546B5CD1530A35AAAC3E742A787A7D2 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:41:16.0637 0x07c4 AtiHDAudioService - ok
16:41:16.0653 0x07c4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:41:16.0662 0x07c4 AudioEndpointBuilder - ok
16:41:16.0677 0x07c4 [ 6968D02DC38757C3FBE7ED7C2F9670AA, C8B3115DDB32EFBE8C56C5AA78EEA05BBB77DF3F75CC2A04532EB32327E4735A ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:41:16.0687 0x07c4 AudioSrv - ok
16:41:16.0692 0x07c4 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:41:16.0694 0x07c4 AxInstSV - ok
16:41:16.0706 0x07c4 [ 3E5B191307609F7514148C6832BB0842,
|
|
19.03.2015, 16:30
| #6 |
| | PSeMu3_setup.exe redirect virus im browser TDDSKILLER2 Code:
ATTFilter DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 16:41:16.0712 0x07c4 b06bdrv - ok 16:41:16.0720 0x07c4 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:41:16.0724 0x07c4 b57nd60a - ok 16:41:16.0730 0x07c4 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll 16:41:16.0732 0x07c4 BDESVC - ok 16:41:16.0735 0x07c4 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys 16:41:16.0735 0x07c4 Beep - ok 16:41:16.0751 0x07c4 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll 16:41:16.0760 0x07c4 BFE - ok 16:41:16.0780 0x07c4 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\System32\qmgr.dll 16:41:16.0792 0x07c4 BITS - ok 16:41:16.0797 0x07c4 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:41:16.0798 0x07c4 blbdrive - ok 16:41:16.0814 0x07c4 [ EBB85E15359737801C5A278A061ABF6A, EEF98EE199898A87A6B9062D489A6C4F65B6B1688BF73F4D16718B1B621281B9 ] bobyzoom C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe 16:41:16.0814 0x07c4 Suspicious file ( Hidden ): C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe. md5: EBB85E15359737801C5A278A061ABF6A, sha256: EEF98EE199898A87A6B9062D489A6C4F65B6B1688BF73F4D16718B1B621281B9 16:41:16.0814 0x07c4 bobyzoom - detected HiddenFile.Multi.Generic ( 1 ) 16:41:16.0814 0x07c4 Detect skipped due to KSN trusted 16:41:16.0814 0x07c4 bobyzoom - ok 16:41:16.0826 0x07c4 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:41:16.0832 0x07c4 Bonjour Service - ok 16:41:16.0837 0x07c4 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:41:16.0838 0x07c4 bowser - ok 16:41:16.0842 0x07c4 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 16:41:16.0842 0x07c4 BrFiltLo - ok 16:41:16.0845 0x07c4 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 16:41:16.0845 0x07c4 BrFiltUp - ok 16:41:16.0850 0x07c4 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll 16:41:16.0852 0x07c4 Browser - ok 16:41:16.0860 0x07c4 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:41:16.0864 0x07c4 Brserid - ok 16:41:16.0869 0x07c4 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:41:16.0870 0x07c4 BrSerWdm - ok 16:41:16.0873 0x07c4 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:41:16.0873 0x07c4 BrUsbMdm - ok 16:41:16.0876 0x07c4 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:41:16.0877 0x07c4 BrUsbSer - ok 16:41:16.0880 0x07c4 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:41:16.0882 0x07c4 BTHMODEM - ok 16:41:16.0886 0x07c4 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll 16:41:16.0888 0x07c4 bthserv - ok 16:41:16.0896 0x07c4 [ 2718FEFDDC3FCA848E11546DC3D65A9D, CD900F84D8220BEDB98EF436BFAF112DDF06F6A724A7FCB4B90C20B404FDE705 ] bzwdg C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe 16:41:16.0896 0x07c4 Suspicious file ( Hidden ): C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe. md5: 2718FEFDDC3FCA848E11546DC3D65A9D, sha256: CD900F84D8220BEDB98EF436BFAF112DDF06F6A724A7FCB4B90C20B404FDE705 16:41:16.0896 0x07c4 bzwdg - detected HiddenFile.Multi.Generic ( 1 ) 16:41:16.0896 0x07c4 Detect skipped due to KSN trusted 16:41:16.0896 0x07c4 bzwdg - ok 16:41:16.0900 0x07c4 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:41:16.0902 0x07c4 cdfs - ok 16:41:16.0907 0x07c4 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:41:16.0909 0x07c4 cdrom - ok 16:41:16.0913 0x07c4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll 16:41:16.0915 0x07c4 CertPropSvc - ok 16:41:16.0918 0x07c4 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys 16:41:16.0919 0x07c4 circlass - ok 16:41:16.0928 0x07c4 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys 16:41:16.0934 0x07c4 CLFS - ok 16:41:16.0940 0x07c4 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:41:16.0941 0x07c4 clr_optimization_v2.0.50727_32 - ok 16:41:16.0947 0x07c4 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:41:16.0948 0x07c4 clr_optimization_v2.0.50727_64 - ok 16:41:16.0958 0x07c4 [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:41:16.0960 0x07c4 clr_optimization_v4.0.30319_32 - ok 16:41:16.0964 0x07c4 [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:41:16.0967 0x07c4 clr_optimization_v4.0.30319_64 - ok 16:41:16.0970 0x07c4 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 16:41:16.0970 0x07c4 CmBatt - ok 16:41:16.0973 0x07c4 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:41:16.0974 0x07c4 cmdide - ok 16:41:16.0986 0x07c4 [ 27667A788130A7F7A5858DE27572E6D7, 5501D80BCCB7A811ECCED3828DFD0A5D948BBED8504E9BCC4A3BFB840DD41CBC ] CNG C:\Windows\system32\Drivers\cng.sys 16:41:16.0992 0x07c4 CNG - ok 16:41:16.0996 0x07c4 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 16:41:16.0997 0x07c4 Compbatt - ok 16:41:17.0000 0x07c4 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:41:17.0000 0x07c4 CompositeBus - ok 16:41:17.0002 0x07c4 COMSysApp - ok 16:41:17.0006 0x07c4 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:41:17.0006 0x07c4 crcdisk - ok 16:41:17.0013 0x07c4 [ 1CD76A83B9E8E9A5A3519B39E28354D9, F9931743B99820FFBFB13136DFFD92F86802D543F9D8478648CDC554FB38899D ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:41:17.0016 0x07c4 CryptSvc - ok 16:41:17.0028 0x07c4 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys 16:41:17.0036 0x07c4 CSC - ok 16:41:17.0051 0x07c4 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll 16:41:17.0061 0x07c4 CscService - ok 16:41:17.0074 0x07c4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:41:17.0081 0x07c4 DcomLaunch - ok 16:41:17.0090 0x07c4 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll 16:41:17.0094 0x07c4 defragsvc - ok 16:41:17.0099 0x07c4 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:41:17.0100 0x07c4 DfsC - ok 16:41:17.0109 0x07c4 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:41:17.0114 0x07c4 Dhcp - ok 16:41:17.0118 0x07c4 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys 16:41:17.0119 0x07c4 discache - ok 16:41:17.0122 0x07c4 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys 16:41:17.0124 0x07c4 Disk - ok 16:41:17.0128 0x07c4 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 16:41:17.0130 0x07c4 dmvsc - ok 16:41:17.0135 0x07c4 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:41:17.0138 0x07c4 Dnscache - ok 16:41:17.0146 0x07c4 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll 16:41:17.0150 0x07c4 dot3svc - ok 16:41:17.0156 0x07c4 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll 16:41:17.0158 0x07c4 DPS - ok 16:41:17.0161 0x07c4 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:41:17.0161 0x07c4 drmkaud - ok 16:41:17.0183 0x07c4 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:41:17.0196 0x07c4 DXGKrnl - ok 16:41:17.0201 0x07c4 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll 16:41:17.0204 0x07c4 EapHost - ok 16:41:17.0206 0x07c4 EasyAntiCheat - ok 16:41:17.0268 0x07c4 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys 16:41:17.0313 0x07c4 ebdrv - ok 16:41:17.0318 0x07c4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] EFS C:\Windows\System32\lsass.exe 16:41:17.0319 0x07c4 EFS - ok 16:41:17.0336 0x07c4 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:41:17.0346 0x07c4 ehRecvr - ok 16:41:17.0350 0x07c4 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe 16:41:17.0352 0x07c4 ehSched - ok 16:41:17.0365 0x07c4 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:41:17.0373 0x07c4 elxstor - ok 16:41:17.0377 0x07c4 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:41:17.0377 0x07c4 ErrDev - ok 16:41:17.0389 0x07c4 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll 16:41:17.0396 0x07c4 EventSystem - ok 16:41:17.0402 0x07c4 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys 16:41:17.0405 0x07c4 exfat - ok 16:41:17.0411 0x07c4 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:41:17.0414 0x07c4 fastfat - ok 16:41:17.0431 0x07c4 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe 16:41:17.0440 0x07c4 Fax - ok 16:41:17.0443 0x07c4 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys 16:41:17.0444 0x07c4 fdc - ok 16:41:17.0447 0x07c4 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll 16:41:17.0447 0x07c4 fdPHost - ok 16:41:17.0450 0x07c4 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll 16:41:17.0451 0x07c4 FDResPub - ok 16:41:17.0455 0x07c4 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:41:17.0456 0x07c4 FileInfo - ok 16:41:17.0459 0x07c4 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:41:17.0460 0x07c4 Filetrace - ok 16:41:17.0462 0x07c4 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 16:41:17.0463 0x07c4 flpydisk - ok 16:41:17.0471 0x07c4 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:41:17.0475 0x07c4 FltMgr - ok 16:41:17.0499 0x07c4 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll 16:41:17.0515 0x07c4 FontCache - ok 16:41:17.0519 0x07c4 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:41:17.0520 0x07c4 FontCache3.0.0.0 - ok 16:41:17.0524 0x07c4 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:41:17.0525 0x07c4 FsDepends - ok 16:41:17.0528 0x07c4 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:41:17.0529 0x07c4 Fs_Rec - ok 16:41:17.0535 0x07c4 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:41:17.0539 0x07c4 fvevol - ok 16:41:17.0543 0x07c4 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:41:17.0544 0x07c4 gagp30kx - ok 16:41:17.0547 0x07c4 [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:41:17.0548 0x07c4 GEARAspiWDM - ok 16:41:17.0565 0x07c4 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll 16:41:17.0577 0x07c4 gpsvc - ok 16:41:17.0580 0x07c4 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:41:17.0581 0x07c4 hcw85cir - ok 16:41:17.0591 0x07c4 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:41:17.0596 0x07c4 HdAudAddService - ok 16:41:17.0600 0x07c4 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:41:17.0602 0x07c4 HDAudBus - ok 16:41:17.0606 0x07c4 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 16:41:17.0607 0x07c4 HidBatt - ok 16:41:17.0611 0x07c4 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:41:17.0612 0x07c4 HidBth - ok 16:41:17.0616 0x07c4 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys 16:41:17.0617 0x07c4 HidIr - ok 16:41:17.0620 0x07c4 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\system32\hidserv.dll 16:41:17.0621 0x07c4 hidserv - ok 16:41:17.0624 0x07c4 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:41:17.0625 0x07c4 HidUsb - ok 16:41:17.0629 0x07c4 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:41:17.0631 0x07c4 hkmsvc - ok 16:41:17.0638 0x07c4 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:41:17.0642 0x07c4 HomeGroupListener - ok 16:41:17.0648 0x07c4 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:41:17.0651 0x07c4 HomeGroupProvider - ok 16:41:17.0655 0x07c4 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:41:17.0656 0x07c4 HpSAMD - ok 16:41:17.0672 0x07c4 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:41:17.0682 0x07c4 HTTP - ok 16:41:17.0686 0x07c4 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:41:17.0686 0x07c4 hwpolicy - ok 16:41:17.0693 0x07c4 [ F696EF3C94B5C2B42C805EECC525E0F4, 731C4F99C2A8404018B0B229DB080F014E26D95EF80623C63C60B8808BACB78A ] hycetuje C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\jnsdBD5C.tmp 16:41:17.0695 0x07c4 hycetuje - ok 16:41:17.0699 0x07c4 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:41:17.0701 0x07c4 i8042prt - ok 16:41:17.0710 0x07c4 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:41:17.0716 0x07c4 iaStorV - ok 16:41:17.0736 0x07c4 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:41:17.0747 0x07c4 idsvc - ok 16:41:17.0750 0x07c4 IEEtwCollectorService - ok 16:41:17.0753 0x07c4 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:41:17.0754 0x07c4 iirsp - ok 16:41:17.0773 0x07c4 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll 16:41:17.0785 0x07c4 IKEEXT - ok 16:41:17.0844 0x07c4 [ EB5FA493A4B6EA290200AE39EBA2FBC6, 1C2797058A52D87D0F4412F40D372BABB7E4E4146F6DA5F4FFB7C6BA026A1FAC ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:41:17.0883 0x07c4 IntcAzAudAddService - ok 16:41:17.0888 0x07c4 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys 16:41:17.0889 0x07c4 intelide - ok 16:41:17.0893 0x07c4 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:41:17.0894 0x07c4 intelppm - ok 16:41:17.0899 0x07c4 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:41:17.0901 0x07c4 IPBusEnum - ok 16:41:17.0904 0x07c4 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:41:17.0906 0x07c4 IpFilterDriver - ok 16:41:17.0919 0x07c4 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:41:17.0928 0x07c4 iphlpsvc - ok 16:41:17.0932 0x07c4 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:41:17.0934 0x07c4 IPMIDRV - ok 16:41:17.0938 0x07c4 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:41:17.0940 0x07c4 IPNAT - ok 16:41:17.0954 0x07c4 [ A4857E8B1DEB9740FB5ADEDF05ED69E0, 24FC7A188D32B08CE4F10EEEF17F37C45DB5433158A7A97A07D43F6BEE58DFFC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:41:17.0963 0x07c4 iPod Service - ok 16:41:17.0967 0x07c4 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:41:17.0968 0x07c4 IRENUM - ok 16:41:17.0971 0x07c4 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:41:17.0971 0x07c4 isapnp - ok 16:41:17.0979 0x07c4 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:41:17.0983 0x07c4 iScsiPrt - ok 16:41:17.0987 0x07c4 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:41:17.0988 0x07c4 kbdclass - ok 16:41:17.0991 0x07c4 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:41:17.0992 0x07c4 kbdhid - ok 16:41:17.0995 0x07c4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] KeyIso C:\Windows\system32\lsass.exe 16:41:17.0996 0x07c4 KeyIso - ok 16:41:18.0000 0x07c4 [ 56ED3EE5FED6BF2FC1305CF872042868, 44F77AE3CD83284800FF106156ABCB63047327855E2535EE278289AF6F05579C ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:41:18.0002 0x07c4 KSecDD - ok 16:41:18.0007 0x07c4 [ 8BA90F480705D7153AD0060CCA62222A, B3E610DFAB382368114D026947084A72AFC4F5BF9C28317F411D4ED91E0B3192 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:41:18.0009 0x07c4 KSecPkg - ok 16:41:18.0012 0x07c4 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:41:18.0013 0x07c4 ksthunk - ok 16:41:18.0022 0x07c4 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll 16:41:18.0028 0x07c4 KtmRm - ok 16:41:18.0035 0x07c4 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\system32\srvsvc.dll 16:41:18.0039 0x07c4 LanmanServer - ok 16:41:18.0044 0x07c4 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:41:18.0047 0x07c4 LanmanWorkstation - ok 16:41:18.0051 0x07c4 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:41:18.0053 0x07c4 lltdio - ok 16:41:18.0061 0x07c4 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:41:18.0066 0x07c4 lltdsvc - ok 16:41:18.0069 0x07c4 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:41:18.0070 0x07c4 lmhosts - ok 16:41:18.0075 0x07c4 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:41:18.0077 0x07c4 LSI_FC - ok 16:41:18.0081 0x07c4 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:41:18.0083 0x07c4 LSI_SAS - ok 16:41:18.0087 0x07c4 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 16:41:18.0088 0x07c4 LSI_SAS2 - ok 16:41:18.0092 0x07c4 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:41:18.0094 0x07c4 LSI_SCSI - ok 16:41:18.0099 0x07c4 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys 16:41:18.0101 0x07c4 luafv - ok 16:41:18.0103 0x07c4 [ CA43F8904E24BBE49982E4C0B29E6579, 2E3E6D02980706061C478C1643F8838310DDAC573C8722AE7F3290CE36B02CB2 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 16:41:18.0104 0x07c4 MBAMProtector - ok 16:41:18.0142 0x07c4 [ 0BB29DE40C9D9529793DCDB59A43CF5B, 251001A407D32EF22F64915EEFFAAEC229073C4549BF7D9D1D4209B7D15B4681 ] MBAMScheduler C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe 16:41:18.0167 0x07c4 MBAMScheduler - ok 16:41:18.0190 0x07c4 [ 5F82D8188B370B0CF185D4AE2B9B4A0E, 549B53DD989A069E1C38347C4CEF5283DF9B428CE102799B06A20D3D8F23825F ] MBAMService C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe 16:41:18.0203 0x07c4 MBAMService - ok 16:41:18.0209 0x07c4 [ 26C43960C99EE861A5D0EDC4DCF3B1C3, 6238FB8E785652040CCE3E7044EA52066CE1BF173A1467474D64A3AB214B6BCD ] MBAMSwissArmy C:\Windows\system32\drivers\MBAMSwissArmy.sys 16:41:18.0211 0x07c4 MBAMSwissArmy - ok 16:41:18.0215 0x07c4 [ A646C2DDB8C46E9B20A326FAF566646C, F46E3BF392CB4EB53D323BC8CC41EFBB9C5D7C935FECF255F524EB18583A2A37 ] MBAMWebAccessControl C:\Windows\system32\drivers\mwac.sys 16:41:18.0216 0x07c4 MBAMWebAccessControl - ok 16:41:18.0219 0x07c4 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:41:18.0221 0x07c4 Mcx2Svc - ok 16:41:18.0224 0x07c4 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys 16:41:18.0225 0x07c4 megasas - ok 16:41:18.0233 0x07c4 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 16:41:18.0237 0x07c4 MegaSR - ok 16:41:18.0241 0x07c4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll 16:41:18.0243 0x07c4 MMCSS - ok 16:41:18.0246 0x07c4 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys 16:41:18.0247 0x07c4 Modem - ok 16:41:18.0249 0x07c4 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:41:18.0250 0x07c4 monitor - ok 16:41:18.0253 0x07c4 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:41:18.0254 0x07c4 mouclass - ok 16:41:18.0257 0x07c4 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:41:18.0258 0x07c4 mouhid - ok 16:41:18.0261 0x07c4 [ 87BCD1034CBF33537D4D4C251D39BA26, CB9DD235B62B79383F99873D75E26EEA5EE7914CA89E4B75992207F83420437F ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:41:18.0263 0x07c4 mountmgr - ok 16:41:18.0268 0x07c4 [ 81E8AF6407EC3F41908FE37F054353EA, 756C7656ED68AEAE4225E952ED1CED0717264D3378DB8DF0B2D70B6EBC67C62F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:41:18.0271 0x07c4 MozillaMaintenance - ok 16:41:18.0277 0x07c4 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys 16:41:18.0279 0x07c4 mpio - ok 16:41:18.0283 0x07c4 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:41:18.0284 0x07c4 mpsdrv - ok 16:41:18.0302 0x07c4 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:41:18.0314 0x07c4 MpsSvc - ok 16:41:18.0320 0x07c4 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:41:18.0322 0x07c4 MRxDAV - ok 16:41:18.0328 0x07c4 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:41:18.0330 0x07c4 mrxsmb - ok 16:41:18.0338 0x07c4 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:41:18.0342 0x07c4 mrxsmb10 - ok 16:41:18.0347 0x07c4 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:41:18.0349 0x07c4 mrxsmb20 - ok 16:41:18.0352 0x07c4 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys 16:41:18.0353 0x07c4 msahci - ok 16:41:18.0358 0x07c4 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:41:18.0360 0x07c4 msdsm - ok 16:41:18.0365 0x07c4 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe 16:41:18.0368 0x07c4 MSDTC - ok 16:41:18.0373 0x07c4 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:41:18.0374 0x07c4 Msfs - ok 16:41:18.0377 0x07c4 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:41:18.0377 0x07c4 mshidkmdf - ok 16:41:18.0380 0x07c4 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:41:18.0380 0x07c4 msisadrv - ok 16:41:18.0385 0x07c4 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:41:18.0388 0x07c4 MSiSCSI - ok 16:41:18.0391 0x07c4 msiserver - ok 16:41:18.0394 0x07c4 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:41:18.0395 0x07c4 MSKSSRV - ok 16:41:18.0397 0x07c4 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:41:18.0398 0x07c4 MSPCLOCK - ok 16:41:18.0400 0x07c4 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:41:18.0400 0x07c4 MSPQM - ok 16:41:18.0409 0x07c4 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:41:18.0414 0x07c4 MsRPC - ok 16:41:18.0419 0x07c4 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:41:18.0420 0x07c4 mssmbios - ok 16:41:18.0423 0x07c4 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:41:18.0423 0x07c4 MSTEE - ok 16:41:18.0426 0x07c4 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 16:41:18.0427 0x07c4 MTConfig - ok 16:41:18.0430 0x07c4 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys 16:41:18.0431 0x07c4 Mup - ok 16:41:18.0442 0x07c4 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll 16:41:18.0449 0x07c4 napagent - ok 16:41:18.0458 0x07c4 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:41:18.0462 0x07c4 NativeWifiP - ok 16:41:18.0483 0x07c4 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys 16:41:18.0496 0x07c4 NDIS - ok 16:41:18.0500 0x07c4 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:41:18.0500 0x07c4 NdisCap - ok 16:41:18.0503 0x07c4 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:41:18.0504 0x07c4 NdisTapi - ok 16:41:18.0507 0x07c4 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:41:18.0508 0x07c4 Ndisuio - ok 16:41:18.0513 0x07c4 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:41:18.0516 0x07c4 NdisWan - ok 16:41:18.0519 0x07c4 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:41:18.0520 0x07c4 NDProxy - ok 16:41:18.0523 0x07c4 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:41:18.0525 0x07c4 NetBIOS - ok 16:41:18.0532 0x07c4 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:41:18.0536 0x07c4 NetBT - ok 16:41:18.0539 0x07c4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] Netlogon C:\Windows\system32\lsass.exe 16:41:18.0540 0x07c4 Netlogon - ok 16:41:18.0549 0x07c4 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll 16:41:18.0555 0x07c4 Netman - ok 16:41:18.0560 0x07c4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:41:18.0563 0x07c4 NetMsmqActivator - ok 16:41:18.0567 0x07c4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:41:18.0570 0x07c4 NetPipeActivator - ok 16:41:18.0581 0x07c4 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll 16:41:18.0588 0x07c4 netprofm - ok 16:41:18.0593 0x07c4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:41:18.0595 0x07c4 NetTcpActivator - ok 16:41:18.0599 0x07c4 [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 16:41:18.0602 0x07c4 NetTcpPortSharing - ok 16:41:18.0605 0x07c4 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:41:18.0606 0x07c4 nfrd960 - ok 16:41:18.0615 0x07c4 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll 16:41:18.0620 0x07c4 NlaSvc - ok 16:41:18.0624 0x07c4 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:41:18.0625 0x07c4 Npfs - ok 16:41:18.0628 0x07c4 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll 16:41:18.0630 0x07c4 nsi - ok 16:41:18.0632 0x07c4 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:41:18.0633 0x07c4 nsiproxy - ok 16:41:18.0667 0x07c4 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:41:18.0690 0x07c4 Ntfs - ok 16:41:18.0694 0x07c4 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys 16:41:18.0695 0x07c4 Null - ok 16:41:18.0700 0x07c4 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:41:18.0703 0x07c4 nvraid - ok 16:41:18.0708 0x07c4 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:41:18.0711 0x07c4 nvstor - ok 16:41:18.0715 0x07c4 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:41:18.0717 0x07c4 nv_agp - ok 16:41:18.0721 0x07c4 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:41:18.0722 0x07c4 ohci1394 - ok 16:41:18.0832 0x07c4 [ 4E2D0656946F2A19FED1C60E0E4FC1AF, 5551D5BD89EB650C5485BBB58DAA5473044B7C967B72687A27430FA9A1E812FE ] Origin Client Service I:\origins\Origin\OriginClientService.exe 16:41:18.0857 0x07c4 Origin Client Service - ok 16:41:18.0868 0x07c4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:41:18.0873 0x07c4 p2pimsvc - ok 16:41:18.0885 0x07c4 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll 16:41:18.0891 0x07c4 p2psvc - ok 16:41:18.0896 0x07c4 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\drivers\parport.sys 16:41:18.0898 0x07c4 Parport - ok 16:41:18.0902 0x07c4 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:41:18.0903 0x07c4 partmgr - ok 16:41:18.0910 0x07c4 [ DB2D62AA2DF6B1F3D690A9EC9701AA2C, BEAC55E1AA0494565F1547DF5E6FE20FCEA66461764C016FCB68D8BFF0F0C375 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:41:18.0913 0x07c4 PcaSvc - ok 16:41:18.0919 0x07c4 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys 16:41:18.0922 0x07c4 pci - ok 16:41:18.0925 0x07c4 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys 16:41:18.0925 0x07c4 pciide - ok 16:41:18.0932 0x07c4 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:41:18.0936 0x07c4 pcmcia - ok 16:41:18.0939 0x07c4 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys 16:41:18.0940 0x07c4 pcw - ok 16:41:18.0955 0x07c4 [ ED6E75158D28D33A2E2A020AC5B2B59D, 0F364D9A88304C45F31318605C417A70A9D0E4CF087D73E949B42C12CC76CD6C ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:41:18.0964 0x07c4 PEAUTH - ok 16:41:18.0993 0x07c4 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:41:19.0013 0x07c4 PeerDistSvc - ok 16:41:19.0043 0x07c4 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:41:19.0044 0x07c4 PerfHost - ok 16:41:19.0075 0x07c4 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll 16:41:19.0094 0x07c4 pla - ok 16:41:19.0106 0x07c4 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:41:19.0112 0x07c4 PlugPlay - ok 16:41:19.0115 0x07c4 PnkBstrA - ok 16:41:19.0118 0x07c4 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:41:19.0120 0x07c4 PNRPAutoReg - ok 16:41:19.0129 0x07c4 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:41:19.0135 0x07c4 PNRPsvc - ok 16:41:19.0147 0x07c4 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:41:19.0154 0x07c4 PolicyAgent - ok 16:41:19.0161 0x07c4 [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power C:\Windows\system32\umpo.dll 16:41:19.0165 0x07c4 Power - ok 16:41:19.0169 0x07c4 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:41:19.0171 0x07c4 PptpMiniport - ok 16:41:19.0175 0x07c4 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys 16:41:19.0177 0x07c4 Processor - ok 16:41:19.0183 0x07c4 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll 16:41:19.0187 0x07c4 ProfSvc - ok 16:41:19.0190 0x07c4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:41:19.0191 0x07c4 ProtectedStorage - ok 16:41:19.0196 0x07c4 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:41:19.0198 0x07c4 Psched - ok 16:41:19.0200 0x07c4 pyzuwuzu - ok 16:41:19.0231 0x07c4 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:41:19.0251 0x07c4 ql2300 - ok 16:41:19.0257 0x07c4 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:41:19.0260 0x07c4 ql40xx - ok 16:41:19.0267 0x07c4 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll 16:41:19.0271 0x07c4 QWAVE - ok 16:41:19.0275 0x07c4 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:41:19.0276 0x07c4 QWAVEdrv - ok 16:41:19.0279 0x07c4 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:41:19.0280 0x07c4 RasAcd - ok 16:41:19.0283 0x07c4 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:41:19.0284 0x07c4 RasAgileVpn - ok 16:41:19.0288 0x07c4 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll 16:41:19.0291 0x07c4 RasAuto - ok 16:41:19.0296 0x07c4 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:41:19.0298 0x07c4 Rasl2tp - ok 16:41:19.0308 0x07c4 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll 16:41:19.0314 0x07c4 RasMan - ok 16:41:19.0319 0x07c4 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:41:19.0320 0x07c4 RasPppoe - ok 16:41:19.0324 0x07c4 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:41:19.0326 0x07c4 RasSstp - ok 16:41:19.0336 0x07c4 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:41:19.0340 0x07c4 rdbss - ok 16:41:19.0344 0x07c4 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:41:19.0344 0x07c4 rdpbus - ok 16:41:19.0346 0x07c4 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:41:19.0347 0x07c4 RDPCDD - ok 16:41:19.0355 0x07c4 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:41:19.0357 0x07c4 RDPDR - ok 16:41:19.0360 0x07c4 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:41:19.0361 0x07c4 RDPENCDD - ok 16:41:19.0364 0x07c4 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:41:19.0365 0x07c4 RDPREFMP - ok 16:41:19.0371 0x07c4 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:41:19.0374 0x07c4 RDPWD - ok 16:41:19.0380 0x07c4 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:41:19.0383 0x07c4 rdyboost - ok 16:41:19.0388 0x07c4 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:41:19.0390 0x07c4 RemoteAccess - ok 16:41:19.0395 0x07c4 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:41:19.0399 0x07c4 RemoteRegistry - ok 16:41:19.0402 0x07c4 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:41:19.0404 0x07c4 RpcEptMapper - ok 16:41:19.0406 0x07c4 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe 16:41:19.0407 0x07c4 RpcLocator - ok 16:41:19.0419 0x07c4 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll 16:41:19.0427 0x07c4 RpcSs - ok 16:41:19.0432 0x07c4 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:41:19.0433 0x07c4 rspndr - ok 16:41:19.0445 0x07c4 [ EE082E06A82FF630351D1E0EBBD3D8D0, 537F1A4108BDA72E8DD271466E7B7FCF39D4D55E4129AB35A409AB7AF2E7D219 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 16:41:19.0453 0x07c4 RTL8167 - ok 16:41:19.0456 0x07c4 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys 16:41:19.0457 0x07c4 s3cap - ok 16:41:19.0459 0x07c4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] SamSs C:\Windows\system32\lsass.exe 16:41:19.0461 0x07c4 SamSs - ok 16:41:19.0464 0x07c4 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:41:19.0466 0x07c4 sbp2port - ok 16:41:19.0473 0x07c4 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:41:19.0477 0x07c4 SCardSvr - ok 16:41:19.0480 0x07c4 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:41:19.0480 0x07c4 scfilter - ok 16:41:19.0503 0x07c4 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll 16:41:19.0519 0x07c4 Schedule - ok 16:41:19.0524 0x07c4 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll 16:41:19.0526 0x07c4 SCPolicySvc - ok 16:41:19.0532 0x07c4 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:41:19.0535 0x07c4 SDRSVC - ok 16:41:19.0538 0x07c4 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:41:19.0539 0x07c4 secdrv - ok 16:41:19.0542 0x07c4 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll 16:41:19.0543 0x07c4 seclogon - ok 16:41:19.0546 0x07c4 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\System32\sens.dll 16:41:19.0548 0x07c4 SENS - ok 16:41:19.0551 0x07c4 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:41:19.0552 0x07c4 SensrSvc - ok 16:41:19.0555 0x07c4 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:41:19.0556 0x07c4 Serenum - ok 16:41:19.0559 0x07c4 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:41:19.0561 0x07c4 Serial - ok 16:41:19.0564 0x07c4 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:41:19.0565 0x07c4 sermouse - ok 16:41:19.0574 0x07c4 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll 16:41:19.0577 0x07c4 SessionEnv - ok 16:41:19.0579 0x07c4 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:41:19.0580 0x07c4 sffdisk - ok 16:41:19.0583 0x07c4 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:41:19.0583 0x07c4 sffp_mmc - ok 16:41:19.0586 0x07c4 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:41:19.0586 0x07c4 sffp_sd - ok 16:41:19.0589 0x07c4 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:41:19.0589 0x07c4 sfloppy - ok 16:41:19.0599 0x07c4 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:41:19.0605 0x07c4 SharedAccess - ok 16:41:19.0615 0x07c4 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:41:19.0621 0x07c4 ShellHWDetection - ok 16:41:19.0625 0x07c4 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 16:41:19.0626 0x07c4 SiSRaid2 - ok 16:41:19.0630 0x07c4 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:41:19.0631 0x07c4 SiSRaid4 - ok 16:41:19.0636 0x07c4 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:41:19.0637 0x07c4 Smb - ok 16:41:19.0643 0x07c4 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:41:19.0644 0x07c4 SNMPTRAP - ok 16:41:19.0647 0x07c4 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys 16:41:19.0648 0x07c4 spldr - ok 16:41:19.0661 0x07c4 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe 16:41:19.0669 0x07c4 Spooler - ok 16:41:19.0736 0x07c4 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe 16:41:19.0784 0x07c4 sppsvc - ok 16:41:19.0790 0x07c4 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:41:19.0792 0x07c4 sppuinotify - ok 16:41:19.0804 0x07c4 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:41:19.0811 0x07c4 srv - ok 16:41:19.0821 0x07c4 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:41:19.0828 0x07c4 srv2 - ok 16:41:19.0833 0x07c4 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:41:19.0836 0x07c4 srvnet - ok 16:41:19.0842 0x07c4 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:41:19.0846 0x07c4 SSDPSRV - ok 16:41:19.0850 0x07c4 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:41:19.0852 0x07c4 SstpSvc - ok 16:41:19.0870 0x07c4 [ 27DF6C9178333C3B72D8794368DF5DBC, 06A8EAEFA1A69C20666E84A833355B0CC52B07CFCAE8C7A64BB5C8388366322C ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe 16:41:19.0881 0x07c4 Steam Client Service - ok 16:41:19.0884 0x07c4 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys 16:41:19.0885 0x07c4 stexstor - ok 16:41:19.0898 0x07c4 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll 16:41:19.0907 0x07c4 stisvc - ok 16:41:19.0911 0x07c4 [ 7785DC213270D2FC066538DAF94087E7, F09CB2895241719CA5147B2EE9F7ECBD0303AFFB5CD896F06D4D29BAAAFC207B ] storflt C:\Windows\system32\drivers\vmstorfl.sys 16:41:19.0912 0x07c4 storflt - ok 16:41:19.0914 0x07c4 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll 16:41:19.0916 0x07c4 StorSvc - ok 16:41:19.0918 0x07c4 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys 16:41:19.0919 0x07c4 storvsc - ok 16:41:19.0922 0x07c4 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:41:19.0922 0x07c4 swenum - ok 16:41:19.0934 0x07c4 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll 16:41:19.0942 0x07c4 swprv - ok 16:41:19.0976 0x07c4 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll 16:41:20.0001 0x07c4 SysMain - ok 16:41:20.0006 0x07c4 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:41:20.0009 0x07c4 TabletInputService - ok 16:41:20.0010 0x07c4 Suspicious service (NoAccess): tammgF119 16:41:20.0012 0x07c4 [ D9C84F7A3EA53C6DFC3E2B206715F77C, A07FC919C57A729946A079855F75465D14E78BB769A920D77A407F2C915E361F ] tammgF119 C:\Windows\system32\Drivers\tammgF119.sys 16:41:20.0012 0x07c4 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\tammgF119.sys. md5: D9C84F7A3EA53C6DFC3E2B206715F77C, sha256: A07FC919C57A729946A079855F75465D14E78BB769A920D77A407F2C915E361F 16:41:20.0024 0x07c4 tammgF119 - detected LockedService.Multi.Generic ( 1 ) 16:41:20.0024 0x07c4 Detect skipped due to KSN trusted 16:41:20.0024 0x07c4 tammgF119 - ok 16:41:20.0025 0x07c4 Suspicious service (NoAccess): tammgR119 16:41:20.0027 0x07c4 [ CFABCF2BF681CAD94B6D2EBBC17A41AA, 71C8B8B00BBD925E110C4AC8CBD02BA468E001C954A04C62B566C8CE5BBDB261 ] tammgR119 C:\Windows\system32\Drivers\tammgR119.sys 16:41:20.0027 0x07c4 Suspicious file ( NoAccess ): C:\Windows\system32\Drivers\tammgR119.sys. md5: CFABCF2BF681CAD94B6D2EBBC17A41AA, sha256: 71C8B8B00BBD925E110C4AC8CBD02BA468E001C954A04C62B566C8CE5BBDB261 16:41:20.0034 0x07c4 tammgR119 - detected LockedService.Multi.Generic ( 1 ) 16:41:20.0034 0x07c4 Detect skipped due to KSN trusted 16:41:20.0034 0x07c4 tammgR119 - ok 16:41:20.0042 0x07c4 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll 16:41:20.0047 0x07c4 TapiSrv - ok 16:41:20.0051 0x07c4 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll 16:41:20.0053 0x07c4 TBS - ok 16:41:20.0090 0x07c4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:41:20.0116 0x07c4 Tcpip - ok 16:41:20.0152 0x07c4 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:41:20.0178 0x07c4 TCPIP6 - ok 16:41:20.0183 0x07c4 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:41:20.0184 0x07c4 tcpipreg - ok 16:41:20.0188 0x07c4 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:41:20.0188 0x07c4 TDPIPE - ok 16:41:20.0192 0x07c4 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:41:20.0193 0x07c4 TDTCP - ok 16:41:20.0198 0x07c4 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:41:20.0200 0x07c4 tdx - ok 16:41:20.0203 0x07c4 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:41:20.0205 0x07c4 TermDD - ok 16:41:20.0220 0x07c4 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll 16:41:20.0231 0x07c4 TermService - ok 16:41:20.0234 0x07c4 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll 16:41:20.0236 0x07c4 Themes - ok 16:41:20.0240 0x07c4 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll 16:41:20.0242 0x07c4 THREADORDER - ok 16:41:20.0246 0x07c4 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll 16:41:20.0249 0x07c4 TrkWks - ok 16:41:20.0255 0x07c4 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:41:20.0258 0x07c4 TrustedInstaller - ok 16:41:20.0262 0x07c4 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:41:20.0263 0x07c4 tssecsrv - ok 16:41:20.0266 0x07c4 [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:41:20.0268 0x07c4 TsUsbFlt - ok 16:41:20.0272 0x07c4 [ 9CC2CCAE8A84820EAECB886D477CBCB8, 50D8AA2D7477A6618A0C31BB4D1C4887B457865FB1105E2E7B984EEFA337B804 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 16:41:20.0273 0x07c4 TsUsbGD - ok 16:41:20.0278 0x07c4 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:41:20.0280 0x07c4 tunnel - ok 16:41:20.0283 0x07c4 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:41:20.0284 0x07c4 uagp35 - ok 16:41:20.0293 0x07c4 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:41:20.0298 0x07c4 udfs - ok 16:41:20.0304 0x07c4 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:41:20.0305 0x07c4 UI0Detect - ok 16:41:20.0308 0x07c4 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:41:20.0310 0x07c4 uliagpkx - ok 16:41:20.0313 0x07c4 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:41:20.0314 0x07c4 umbus - ok 16:41:20.0317 0x07c4 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\drivers\umpass.sys 16:41:20.0317 0x07c4 UmPass - ok 16:41:20.0325 0x07c4 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll 16:41:20.0329 0x07c4 UmRdpService - ok 16:41:20.0338 0x07c4 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll 16:41:20.0344 0x07c4 upnphost - ok 16:41:20.0347 0x07c4 [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 16:41:20.0348 0x07c4 USBAAPL64 - ok 16:41:20.0352 0x07c4 [ B0435098C81D04CAFFF80DDB746CD3A2, A17B207740382E38729571F0B0BC98FF874E856A7C7CE9EB930328A2AD88F52A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:41:20.0354 0x07c4 usbaudio - ok 16:41:20.0359 0x07c4 [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:41:20.0361 0x07c4 usbccgp - ok 16:41:20.0365 0x07c4 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:41:20.0367 0x07c4 usbcir - ok 16:41:20.0370 0x07c4 [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:41:20.0371 0x07c4 usbehci - ok 16:41:20.0380 0x07c4 [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:41:20.0385 0x07c4 usbhub - ok 16:41:20.0388 0x07c4 [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:41:20.0389 0x07c4 usbohci - ok 16:41:20.0392 0x07c4 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:41:20.0393 0x07c4 usbprint - ok 16:41:20.0398 0x07c4 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:41:20.0399 0x07c4 USBSTOR - ok 16:41:20.0402 0x07c4 [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:41:20.0403 0x07c4 usbuhci - ok 16:41:20.0406 0x07c4 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll 16:41:20.0408 0x07c4 UxSms - ok 16:41:20.0411 0x07c4 [ B6C7729936AAF8E0697F0A7DCA82CED8, 9706E5234364488DD18527AAC82760E5ECB6EC9EBFDD4D04D2708D3C9C576FE6 ] VaultSvc C:\Windows\system32\lsass.exe 16:41:20.0412 0x07c4 VaultSvc - ok 16:41:20.0414 0x07c4 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:41:20.0415 0x07c4 vdrvroot - ok 16:41:20.0427 0x07c4 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe 16:41:20.0436 0x07c4 vds - ok 16:41:20.0439 0x07c4 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:41:20.0440 0x07c4 vga - ok 16:41:20.0443 0x07c4 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:41:20.0444 0x07c4 VgaSave - ok 16:41:20.0450 0x07c4 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:41:20.0453 0x07c4 vhdmp - ok 16:41:20.0456 0x07c4 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys 16:41:20.0457 0x07c4 viaide - ok 16:41:20.0462 0x07c4 [ 86EA3E79AE350FEA5331A1303054005F, 7E7D6027EB41E591633C7383A5D29A3BA8ECFC08C177D2BCF741EE27686B1691 ] vmbus C:\Windows\system32\drivers\vmbus.sys 16:41:20.0465 0x07c4 vmbus - ok 16:41:20.0468 0x07c4 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 16:41:20.0469 0x07c4 VMBusHID - ok 16:41:20.0473 0x07c4 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:41:20.0475 0x07c4 volmgr - ok 16:41:20.0484 0x07c4 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:41:20.0489 0x07c4 volmgrx - ok 16:41:20.0498 0x07c4 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:41:20.0502 0x07c4 volsnap - ok 16:41:20.0508 0x07c4 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:41:20.0511 0x07c4 vsmraid - ok 16:41:20.0542 0x07c4 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe 16:41:20.0565 0x07c4 VSS - ok 16:41:20.0570 0x07c4 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 16:41:20.0571 0x07c4 vwifibus - ok 16:41:20.0580 0x07c4 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll 16:41:20.0587 0x07c4 W32Time - ok 16:41:20.0591 0x07c4 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:41:20.0592 0x07c4 WacomPen - ok 16:41:20.0596 0x07c4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:41:20.0598 0x07c4 WANARP - ok 16:41:20.0601 0x07c4 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:41:20.0603 0x07c4 Wanarpv6 - ok 16:41:20.0633 0x07c4 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe 16:41:20.0654 0x07c4 wbengine - ok 16:41:20.0661 0x07c4 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:41:20.0665 0x07c4 WbioSrvc - ok 16:41:20.0674 0x07c4 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:41:20.0680 0x07c4 wcncsvc - ok 16:41:20.0684 0x07c4 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:41:20.0686 0x07c4 WcsPlugInService - ok 16:41:20.0688 0x07c4 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys 16:41:20.0689 0x07c4 Wd - ok 16:41:20.0706 0x07c4 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:41:20.0717 0x07c4 Wdf01000 - ok 16:41:20.0721 0x07c4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:41:20.0724 0x07c4 WdiServiceHost - ok 16:41:20.0727 0x07c4 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:41:20.0730 0x07c4 WdiSystemHost - ok 16:41:20.0737 0x07c4 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll 16:41:20.0742 0x07c4 WebClient - ok 16:41:20.0748 0x07c4 [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:41:20.0753 0x07c4 Wecsvc - ok 16:41:20.0757 0x07c4 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:41:20.0759 0x07c4 wercplsupport - ok 16:41:20.0762 0x07c4 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll 16:41:20.0765 0x07c4 WerSvc - ok 16:41:20.0768 0x07c4 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:41:20.0769 0x07c4 WfpLwf - ok 16:41:20.0772 0x07c4 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:41:20.0772 0x07c4 WIMMount - ok 16:41:20.0775 0x07c4 WinDefend - ok 16:41:20.0779 0x07c4 WinHttpAutoProxySvc - ok 16:41:20.0789 0x07c4 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:41:20.0793 0x07c4 Winmgmt - ok 16:41:20.0833 0x07c4 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll 16:41:20.0861 0x07c4 WinRM - ok 16:41:20.0868 0x07c4 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:41:20.0869 0x07c4 WinUsb - ok 16:41:20.0888 0x07c4 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:41:20.0902 0x07c4 Wlansvc - ok 16:41:20.0905 0x07c4 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys 16:41:20.0906 0x07c4 WmiAcpi - ok 16:41:20.0913 0x07c4 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:41:20.0916 0x07c4 wmiApSrv - ok 16:41:20.0918 0x07c4 WMPNetworkSvc - ok 16:41:20.0923 0x07c4 [ 4AB719DBDF86F658304B7403754923AB, A61A4B54C47304EB7F1AF837F65F8BA28AC0D2CE83772D5DE6254E8BE34C174D ] wojegejy C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsp1D2C.tmp 16:41:20.0925 0x07c4 wojegejy - ok 16:41:20.0928 0x07c4 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:41:20.0929 0x07c4 WPCSvc - ok 16:41:20.0933 0x07c4 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:41:20.0936 0x07c4 WPDBusEnum - ok 16:41:20.0939 0x07c4 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:41:20.0940 0x07c4 ws2ifsl - ok 16:41:20.0944 0x07c4 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\System32\wscsvc.dll 16:41:20.0947 0x07c4 wscsvc - ok 16:41:20.0948 0x07c4 WSearch - ok 16:41:20.0998 0x07c4 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll 16:41:21.0032 0x07c4 wuauserv - ok 16:41:21.0038 0x07c4 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:41:21.0040 0x07c4 WudfPf - ok 16:41:21.0046 0x07c4 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:41:21.0049 0x07c4 WUDFRd - ok 16:41:21.0053 0x07c4 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:41:21.0055 0x07c4 wudfsvc - ok 16:41:21.0062 0x07c4 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll 16:41:21.0066 0x07c4 WwanSvc - ok 16:41:21.0069 0x07c4 ================ Scan global =============================== 16:41:21.0072 0x07c4 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll 16:41:21.0079 0x07c4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 16:41:21.0088 0x07c4 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll 16:41:21.0094 0x07c4 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll 16:41:21.0103 0x07c4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe 16:41:21.0109 0x07c4 [ Global ] - ok 16:41:21.0109 0x07c4 ================ Scan MBR ================================== 16:41:21.0131 0x07c4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 16:41:21.0503 0x07c4 \Device\Harddisk1\DR1 - ok 16:41:21.0504 0x07c4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:41:21.0508 0x07c4 \Device\Harddisk0\DR0 - ok 16:41:21.0508 0x07c4 ================ Scan VBR ================================== 16:41:21.0509 0x07c4 [ 7BF3AAE290697EACCDE11058F53ED1D9 ] \Device\Harddisk1\DR1\Partition1 16:41:21.0555 0x07c4 \Device\Harddisk1\DR1\Partition1 - ok 16:41:21.0556 0x07c4 [ 2A82618F40DEAF87B9A56E72DDECC4B2 ] \Device\Harddisk0\DR0\Partition1 16:41:21.0557 0x07c4 \Device\Harddisk0\DR0\Partition1 - ok 16:41:21.0557 0x07c4 ================ Scan generic autorun ====================== 16:41:21.0780 0x07c4 [ BCFF8CD24809941E28C73185FC58CA39, 353CA65A5EAFAF5DEC777C422A1B842DAF84ED66626AF314670E49402B6DE994 ] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 16:41:21.0940 0x07c4 RTHDVCPL - ok 16:41:21.0951 0x07c4 [ D0B542256A968DFCB8896C140FCE6047, 3F92A9871B521BCCCDFE6D9BFF88930B26C5DB86F6F6578554A3F2ECC5C5EBA0 ] C:\Program Files\iTunes\iTunesHelper.exe 16:41:21.0954 0x07c4 iTunesHelper - ok 16:41:21.0974 0x07c4 [ 0210577A83C3E30C724E21EC3211ED95, 1433DE5B47B5EC1F99E6BCD6C8538D8BD1F17B175AB4FE2CE7D480D46AAF3822 ] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe 16:41:21.0985 0x07c4 StartCCC - ok 16:41:21.0985 0x07c4 Update - ok 16:41:22.0010 0x07c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 16:41:22.0026 0x07c4 Sidebar - ok 16:41:22.0030 0x07c4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 16:41:22.0032 0x07c4 mctadmin - ok 16:41:22.0054 0x07c4 [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe 16:41:22.0070 0x07c4 Sidebar - ok 16:41:22.0074 0x07c4 [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe 16:41:22.0076 0x07c4 mctadmin - ok 16:41:22.0085 0x07c4 [ EDA861A35DC2AC5C7B2F697EC546C4BE, EC2C8FFBC044134B09D93D2B0ACCC4D00AC625E5A0480526BAC4C25CA15D5610 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe 16:41:22.0091 0x07c4 HydraVisionDesktopManager - ok 16:41:22.0234 0x07c4 [ 18EE6C694976C4D205AF24D6CCE3B660, 262F8B929CBBC8BFDD465826A27625ED9508A7C325C45F1964A4EFAC36D60056 ] C:\Program Files\CCleaner\CCleaner64.exe 16:41:22.0328 0x07c4 CCleaner Monitoring - ok 16:41:22.0336 0x07c4 Win FW state via NFP2: enabled 16:41:24.0672 0x07c4 ============================================================ 16:41:24.0672 0x07c4 Scan finished 16:41:24.0672 0x07c4 ============================================================ 16:41:24.0680 0x1050 Detected object count: 0 16:41:24.0680 0x1050 Actual detected object count: 0 16:41:27.0595 0x0ed4 Deinitialize success |
|
19.03.2015, 16:30
| #7 |
| | PSeMu3_setup.exe redirect virus im browser Combofix Code:
ATTFilter ComboFix 15-03-14.03 - Steffen 18.03.2015 0:35.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8159.6587 [GMT 1:00]
ausgeführt von:: c:\users\Steffen\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2015-02-17 bis 2015-03-17 ))))))))))))))))))))))))))))))
.
.
2015-03-17 23:39 . 2015-03-17 23:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-03-17 13:30 . 2015-03-17 13:30 -------- d-----w- c:\program files (x86)\ESET
2015-03-17 13:18 . 2015-03-17 23:04 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-17 13:18 . 2015-03-17 13:18 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2015-03-17 13:18 . 2015-03-17 13:18 -------- d-----w- c:\programdata\Malwarebytes
2015-03-17 13:18 . 2014-11-21 05:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-03-17 13:18 . 2014-11-21 05:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-03-17 13:18 . 2014-11-21 05:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-03-17 12:26 . 2015-03-17 12:26 -------- d-----w- c:\windows\system32\appmgmt
2015-03-17 12:21 . 2015-03-17 14:15 -------- d-----w- c:\users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8
2015-03-17 12:19 . 2015-03-17 12:37 -------- d-----w- c:\users\Steffen\AppData\Local\Opera Software
2015-03-17 12:19 . 2015-03-17 12:19 -------- d-----w- c:\users\Steffen\AppData\Roaming\Opera Software
2015-03-17 12:19 . 2015-03-17 12:39 -------- d-----w- c:\program files (x86)\Opera
2015-03-17 12:18 . 2015-03-17 13:24 -------- d-----w- c:\programdata\{ffb5672b-ba73-088b-ffb5-5672bba79cae}
2015-03-17 12:18 . 2015-03-17 21:51 -------- d-----w- c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8
2015-03-17 10:14 . 2015-01-29 09:07 11910896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B66EAA62-FA07-4219-AF4E-69E39A60D019}\mpengine.dll
2015-03-15 02:00 . 2015-03-15 02:05 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2015-03-15 01:57 . 2015-03-15 01:57 -------- d-----w- c:\programdata\EA Core
2015-03-15 01:57 . 2015-03-15 02:00 -------- d-----w- c:\programdata\EA Logs
2015-03-10 19:04 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-03-10 19:04 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-03-10 18:28 . 2015-03-10 18:28 -------- d-----w- c:\users\Steffen\AppData\Roaming\.mono
2015-03-10 18:28 . 2015-03-10 18:28 -------- d-----w- c:\programdata\.mono
2015-03-10 18:28 . 2015-03-10 18:28 -------- d-----w- c:\users\Steffen\AppData\Roaming\Colossal Order
2015-03-10 18:28 . 2015-03-10 18:28 -------- d-----w- c:\users\Steffen\AppData\Local\Colossal Order
2015-03-09 17:57 . 2015-03-09 17:57 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2015-03-09 17:15 . 2015-03-09 17:15 -------- d-----w- c:\programdata\FlyVPN
2015-03-03 21:54 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-03-03 21:54 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-03-03 21:54 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-03-03 21:54 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-03-03 12:56 . 2015-03-03 12:56 -------- d-----w- c:\program files (x86)\DrinkBox Studios
2015-02-27 21:26 . 2015-02-27 21:26 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-02-27 21:26 . 2015-02-27 21:26 -------- d-----w- c:\program files\iTunes
2015-02-27 21:26 . 2015-02-27 21:26 -------- d-----w- c:\program files\iPod
2015-02-27 21:26 . 2015-02-27 21:26 -------- d-----w- c:\program files (x86)\iTunes
2015-02-20 22:05 . 2015-02-20 22:05 -------- d-----w- c:\users\Steffen\AppData\Roaming\OpenOffice
2015-02-20 22:05 . 2015-02-20 22:05 -------- d-----w- c:\program files (x86)\OpenOffice 4
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-15 02:05 . 2015-02-04 13:19 76152 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2015-03-15 02:05 . 2015-02-04 13:19 348672 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2015-03-15 02:00 . 2015-02-04 13:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2015-03-11 02:01 . 2014-11-23 13:56 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 02:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-05 13:22 . 2014-11-21 12:58 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 13:22 . 2014-11-21 12:58 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-02-04 03:16 . 2015-02-11 12:47 609280 ----a-w- c:\windows\system32\generaltel.dll
2015-02-04 03:16 . 2015-02-11 12:47 762368 ----a-w- c:\windows\system32\invagent.dll
2015-02-04 03:16 . 2015-02-11 12:47 414720 ----a-w- c:\windows\system32\devinv.dll
2015-02-04 03:16 . 2015-02-11 12:47 894976 ----a-w- c:\windows\system32\appraiser.dll
2015-02-04 03:16 . 2015-02-11 12:47 227328 ----a-w- c:\windows\system32\aepdu.dll
2015-02-04 03:16 . 2015-02-11 12:47 192000 ----a-w- c:\windows\system32\aepic.dll
2015-02-04 03:13 . 2015-02-11 12:47 1098752 ----a-w- c:\windows\system32\aeinv.dll
2015-01-27 23:36 . 2015-02-11 12:47 1239720 ----a-w- c:\windows\system32\aitstatic.exe
2015-01-16 23:15 . 2015-01-16 23:26 174624 ----a-w- c:\windows\SysWow64\EasyAntiCheat.exe
2014-12-19 03:06 . 2015-01-14 12:29 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-14 12:29 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-08-30 389120]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-11-21 7063832]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-08-30 766208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 hycetuje;Portal Ctrl;c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\jnsdBD5C.tmp;c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\jnsdBD5C.tmp [x]
R2 pyzuwuzu;Clone Font;c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs;c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;i:\origins\Origin\OriginClientService.exe;i:\origins\Origin\OriginClientService.exe [x]
S0 tammgF119;tammgF119 service;tammgF119 service [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 bobyzoom;bobyzoom;c:\programdata\bobyzoom\1.1.0.30\bzagnt.exe;c:\programdata\bobyzoom\1.1.0.30\bzagnt.exe [x]
S2 bzwdg;bzwdg;c:\programdata\bobyzoom\1.1.0.30\bzwdg.exe;c:\programdata\bobyzoom\1.1.0.30\bzwdg.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MBAMSWISSARMY
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-21 13:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-28 11905128]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Client auf Monitor & öffnen1 - c:\windows\web\AOpenClient.htm
IE: Client auf Monitor & öffnen2 - c:\windows\web\AOpenClient.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: samsungsetup.com\www
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{9D8D5AD9-94C7-40B3-88F2-2B8F227F6381} - c:\programdata\bobyzoom\1.1.0.30\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\hycetuje]
"ImagePath"="c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\jnsdBD5C.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pyzuwuzu]
"ImagePath"="c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wojegejy]
"ImagePath"="c:\users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsp1D2C.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tammgF119]
"ImagePath"="\??\c:\windows\system32\Drivers\tammgF119.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\tammgR119]
"ImagePath"="\??\c:\windows\system32\Drivers\tammgR119.sys"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2015-03-18 00:40:09
ComboFix-quarantined-files.txt 2015-03-17 23:40
ComboFix2.txt 2015-03-17 15:53
.
Vor Suchlauf: 12 Verzeichnis(se), 31.751.655.424 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 31.553.159.168 Bytes frei
.
- - End Of File - - B46B228CC79DB9BB0F2027E2F3EE706A
A36C5E4F47E84449FF07ED3517B43A31
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4f68a9669b6188488275d0dc59404e5e
# engine=22947
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-17 02:16:12
# local_time=2015-03-17 03:16:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 18106 178231622 0 0
# scanned=207073
# found=49
# cleaned=48
# scan_time=2550
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application" ac=I fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR7K1KM6\Setup[1].exe"
sh=25A33EEE3D222074B9ACEAC3DC8FB317C1F8152A ft=1 fh=bcc2e49251f4de09 vn="a variant of MSIL/Adware.iBryte.G application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\uninstall.exe.vir"
sh=60B5EB2B43DD57F7FCA5BCB2FA1848F129E8E001 ft=1 fh=ae6dcb3caea0167c vn="a variant of Win32/ELEX.BU potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\eUninstall.exe.vir"
sh=66AE7020991466E365531E01821D1721FF10F7A9 ft=1 fh=2b6131bebc979372 vn="Win32/ELEX.BF potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\TrayDownloader.exe.vir"
sh=36D9F4A3B13AFC47D1E28A81CF00AC38B82C54E0 ft=1 fh=ee02773919a25ace vn="a variant of Win32/ELEX.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\WinZipper\winzipersvc.exe.vir"
sh=8C8E2A338F04848E754C25DC19C1430580D462C6 ft=1 fh=f76e2c97d8443672 vn="Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchCH.dll.vir"
sh=AEA1F8ECDBFE8E7BD55BCA9B24160C99A58F655B ft=1 fh=00817a312f73db7a vn="Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowerWatchFF.dll.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="a variant of Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=987B7AAE8131855FE75145719FF5F076B2299C97 ft=1 fh=712332c590681590 vn="Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\CmdShell.exe.vir"
sh=454CD903C123F611BCB0570843035C0A79F4982C ft=1 fh=cd56a5d579cc2e31 vn="Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=CD37191EE4233E55E613DD2D34DA1620EC9752E6 ft=1 fh=779e3b53bab7b8cc vn="Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=20EB765F8AC452AFA69069CB8741BEE918A386BF ft=1 fh=4ef03ab93070aee7 vn="Win32/ELEX.BM potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ProtectService.exe.vir"
sh=14E7D1DB36B816A980F4CE58EF5833FA2393AEAD ft=1 fh=76649c45e05ece35 vn="a variant of Win32/Thinknice.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\SupTab.dll.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="a variant of Win32/ELEX.AV potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=E527BBCAFEDDC287A621A2DB49A1F10502C1E3D0 ft=1 fh=4c77490216ec3f95 vn="a variant of Win32/ELEX.BH potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=6C654ED07E23F02D5530FB0666614D4B351C4117 ft=1 fh=c71c0011496d5a80 vn="a variant of Win32/ELEX.BN potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\update\update.exe.vir"
sh=E12AEBE0494D17494B59B058C14D793D22BBAC0D ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\Steffen\AppData\Local\BoBrowser\User Data\Default\Extensions\ebpeonjdeofpjegbdiibbdjlgfohngee\1.26.26_0\extensionData\plugins\91.js.vir"
sh=7650EA19322B3F8056D0CBA176712EA55D5288EF ft=1 fh=319d39f360106768 vn="a variant of Win64/NetFilter.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{90018a24-bc1e-468a-b232-4bcc260b3165}Gw64.sys.vir"
sh=22EDC677BD42BD75063D655B37306BC272226960 ft=1 fh=3d1a8155eede7290 vn="a variant of Win32/Komodia.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\Gambali.dll.vir"
sh=FBFC7E7F4B100FE94430EEBB3403ADD1CE2BB203 ft=1 fh=c71c001152e00f50 vn="Win32/Adware.ConvertAd.DD application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8\onsz8B59.tmp"
sh=2F54B6DEC95E39AE1D5EF31FDAC1CA9654510F8E ft=1 fh=9d27c0b07b4b3bba vn="Win32/Somoto.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL7SNTP4\setup[1].exe"
sh=FBFC7E7F4B100FE94430EEBB3403ADD1CE2BB203 ft=1 fh=c71c001152e00f50 vn="Win32/Adware.ConvertAd.DD application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DL7SNTP4\Update_Notifier[1].exe"
sh=F615E6E21458EB5D1D939515A9D80F80FAD58E91 ft=1 fh=078afa6a2b83234b vn="a variant of Win32/Adware.AddLyrics.DX application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6SSSPJ\3333-6051_CheckMeUp[1].exe"
sh=5F017D704F0FD4A9FFF856E1F65371827A10A0B4 ft=1 fh=545d61061d382af8 vn="a variant of Generik.LOKWCML trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6SSSPJ\OptimizerPro_0803[1].exe"
sh=4EB73C0D59F388086502C5ED862B47291512C2BA ft=1 fh=74559f4ab8dbc80b vn="a variant of MSIL/Rebrand.LittleRegClean.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6SSSPJ\ProPCCleaner_1712[1].exe"
sh=89F3F4F71B5BC38011D2D6A5636BB504A95CB4B1 ft=1 fh=6560a2bf03728edc vn="a variant of Win32/TrojanDropper.Addrop.A trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6SSSPJ\setup[1].exe"
sh=456ED1C321423B76078AD9DF63D3A144DD424596 ft=1 fh=7d95756caab58d82 vn="a variant of Win32/Adware.Similagro.E application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KI6SSSPJ\Zoomit_1003[1].exe"
sh=B1407D401809ED51A0DB34A1D9C825F457192413 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR7K1KM6\91[1].js"
sh=9F4749AEB8AC433742D22F1C3C5D0B35BA45E711 ft=1 fh=4eeeabf2319f9d1e vn="a variant of Win32/Adware.PicColor.Z application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KR7K1KM6\SUChecker[1].exe"
sh=BFBBA1CD151FAE7AC660CDF4141BE3D82716CC21 ft=1 fh=87b1a65cb19f04fd vn="a variant of Win32/Adware.ConvertAd.DC application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T93874AE\VOsrv[1].exe"
sh=368503EE2DEF7231FBD8B5D191DA8FD30808ED31 ft=0 fh=0000000000000000 vn="JS/Trackware.Agent.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Mozilla\Firefox\Profiles\inyfbn60.default\cache2\entries\E36A497F7D6382B6299E95FE29E4FE27AD29B188"
sh=CB292251F179F35BB1E91BB2BE7BF4DC72033A8E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\46A8.tmp"
sh=53B5C74242A66D3C63C524F8F269795289B5B558 ft=1 fh=c71c00114ebde417 vn="a variant of Win32/Adware.AddLyrics.DY application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\86FC8AE9-3BA4-04A9-1365-9CA82E22E88A.exe"
sh=03554485A680A2E0D5AACFE4384D98CD882D3CEF ft=1 fh=c71c0011f4ad6bde vn="a variant of Win32/Adware.AddLyrics.DY application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\89799258-5CCE-F450-309A-009FC7E5786D.exe"
sh=CE5A78B5370C28795F401547D384BD20439FA205 ft=1 fh=b6d749d0e67c3ba5 vn="a variant of Win32/InstallCore.PK potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\nsl6086.tmp"
sh=2F54B6DEC95E39AE1D5EF31FDAC1CA9654510F8E ft=1 fh=9d27c0b07b4b3bba vn="Win32/Somoto.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\nswFF02.tmp"
sh=E73AEB9DE803EAD6C988468FD6F8BC73826B0D46 ft=1 fh=1483a661ad3ebc66 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\optsetup.exe"
sh=9703A00A9033EA51B40B4772437460089D4503D6 ft=1 fh=da99dbaa01de7d6c vn="Win32/Adware.ConvertAd.AQ application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\setup.exe"
sh=9F4749AEB8AC433742D22F1C3C5D0B35BA45E711 ft=1 fh=4eeeabf2319f9d1e vn="a variant of Win32/Adware.PicColor.Z application (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Local\Temp\81426594524\GI64X24537.exe"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Roaming\HPWHB"
sh=96EDAD94BE1A45EC7D5E7D67B97FE20C1DE1D676 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Roaming\NBYG"
sh=BFBBA1CD151FAE7AC660CDF4141BE3D82716CC21 ft=1 fh=87b1a65cb19f04fd vn="a variant of Win32/Adware.ConvertAd.DC application (cleaned by deleting (after the next restart) - quarantined)" ac=C fn="C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs"
sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\Desktop\Win 7 Loader v2.2.1 by DAZ\Windows Loader.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Steffen\Downloads\ccsetup500.exe"
sh=D13E9BF6703A5F483C165C4FE58DA63625627398 ft=1 fh=db2e5b4891c0d472 vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="C:\Users\Steffen\Downloads\PSeMu3_Setup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/InstallCore.PK potentially unwanted application (contained infected files)" ac=C fn="${Memory}"
Geändert von IIluminat (19.03.2015 um 16:34 Uhr) Grund: Falsches Log |
|
19.03.2015, 20:50
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PSeMu3_setup.exe redirect virus im browserZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2015, 21:34
| #9 | |
| | PSeMu3_setup.exe redirect virus im browserZitat:
nope is was altes, wurde jetzt auch gelöscht ! Hatte es nurnoch drauf als ich den scan gemacht habe, aber als ich noch jung und unbedarft war hatte ich ein solches tool benutzt. Jetzt bin ich aber sauber |
|
19.03.2015, 21:58
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PSeMu3_setup.exe redirect virus im browser Adware/Junkware/Toolbars entfernen Alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop! Virenscanner jetzt vor dem Einsatz dieser Tools bitte komplett deaktivieren! 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2015, 22:22
| #11 |
| | PSeMu3_setup.exe redirect virus im browserCode:
ATTFilter # AdwCleaner v4.112 - Bericht erstellt 19/03/2015 um 22:10:16
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x64)
# Benutzername : Steffen - STEFFEN-PC
# Gestarted von : C:\Users\Steffen\Desktop\AdwCleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\Steffen\Desktop\Continue Live Installation.lnk
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v36.0.1 (x86 de)
-\\ Opera v0.0.0.0
*************************
AdwCleaner[R0].txt - [7171 Bytes] - [17/12/2014 13:05:55]
AdwCleaner[R1].txt - [7188 Bytes] - [17/12/2014 13:10:30]
AdwCleaner[R2].txt - [9826 Bytes] - [17/03/2015 14:14:34]
AdwCleaner[R3].txt - [1280 Bytes] - [19/03/2015 22:09:00]
AdwCleaner[S0].txt - [6144 Bytes] - [17/12/2014 13:11:05]
AdwCleaner[S1].txt - [8387 Bytes] - [17/03/2015 14:16:01]
AdwCleaner[S2].txt - [1202 Bytes] - [19/03/2015 22:10:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1261 Bytes] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Professional x64
Ran by Steffen on 19.03.2015 at 22:12:10,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\inyfbn60.default\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "smt");
user_pref("browser.search.searchengine.uid", "OCZ-VERTEX460_A22BE061423000989");
Emptied folder: C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\inyfbn60.default\minidumps [24 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.03.2015 at 22:15:10,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Steffen (administrator) on STEFFEN-PC on 19-03-2015 22:17:14 Running from C:\Users\Steffen\Desktop Loaded Profiles: Steffen (Available profiles: Steffen) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsu2363.tmp (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Extension: Avira Browser Safety - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\abs@avira.com [2015-03-18] FF Extension: BobyZoom - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\bbz@bobyzoom.com [2015-03-19] FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) Locked "tammgF119" service could not be unlocked. <===== ATTENTION Locked "tammgR119" service could not be unlocked. <===== ATTENTION R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) R2 bobyzoom; C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [0 ] () <==== ATTENTION (zero size file/folder) R2 bzwdg; C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe [0 ] () <==== ATTENTION (zero size file/folder) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-17] (EasyAntiCheat Ltd) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; I:\origins\Origin\OriginClientService.exe [1910640 2015-03-12] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-15] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 wygovexo; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsu2363.tmp [122368 2015-03-19] () [File not signed] S2 pyzuwuzu; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [26784 2015-03-17] () [File not signed] R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [26272 2015-03-17] () [File not signed] S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 22:17 - 2015-03-19 22:17 - 00010335 _____ () C:\Users\Steffen\Desktop\FRST.txt 2015-03-19 22:16 - 2015-03-19 22:16 - 02095616 _____ (Farbar) C:\Users\Steffen\Downloads\FRST64.exe 2015-03-19 22:16 - 2015-03-19 22:16 - 02095616 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe 2015-03-19 22:15 - 2015-03-19 22:15 - 00001114 _____ () C:\Users\Steffen\Desktop\JRT.txt 2015-03-19 22:11 - 2015-03-19 22:17 - 00002746 _____ () C:\Windows\System32\Tasks\Tempo Runner bz64 2015-03-19 22:11 - 2015-03-19 22:17 - 00000412 _____ () C:\Windows\Tasks\Tempo Runner bz64.job 2015-03-19 22:07 - 2015-03-19 22:07 - 02171392 _____ () C:\Users\Steffen\Desktop\AdwCleaner_4.112.exe 2015-03-19 22:07 - 2015-03-19 22:07 - 01388672 _____ (Thisisu) C:\Users\Steffen\Desktop\JRT.exe 2015-03-19 01:13 - 2015-03-19 01:13 - 03889192 _____ () C:\Users\Steffen\Downloads\PSX.zip 2015-03-19 01:01 - 2015-03-19 01:16 - 2409920380 _____ () C:\Users\Steffen\Downloads\SSX 3 (Europe) (En,Fr,De,Es) (v2.00).7z 2015-03-19 00:15 - 2015-03-19 00:58 - 2070017958 _____ () C:\Users\Steffen\Downloads\God of War II (Europe, Australia) (En,Fr,De,Es,It,Ru).7z 2015-03-18 03:24 - 2015-03-18 03:18 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-18 03:18 - 2015-03-18 03:18 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Avira 2015-03-18 03:17 - 2015-02-25 17:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-18 03:17 - 2015-02-25 17:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-18 03:17 - 2015-02-25 17:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-18 03:16 - 2015-03-18 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-18 03:16 - 2015-03-18 03:17 - 00000000 ____D () C:\ProgramData\Avira 2015-03-18 03:16 - 2015-03-18 03:17 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-18 03:16 - 2015-03-18 03:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-03-18 01:04 - 2015-03-19 22:17 - 00000000 ____D () C:\FRST 2015-03-18 00:40 - 2015-03-18 00:40 - 00017014 _____ () C:\ComboFix.txt 2015-03-17 16:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-17 16:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-17 16:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-17 16:46 - 2015-03-18 00:40 - 00000000 ____D () C:\Qoobox 2015-03-17 16:46 - 2015-03-17 16:52 - 00000000 ____D () C:\Windows\erdnt 2015-03-17 16:45 - 2015-03-17 16:45 - 05615380 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe 2015-03-17 14:30 - 2015-03-17 14:30 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-17 14:18 - 2015-03-19 22:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 14:18 - 2015-03-17 14:18 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-17 14:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 14:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 14:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 14:14 - 2015-03-17 14:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-17 13:26 - 2015-03-17 13:26 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-17 13:21 - 2015-03-17 15:15 - 00000000 ____D () C:\Users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8 2015-03-17 13:19 - 2015-03-17 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-03-17 13:19 - 2015-03-17 13:37 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Opera Software 2015-03-17 13:19 - 2015-03-17 13:19 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Opera Software 2015-03-17 13:18 - 2015-03-19 20:00 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8 2015-03-17 13:18 - 2015-03-17 14:24 - 00000000 ____D () C:\ProgramData\{ffb5672b-ba73-088b-ffb5-5672bba79cae} 2015-03-17 13:16 - 2015-03-17 13:16 - 00026784 _____ () C:\Windows\system32\Drivers\tammgF119.sys 2015-03-17 13:16 - 2015-03-17 13:16 - 00026272 _____ () C:\Windows\system32\Drivers\tammgR119.sys 2015-03-17 13:16 - 2015-03-17 13:16 - 00000000 ____D () C:\ProgramData\bobyzoom 2015-03-15 03:00 - 2015-03-15 03:05 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-03-15 02:57 - 2015-03-15 03:00 - 00000000 ____D () C:\Users\Steffen\Documents\Battlefield 3 2015-03-15 02:57 - 2015-03-15 02:57 - 00000000 ____D () C:\ProgramData\EA Core 2015-03-13 00:11 - 2015-03-13 00:11 - 00000000 ____D () C:\Users\Steffen\Documents\SimCity 2015-03-10 20:08 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-10 20:08 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-10 20:08 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 20:08 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-10 20:08 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 20:08 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-10 20:08 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 20:08 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-10 20:08 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 20:08 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 20:08 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 20:08 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 20:08 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 20:08 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 20:08 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 20:08 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-10 20:08 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-10 20:08 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-10 20:08 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-10 20:08 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-10 20:08 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-10 20:08 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-10 20:08 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-10 20:08 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-10 20:08 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 20:08 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 20:08 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 20:08 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 20:07 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 20:07 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 20:07 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 20:07 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 20:07 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 20:07 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 20:07 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 20:07 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-10 20:07 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-10 20:07 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-10 20:07 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-10 20:07 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-10 20:07 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-10 20:07 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 20:07 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 20:07 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-10 20:07 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 20:07 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-10 20:07 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-10 20:07 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-10 20:07 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-10 20:07 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 20:07 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-10 20:07 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 20:07 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 20:07 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 20:07 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 20:07 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 20:07 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 20:07 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 20:07 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 20:07 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 20:07 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 20:07 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 20:07 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 20:07 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 20:07 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 20:07 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 20:07 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 20:07 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 20:07 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 20:07 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-10 20:07 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-10 20:07 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 20:07 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-10 20:07 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-10 20:07 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-10 20:07 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-10 20:07 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-10 20:07 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-10 20:07 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 20:07 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 20:07 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 20:07 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 20:07 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 20:07 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-10 20:07 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-10 20:07 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-10 20:07 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 20:07 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-10 20:07 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-10 20:07 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-10 20:07 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 20:07 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 20:07 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-10 20:07 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-10 20:07 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-10 20:07 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-10 20:07 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 20:07 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 20:07 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 20:07 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-10 20:07 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-10 20:07 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 20:07 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 20:07 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-10 20:04 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 20:04 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\Documents\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\.mono 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\ProgramData\.mono 2015-03-09 18:57 - 2015-03-09 18:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2015-03-09 18:15 - 2015-03-09 18:15 - 00000000 ____D () C:\ProgramData\FlyVPN 2015-03-06 05:41 - 2015-03-06 05:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 05:04 - 2015-03-05 05:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XBCD 2015-03-05 05:02 - 2015-03-03 13:31 - 00007674 _____ () C:\Users\Steffen\Desktop\x360ce.tmp 2015-03-05 05:02 - 2013-04-26 00:49 - 01253376 _____ (TocaEdit) C:\Users\Steffen\Desktop\x360ce.exe 2015-03-03 22:54 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 22:54 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 22:54 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 22:54 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-03 13:58 - 2015-03-03 14:01 - 00000000 ____D () C:\Users\Steffen\Documents\GuacameleeSTCE 2015-03-03 13:56 - 2015-03-03 13:56 - 00002389 _____ () C:\Users\Public\Desktop\Guacamelee Super Turbo Championship Edition.lnk 2015-03-03 13:56 - 2015-03-03 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrinkBox Studios 2015-03-03 13:56 - 2015-03-03 13:56 - 00000000 ____D () C:\Program Files (x86)\DrinkBox Studios 2015-03-03 13:24 - 2015-03-05 05:04 - 00007464 _____ () C:\Users\Steffen\Desktop\x360ce.ini 2015-03-03 13:24 - 2015-03-03 13:24 - 00099432 _____ (hxxp://x360ce.googlecode.com) C:\Users\Steffen\Desktop\xinput1_3.dll 2015-02-27 22:26 - 2015-02-27 22:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files\iTunes 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files\iPod 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-26 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-26 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 23:05 - 2015-02-20 23:05 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\OpenOffice 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-02-20 23:04 - 2015-02-20 23:04 - 00000000 ____D () C:\Users\Steffen\Desktop\OpenOffice 4.1.1 (de) Installation Files ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 22:17 - 2014-11-21 13:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\TS3Client 2015-03-19 22:15 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2015-03-19 22:15 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2015-03-19 22:15 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-19 22:14 - 2014-11-21 13:09 - 01465513 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 22:11 - 2015-01-22 22:19 - 00008023 _____ () C:\Windows\setupact.log 2015-03-19 22:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 22:10 - 2014-12-17 13:05 - 00000000 ____D () C:\AdwCleaner 2015-03-19 21:50 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-19 21:50 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-19 21:42 - 2014-11-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-19 21:22 - 2014-11-21 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 02:51 - 2015-02-05 13:11 - 00147724 _____ () C:\Windows\PFRO.log 2015-03-19 02:50 - 2015-01-29 20:43 - 00140712 _____ () C:\Windows\DirectX.log 2015-03-18 03:16 - 2014-11-21 13:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-18 01:17 - 2014-11-21 13:09 - 00000000 ____D () C:\Users\Steffen 2015-03-18 00:40 - 2015-02-10 18:03 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Apps\2.0 2015-03-18 00:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-17 23:59 - 2014-11-21 13:34 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Battle.net 2015-03-17 23:44 - 2014-11-26 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-03-17 19:27 - 2015-02-04 12:39 - 00000000 ____D () C:\ProgramData\Origin 2015-03-17 16:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-03-17 14:16 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-17 13:23 - 2014-11-21 13:21 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-17 13:23 - 2014-11-21 13:21 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-17 13:23 - 2014-11-21 13:09 - 00000999 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-15 03:05 - 2015-02-04 14:19 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-15 03:05 - 2015-02-04 14:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-03-15 03:00 - 2015-02-04 14:50 - 00000000 ____D () C:\Users\Steffen\AppData\Local\PunkBuster 2015-03-15 03:00 - 2015-02-04 14:19 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-14 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-14 14:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-14 01:44 - 2015-02-04 12:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Origin 2015-03-12 23:27 - 2015-02-04 12:40 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Origin 2015-03-11 15:20 - 2009-07-14 05:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 05:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 05:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 03:02 - 2014-11-23 14:56 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 03:01 - 2014-11-23 14:56 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-09 15:46 - 2015-01-29 20:41 - 00000000 ____D () C:\Users\Steffen\Documents\888poker 2015-03-09 13:10 - 2014-11-21 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-04 04:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-02 01:16 - 2015-02-10 18:03 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Deployment 2015-02-27 22:26 - 2015-01-05 16:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-27 16:45 - 2015-01-09 11:45 - 00000072 _____ () C:\Users\Public\LMDebug.log 2015-02-27 13:14 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-27 02:07 - 2014-11-21 14:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2015-02-27 00:22 - 2014-11-21 13:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-21 13:27 - 2014-11-21 13:35 - 00064024 _____ () C:\Users\Steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-17 23:35 - 2014-12-23 23:21 - 00000000 ____D () C:\Users\Steffen\Documents\Heroes of the Storm Some content of TEMP: ==================== C:\Users\Steffen\AppData\Local\Temp\avgnt.exe C:\Users\Steffen\AppData\Local\Temp\Quarantine.exe C:\Users\Steffen\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 00:16 ==================== End Of Log ============================ --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Steffen at 2015-03-19 22:17:38
Running from C:\Users\Steffen\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
888poker (HKLM-x32\...\888poker) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{B7908254-D208-7C46-8201-7EBC1BFF8D12}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-Bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.12.5.0 - Asmedia Technology)
Avira (HKLM-x32\...\{bd538030-07d4-4999-a525-7fafa2483f56}) (Version: 1.1.30.21727 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.30.21727 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.656 - Avira)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order)
Counter-Strike 1.6 (HKLM-x32\...\{13B792AA-C078-43A4-8A3A-8B12D629940D}) (Version: 1.00.0000 - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - Trendy Entertainment)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Guacamelee Super Turbo Championship Edition (HKLM-x32\...\Guacamelee Super Turbo Championship Edition_is1) (Version: - )
H1Z1 (HKLM-x32\...\Steam App 295110) (Version: - Sony Online Entertainment)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
HOTSLogsUploader (HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\99a83d131490dc73) (Version: 1.0.0.11 - HOTSLogsUploader)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
InfiniteCrisis_683AC0898F33 (HKLM-x32\...\InfiniteCrisis_683AC0898F33) (Version: - Turbine, Inc)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Lara Croft and the Temple of Osiris MULTi2 1.0 (HKLM-x32\...\Lara Croft and the Temple of Osiris MULTi2 1.0) (Version: - )
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{3c3aafc8-d898-43ec-998f-965ffdae065a}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.5.2850 - Electronic Arts, Inc.)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.46.610.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6402 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 Platinum (HKLM-x32\...\GOGPACKRCT3_is1) (Version: 2.0.0.13 - GOG.com)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version: - Yacht Club Games)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab Detection (HKLM-x32\...\{05423D30-D8E9-415D-9E73-98B9229B8933}) (Version: 6.1.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
19-03-2015 02:49:46 DirectX wurde installiert
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2015-03-17 16:51 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {013E7E85-1AE3-4665-91EC-A7F34738D5C5} - System32\Tasks\{AE2D2A6F-3B4F-4082-9D29-91875379AAF0} => I:\cs\hl.exe [2003-12-12] (Valve)
Task: {22C488CD-C1E0-4057-8E84-3FF18B567502} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {6908E65A-AAED-4CAF-A98A-7C578370F074} - System32\Tasks\{3BB587CC-4B37-41D1-A57E-3369B91C13A0} => I:\rollercoaster tycoon\RollerCoaster Tycoon 3 Platinum\RCT3plus.exe [2012-03-19] (Frontier Developments Ltd)
Task: {789E41DB-2AA7-4521-B14A-1ABF3D27E333} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {85ACD9B1-5AD8-4050-A7D4-DACABD3D2695} - System32\Tasks\Tempo Runner bzdap => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [] ()
Task: {8E20B3FB-9C98-4202-BB03-EEC9BB052D7B} - System32\Tasks\Tempo Runner bz32 => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [] ()
Task: {9ACDE60C-7617-46D0-A1AC-48FB6D1C4EF5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Tempo Runner bzdap.job => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe3/dgad C:\ProgramData\bobyzoom\1.1.0.30\bzdap.exe
==================== Loaded Modules (whitelisted) ==============
2011-06-22 07:42 - 2011-06-22 07:42 - 00034304 _____ () C:\Windows\System32\ssp4ml6.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-02-04 14:19 - 2015-03-15 03:05 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-03-19 18:00 - 2015-03-19 18:00 - 00122368 _____ () C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsu2363.tmp
2013-06-05 15:51 - 2013-06-05 15:51 - 00430080 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingNet4.dll
2013-06-05 15:51 - 2013-06-05 15:51 - 00032768 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\BrandingResourcesNet4.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1305335866-915348114-1239377049-500 - Administrator - Disabled)
Gast (S-1-5-21-1305335866-915348114-1239377049-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1305335866-915348114-1239377049-1002 - Limited - Enabled)
Steffen (S-1-5-21-1305335866-915348114-1239377049-1000 - Administrator - Enabled) => C:\Users\Steffen
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2500K CPU @ 3.30GHz
Percentage of memory in use: 22%
Total physical RAM: 8159.13 MB
Available physical RAM: 6344.35 MB
Total Pagefile: 16316.44 MB
Available Pagefile: 14284.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:111.79 GB) (Free:14.03 GB) NTFS
Drive i: (Datenplatte) (Fixed) (Total:931.51 GB) (Free:497.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: B52F2D19)
Partition 1: (Not Active) - (Size=111.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7FFF51D4)
Partition 1: (Active) - (Size=931.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
19.03.2015, 22:33
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PSeMu3_setup.exe redirect virus im browser FRST-Fix Virenscanner jetzt bitte komplett deaktivieren, damit sichergestellt ist, dass der Fix sauber durchläuft! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\S-1-5-21-1305335866-915348114-1239377049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 bobyzoom; C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [0 ] () <==== ATTENTION (zero size file/folder)
R2 bzwdg; C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe [0 ] () <==== ATTENTION (zero size file/folder)
R2 wygovexo; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsu2363.tmp [122368 2015-03-19] () [File not signed]
S2 pyzuwuzu; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs [X]
R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [26784 2015-03-17] () [File not signed]
R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [26272 2015-03-17] () [File not signed]
Task: {85ACD9B1-5AD8-4050-A7D4-DACABD3D2695} - System32\Tasks\Tempo Runner bzdap => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [] ()
Task: {8E20B3FB-9C98-4202-BB03-EEC9BB052D7B} - System32\Tasks\Tempo Runner bz32 => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [] ()
C:\Windows\System32\Drivers\tammgF119.sys
C:\Windows\System32\Drivers\tammgR119.sys
C:\ProgramData\bobyzoom
C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8
C:\Users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8
C:\ProgramData\{ffb5672b-ba73-088b-ffb5-5672bba79cae}
EmptyTemp:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2015, 23:10
| #13 |
| | PSeMu3_setup.exe redirect virus im browser Habe das Gefühl nach dem Fix tritt der Fehler öfter auf und nach und nach lassen sich Progreamme nicht mehr öffnen bzw werden geschlossen mit der Fehlermeldung: *.exe wird nicht richtig ausgeführt.... Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Steffen at 2015-03-19 22:59:43 Run:1
Running from C:\Users\Steffen\Desktop
Loaded Profiles: Steffen (Available profiles: Steffen)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKU\S-1-5-21-1305335866-915348114-1239377049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
R2 bobyzoom; C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [0 ] () <==== ATTENTION (zero size file/folder)
R2 bzwdg; C:\ProgramData\bobyzoom\1.1.0.30\bzwdg.exe [0 ] () <==== ATTENTION (zero size file/folder)
R2 wygovexo; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsu2363.tmp [122368 2015-03-19] () [File not signed]
S2 pyzuwuzu; C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8\nsi8517.tmpfs [X]
R5 tammgF119; C:\Windows\System32\Drivers\tammgF119.sys [26784 2015-03-17] () [File not signed]
R5 tammgR119; C:\Windows\System32\Drivers\tammgR119.sys [26272 2015-03-17] () [File not signed]
Task: {85ACD9B1-5AD8-4050-A7D4-DACABD3D2695} - System32\Tasks\Tempo Runner bzdap => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [] ()
Task: {8E20B3FB-9C98-4202-BB03-EEC9BB052D7B} - System32\Tasks\Tempo Runner bz32 => C:\ProgramData\bobyzoom\1.1.0.30\bzagnt.exe [] ()
C:\Windows\System32\Drivers\tammgF119.sys
C:\Windows\System32\Drivers\tammgR119.sys
C:\ProgramData\bobyzoom
C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8
C:\Users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8
C:\ProgramData\{ffb5672b-ba73-088b-ffb5-5672bba79cae}
EmptyTemp:
*****************
"HKU\S-1-5-21-1305335866-915348114-1239377049-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
bobyzoom => Unable to stop service
bobyzoom => Service deleted successfully.
bzwdg => Unable to stop service
bzwdg => Service deleted successfully.
wygovexo => Service stopped successfully.
wygovexo => Service deleted successfully.
pyzuwuzu => Service deleted successfully.
tammgF119 => Unable to stop service
tammgF119 => Error deleting Service
tammgR119 => Unable to stop service
tammgR119 => Error deleting Service
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85ACD9B1-5AD8-4050-A7D4-DACABD3D2695} => Key not found.
C:\Windows\System32\Tasks\Tempo Runner bzdap not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner bzdap => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E20B3FB-9C98-4202-BB03-EEC9BB052D7B} => Key not found.
C:\Windows\System32\Tasks\Tempo Runner bz32 not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tempo Runner bz32 => Key not found.
Could not move "C:\Windows\System32\Drivers\tammgF119.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\tammgR119.sys" => Scheduled to move on reboot.
"C:\ProgramData\bobyzoom" directory move:
Could not move "C:\ProgramData\bobyzoom" directory. => Scheduled to move on reboot.
C:\Users\Steffen\AppData\Roaming\1E00E6C0-1426594706-4D00-3561-F46D0465EFD8 => Moved successfully.
C:\Users\Steffen\AppData\Local\1E00E6C0-1426598509-4D00-3561-F46D0465EFD8 => Moved successfully.
C:\ProgramData\{ffb5672b-ba73-088b-ffb5-5672bba79cae} => Moved successfully.
EmptyTemp: => Removed 10.6 GB temporary data.
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-03-19 23:02:06)<=
C:\Windows\System32\Drivers\tammgF119.sys => Is moved successfully.
C:\Windows\System32\Drivers\tammgR119.sys => Is moved successfully.
C:\ProgramData\bobyzoom => Is moved successfully.
==== End of Fixlog 23:02:06 ====
|
|
19.03.2015, 23:21
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PSeMu3_setup.exe redirect virus im browser Welcher Fehler tritt jetzt ÖFTER auf? NACH dem Fix? Bitte mal neue FRST Logs posten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.03.2015, 23:29
| #15 |
| | PSeMu3_setup.exe redirect virus im browser Der Redirect im Firefox auf stamplive.com wird jetzt fast bei jedem klick ausgeführt. Außerdem werden Seiten z.B. eure nicht richtig angezeigt und dadurch echt schwer zu navigieren. Habe extra Addblocker ausgemacht um euch wenigstens ein bisschen zu unterstützen aber ich kann kaum noch navigieren , da alles voller werbung ist. Addition.txt wurde mir nicht ausgegeben FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015 Ran by Steffen (administrator) on STEFFEN-PC on 19-03-2015 23:26:09 Running from C:\Users\Steffen\Desktop Loaded Profiles: Steffen (Available profiles: Steffen) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126712 2015-01-19] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [704512 2015-03-19] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-08-30] (AMD) HKU\S-1-5-21-1305335866-915348114-1239377049-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1305335866-915348114-1239377049-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] () FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB) FF Extension: Avira Browser Safety - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\abs@avira.com [2015-03-18] FF Extension: BobyZoom - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\bbz@bobyzoom.com [2015-03-19] FF Extension: Adblock Plus - C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\inyfbn60.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21] Chrome: ======= CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-19] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [182520 2015-01-19] (Avira Operations GmbH & Co. KG) S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [174624 2015-01-17] (EasyAntiCheat Ltd) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 Origin Client Service; I:\origins\Origin\OriginClientService.exe [1910640 2015-03-12] (Electronic Arts) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-03-15] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-25] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-19] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 catchme; \??\C:\ComboFix\catchme.sys [X] R1 tammgF119; \??\C:\Windows\system32\Drivers\tammgF119.sys [X] R1 tammgR119; \??\C:\Windows\system32\Drivers\tammgR119.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 23:00 - 2015-03-19 23:00 - 00002746 _____ () C:\Windows\System32\Tasks\Tempo Runner bz32 2015-03-19 23:00 - 2015-03-19 23:00 - 00000412 _____ () C:\Windows\Tasks\Tempo Runner bz32.job 2015-03-19 22:17 - 2015-03-19 23:26 - 00009162 _____ () C:\Users\Steffen\Desktop\FRST.txt 2015-03-19 22:16 - 2015-03-19 22:16 - 02095616 _____ (Farbar) C:\Users\Steffen\Downloads\FRST64.exe 2015-03-19 22:16 - 2015-03-19 22:16 - 02095616 _____ (Farbar) C:\Users\Steffen\Desktop\FRST64.exe 2015-03-19 22:15 - 2015-03-19 22:15 - 00001114 _____ () C:\Users\Steffen\Desktop\JRT.txt 2015-03-19 22:07 - 2015-03-19 22:07 - 02171392 _____ () C:\Users\Steffen\Desktop\AdwCleaner_4.112.exe 2015-03-19 22:07 - 2015-03-19 22:07 - 01388672 _____ (Thisisu) C:\Users\Steffen\Desktop\JRT.exe 2015-03-19 01:13 - 2015-03-19 01:13 - 03889192 _____ () C:\Users\Steffen\Downloads\PSX.zip 2015-03-19 01:01 - 2015-03-19 01:16 - 2409920380 _____ () C:\Users\Steffen\Downloads\SSX 3 (Europe) (En,Fr,De,Es) (v2.00).7z 2015-03-19 00:15 - 2015-03-19 00:58 - 2070017958 _____ () C:\Users\Steffen\Downloads\God of War II (Europe, Australia) (En,Fr,De,Es,It,Ru).7z 2015-03-18 03:24 - 2015-03-18 03:18 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2015-03-18 03:18 - 2015-03-18 03:18 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Avira 2015-03-18 03:17 - 2015-02-25 17:53 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2015-03-18 03:17 - 2015-02-25 17:53 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2015-03-18 03:17 - 2015-02-25 17:53 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2015-03-18 03:16 - 2015-03-18 03:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2015-03-18 03:16 - 2015-03-18 03:17 - 00000000 ____D () C:\ProgramData\Avira 2015-03-18 03:16 - 2015-03-18 03:17 - 00000000 ____D () C:\Program Files (x86)\Avira 2015-03-18 03:16 - 2015-03-18 03:16 - 00001137 _____ () C:\Users\Public\Desktop\Avira.lnk 2015-03-18 01:04 - 2015-03-19 23:26 - 00000000 ____D () C:\FRST 2015-03-18 00:40 - 2015-03-18 00:40 - 00017014 _____ () C:\ComboFix.txt 2015-03-17 16:47 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe 2015-03-17 16:47 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe 2015-03-17 16:47 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe 2015-03-17 16:47 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe 2015-03-17 16:46 - 2015-03-18 00:40 - 00000000 ____D () C:\Qoobox 2015-03-17 16:46 - 2015-03-17 16:52 - 00000000 ____D () C:\Windows\erdnt 2015-03-17 16:45 - 2015-03-17 16:45 - 05615380 ____R (Swearware) C:\Users\Steffen\Desktop\ComboFix.exe 2015-03-17 14:30 - 2015-03-17 14:30 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-03-17 14:18 - 2015-03-19 23:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 14:18 - 2015-03-17 14:18 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-03-17 14:18 - 2015-03-17 14:18 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-03-17 14:18 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-03-17 14:18 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-03-17 14:18 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-03-17 14:14 - 2015-03-17 14:14 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steffen\Desktop\mbam-setup-2.0.4.1028.exe 2015-03-17 13:26 - 2015-03-17 13:26 - 00000000 ____D () C:\Windows\system32\appmgmt 2015-03-17 13:19 - 2015-03-17 13:39 - 00000000 ____D () C:\Program Files (x86)\Opera 2015-03-17 13:19 - 2015-03-17 13:37 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Opera Software 2015-03-17 13:19 - 2015-03-17 13:19 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Opera Software 2015-03-15 03:00 - 2015-03-15 03:05 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2015-03-15 02:57 - 2015-03-15 03:00 - 00000000 ____D () C:\Users\Steffen\Documents\Battlefield 3 2015-03-15 02:57 - 2015-03-15 02:57 - 00000000 ____D () C:\ProgramData\EA Core 2015-03-13 00:11 - 2015-03-13 00:11 - 00000000 ____D () C:\Users\Steffen\Documents\SimCity 2015-03-10 20:08 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2015-03-10 20:08 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2015-03-10 20:08 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2015-03-10 20:08 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2015-03-10 20:08 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2015-03-10 20:08 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2015-03-10 20:08 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-03-10 20:08 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-03-10 20:08 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys 2015-03-10 20:08 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-03-10 20:08 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-03-10 20:08 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-03-10 20:08 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-03-10 20:08 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2015-03-10 20:08 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe 2015-03-10 20:08 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe 2015-03-10 20:08 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll 2015-03-10 20:08 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-03-10 20:08 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll 2015-03-10 20:08 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys 2015-03-10 20:08 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-03-10 20:08 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-03-10 20:08 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-03-10 20:08 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-03-10 20:08 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-03-10 20:08 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-03-10 20:08 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe 2015-03-10 20:08 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe 2015-03-10 20:08 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll 2015-03-10 20:08 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-03-10 20:08 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2015-03-10 20:08 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-03-10 20:08 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-03-10 20:08 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll 2015-03-10 20:07 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-03-10 20:07 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-03-10 20:07 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-03-10 20:07 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-03-10 20:07 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-03-10 20:07 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-03-10 20:07 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-03-10 20:07 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-03-10 20:07 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-03-10 20:07 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-03-10 20:07 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-03-10 20:07 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-03-10 20:07 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-03-10 20:07 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-03-10 20:07 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-03-10 20:07 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-03-10 20:07 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-03-10 20:07 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-03-10 20:07 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-03-10 20:07 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-03-10 20:07 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-03-10 20:07 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-03-10 20:07 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-03-10 20:07 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-03-10 20:07 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-03-10 20:07 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-03-10 20:07 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-03-10 20:07 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-03-10 20:07 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-03-10 20:07 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-03-10 20:07 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-03-10 20:07 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-03-10 20:07 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-03-10 20:07 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-03-10 20:07 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-03-10 20:07 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-03-10 20:07 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-03-10 20:07 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-03-10 20:07 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-03-10 20:07 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-03-10 20:07 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-03-10 20:07 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-03-10 20:07 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-03-10 20:07 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-03-10 20:07 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-03-10 20:07 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-03-10 20:07 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-03-10 20:07 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-03-10 20:07 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-03-10 20:07 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-03-10 20:07 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-03-10 20:07 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-03-10 20:07 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-03-10 20:07 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-03-10 20:07 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-03-10 20:07 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-03-10 20:07 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-03-10 20:07 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-03-10 20:07 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-03-10 20:07 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-03-10 20:07 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-03-10 20:07 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-03-10 20:07 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-03-10 20:07 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-03-10 20:07 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-03-10 20:07 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-03-10 20:07 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-03-10 20:07 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-03-10 20:07 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-03-10 20:07 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-03-10 20:07 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-03-10 20:07 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-03-10 20:07 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2015-03-10 20:07 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll 2015-03-10 20:07 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-03-10 20:07 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll 2015-03-10 20:07 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys 2015-03-10 20:07 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll 2015-03-10 20:07 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll 2015-03-10 20:04 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2015-03-10 20:04 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\Documents\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\.mono 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Colossal Order 2015-03-10 19:28 - 2015-03-10 19:28 - 00000000 ____D () C:\ProgramData\.mono 2015-03-09 18:57 - 2015-03-09 18:57 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab 2015-03-09 18:15 - 2015-03-09 18:15 - 00000000 ____D () C:\ProgramData\FlyVPN 2015-03-06 05:41 - 2015-03-06 05:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-03-05 05:04 - 2015-03-05 05:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XBCD 2015-03-05 05:02 - 2015-03-03 13:31 - 00007674 _____ () C:\Users\Steffen\Desktop\x360ce.tmp 2015-03-05 05:02 - 2013-04-26 00:49 - 01253376 _____ (TocaEdit) C:\Users\Steffen\Desktop\x360ce.exe 2015-03-03 22:54 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll 2015-03-03 22:54 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll 2015-03-03 22:54 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll 2015-03-03 22:54 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll 2015-03-03 13:58 - 2015-03-03 14:01 - 00000000 ____D () C:\Users\Steffen\Documents\GuacameleeSTCE 2015-03-03 13:56 - 2015-03-03 13:56 - 00002389 _____ () C:\Users\Public\Desktop\Guacamelee Super Turbo Championship Edition.lnk 2015-03-03 13:56 - 2015-03-03 13:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DrinkBox Studios 2015-03-03 13:56 - 2015-03-03 13:56 - 00000000 ____D () C:\Program Files (x86)\DrinkBox Studios 2015-03-03 13:24 - 2015-03-05 05:04 - 00007464 _____ () C:\Users\Steffen\Desktop\x360ce.ini 2015-03-03 13:24 - 2015-03-03 13:24 - 00099432 _____ (hxxp://x360ce.googlecode.com) C:\Users\Steffen\Desktop\xinput1_3.dll 2015-02-27 22:26 - 2015-02-27 22:26 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files\iTunes 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files\iPod 2015-02-27 22:26 - 2015-02-27 22:26 - 00000000 ____D () C:\Program Files (x86)\iTunes 2015-02-26 03:00 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls 2015-02-26 03:00 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls 2015-02-20 23:05 - 2015-02-20 23:05 - 00001116 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\OpenOffice 2015-02-20 23:05 - 2015-02-20 23:05 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2015-02-20 23:04 - 2015-02-20 23:04 - 00000000 ____D () C:\Users\Steffen\Desktop\OpenOffice 4.1.1 (de) Installation Files ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-19 23:24 - 2014-11-21 13:48 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\TS3Client 2015-03-19 23:22 - 2014-11-21 13:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-03-19 23:08 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-03-19 23:08 - 2009-07-14 05:45 - 00031088 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-03-19 23:06 - 2011-04-12 08:43 - 00699090 _____ () C:\Windows\system32\perfh007.dat 2015-03-19 23:06 - 2011-04-12 08:43 - 00149230 _____ () C:\Windows\system32\perfc007.dat 2015-03-19 23:06 - 2009-07-14 06:13 - 01619272 _____ () C:\Windows\system32\PerfStringBackup.INI 2015-03-19 23:05 - 2014-11-21 13:09 - 01483157 _____ () C:\Windows\WindowsUpdate.log 2015-03-19 23:00 - 2015-01-22 22:19 - 00008247 _____ () C:\Windows\setupact.log 2015-03-19 23:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-03-19 22:10 - 2014-12-17 13:05 - 00000000 ____D () C:\AdwCleaner 2015-03-19 21:42 - 2014-11-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Steam 2015-03-19 02:51 - 2015-02-05 13:11 - 00147724 _____ () C:\Windows\PFRO.log 2015-03-19 02:50 - 2015-01-29 20:43 - 00140712 _____ () C:\Windows\DirectX.log 2015-03-18 03:16 - 2014-11-21 13:32 - 00000000 ____D () C:\ProgramData\Package Cache 2015-03-18 01:17 - 2014-11-21 13:09 - 00000000 ____D () C:\Users\Steffen 2015-03-18 00:40 - 2015-02-10 18:03 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Apps\2.0 2015-03-18 00:39 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini 2015-03-17 23:59 - 2014-11-21 13:34 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Battle.net 2015-03-17 23:44 - 2014-11-26 17:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2015-03-17 19:27 - 2015-02-04 12:39 - 00000000 ____D () C:\ProgramData\Origin 2015-03-17 16:53 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default 2015-03-17 14:16 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2015-03-17 13:23 - 2014-11-21 13:21 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-03-17 13:23 - 2014-11-21 13:21 - 00001049 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-03-17 13:23 - 2014-11-21 13:09 - 00000999 _____ () C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-03-15 03:05 - 2015-02-04 14:19 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2015-03-15 03:05 - 2015-02-04 14:19 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2015-03-15 03:00 - 2015-02-04 14:50 - 00000000 ____D () C:\Users\Steffen\AppData\Local\PunkBuster 2015-03-15 03:00 - 2015-02-04 14:19 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2015-03-14 22:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2015-03-14 14:58 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2015-03-14 01:44 - 2015-02-04 12:40 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Origin 2015-03-12 23:27 - 2015-02-04 12:40 - 00000000 ____D () C:\Users\Steffen\AppData\Roaming\Origin 2015-03-11 15:20 - 2009-07-14 05:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT 2015-03-11 05:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2015-03-11 05:13 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2015-03-11 03:02 - 2014-11-23 14:56 - 00000000 ____D () C:\Windows\system32\MRT 2015-03-11 03:01 - 2014-11-23 14:56 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-03-09 15:46 - 2015-01-29 20:41 - 00000000 ____D () C:\Users\Steffen\Documents\888poker 2015-03-09 13:10 - 2014-11-21 13:21 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-03-04 04:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing 2015-03-02 01:16 - 2015-02-10 18:03 - 00000000 ____D () C:\Users\Steffen\AppData\Local\Deployment 2015-02-27 22:26 - 2015-01-05 16:23 - 00000000 ____D () C:\Program Files\Common Files\Apple 2015-02-27 16:45 - 2015-01-09 11:45 - 00000072 _____ () C:\Users\Public\LMDebug.log 2015-02-27 13:14 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-02-27 02:07 - 2014-11-21 14:38 - 00000000 ____D () C:\Program Files (x86)\Hearthstone 2015-02-27 00:22 - 2014-11-21 13:34 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2015-02-24 03:17 - 2010-11-21 04:27 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-02-21 13:27 - 2014-11-21 13:35 - 00064024 _____ () C:\Users\Steffen\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-17 23:35 - 2014-12-23 23:21 - 00000000 ____D () C:\Users\Steffen\Documents\Heroes of the Storm Some content of TEMP: ==================== C:\Users\Steffen\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-03-15 00:16 ==================== End Of Log ============================ --- --- --- |
|
Linear-Darstellung
